High-Tech Santé Médecine Droit-Finances

Auto-Entrepreneur

Comment faire ?

Rechercher : dans
Par :

Virus: heur:trojan.win32.invader

Dernière réponse le 20 oct 2009 à 20:51:55 psy, le 4 fév 2009 à 20:37:53 
 Signaler ce message aux modérateurs

Je n'y connait rien en virus mais je crois que j'en ai plusieurs soit:
Virus:
heur:trojan.win32.invader
heur:trojann-dropper.script.generic

cheval de troie:

backdoor.win32.bifrose.ajwv
trojan.win32.agent.rzw
trojan-dropper.win32.agent.acvm
packed.win32.mondera.a
trojan-dropper.win32.agent.agfl
trojan-downloader.win32.suurch.ip

je suis très ennuyer car mon ordinateur est mon outil de travail et il est quasiment bloqué par ces processus.
je sui sous vista c un ordi portable packard bell
mon antivirus est kaspersky 2009
en fait je lavais désactivé et jai choppé ces virus.
je compte sur vous pour m'aiguiller je vous remercie d'avance.

Configuration: Windows Vista
Firefox 3.0.5

Posez votre question Répondre

1

ep44, le 4 fév 2009 à 20:43:30

Bonjour,

Pour commencer nous allons voir ce qui ce passe sur ton PC

1/
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.


2/
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe afin de lancer RSIT.
* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés C:\rsit

@+

C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

   
Répondre à ep44

2

psy, le 4 fév 2009 à 20:55:45

Et bien voila


Logfile of random's system information tool 1.05 (written by random/random)
Run by Rom@in at 2009-02-04 20:46:14
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 34 GB (32%) free of 106 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:00, on 04/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\Temp\winlognn.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Rom@in\Desktop\RSIT.exe
C:\Program Files\trend micro\Rom@in.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\hsfd83jfdg.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hsfd83jfdg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\Windows\Temp\winlognn.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\Windows\Temp\winlognn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hsfd83jfdg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
End of file - 5445 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie.job
C:\Windows\tasks\User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5BF49A2-94F3-42BD-F434-3604812C8955}]
C:\Windows\system32\hsfd83jfdg.dll - C:\Windows\system32\hsfd83jfdg.dll [2009-02-03 15000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4722688]
"jsf8uiw3jnjgffght"=C:\Windows\Temp\winlognn.exe [2009-02-03 15000]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 142848]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"jsf8uiw3jnjgffght"=C:\Windows\Temp\winlognn.exe [2009-02-03 15000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iaumkui]
c:\users\rom@in\appdata\local\iaumkui.exe iaumkui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hsfd83jfdg.dll [2009-02-03 15000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\Windows\system32\ssqqpNhI

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\wininit.exe"="C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1"
"C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f49e2de-de0e-11dc-8f46-001e8c53b5aa}]
shell\AutoRun\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
shell\open\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{855aaa2d-31fd-11dd-b641-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffc9fae-ef86-11dc-9a14-001e8c53b5aa}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a389e005-273d-11dd-afa4-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com


======File associations======

.js - open -
.vbs - open -

======List of files/folders created in the last 1 months======

2009-02-04 20:46:15 ----D---- C:\Program Files\trend micro
2009-02-04 20:46:14 ----D---- C:\rsit
2009-02-04 19:04:28 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-02-04 17:13:44 ----A---- C:\Windows\ntbtlog.txt
2009-02-04 13:34:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-02-04 13:34:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-04 13:33:01 ----D---- C:\Program Files\CCleaner
2009-02-04 13:31:54 ----D---- C:\Program Files\Lavasoft
2009-02-04 13:31:53 ----D---- C:\ProgramData\Lavasoft
2009-02-04 03:36:21 ----D---- C:\ProgramData\Windows Genuine Advantage
2009-02-04 02:38:39 ----D---- C:\kav
2009-02-04 02:17:42 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-03 23:08:45 ----A---- C:\Windows\system32\hs78k4rgf4d.dll
2009-02-03 23:03:25 ----A---- C:\Windows\system32\hsfd83jfdg.dll
2009-02-03 23:03:21 ----A---- C:\Windows\system32\ajsjfukj.dll
2009-02-03 22:07:32 ----D---- C:\Windows\system32\systeme34
2009-02-03 22:06:48 ----A---- C:\Windows\EBP_ComptesBancaires_2008_0_0_51.exe
2009-02-03 21:59:37 ----A---- C:\Windows\system32\MSVCP50.DLL
2009-02-03 21:58:11 ----D---- C:\Program Files\Common Files\Nero
2009-02-03 21:58:10 ----D---- C:\Users\Rom@in\AppData\Roaming\Nero
2009-02-03 21:58:02 ----D---- C:\ProgramData\Nero
2009-02-03 21:50:23 ----D---- C:\Windows\Nero Lite 9.2.6
2009-02-03 21:50:20 ----D---- C:\Program Files\Nero
2009-02-02 22:34:49 ----A---- C:\Windows\system32\75bda9d8-.txt
2009-02-02 21:54:28 ----D---- C:\Users\Rom@in\AppData\Roaming\ArchosLink
2009-02-02 21:44:34 ----D---- C:\Program Files\Archos
2009-02-02 12:00:17 ----D---- C:\Windows\Speeditup Free
2009-02-02 12:00:17 ----D---- C:\Program Files\Speeditup Free
2009-01-20 18:12:23 ----D---- C:\Program Files\Electronic Arts
2009-01-20 12:38:29 ----D---- C:\Users\Rom@in\AppData\Roaming\Red Alert 3
2009-01-14 17:35:49 ----D---- C:\Users\Rom@in\AppData\Roaming\Ubisoft
2009-01-07 11:15:31 ----D---- C:\Program Files\DivX

======List of files/folders modified in the last 1 months======

2009-02-04 20:46:20 ----D---- C:\Windows\Temp
2009-02-04 20:46:15 ----RD---- C:\Program Files
2009-02-04 20:44:21 ----D---- C:\ProgramData\Kaspersky Lab
2009-02-04 20:28:37 ----D---- C:\Windows
2009-02-04 20:28:37 ----AD---- C:\Windows\System32
2009-02-04 20:27:35 ----SHD---- C:\Windows\oem
2009-02-04 20:27:28 ----D---- C:\Windows\BisonCam
2009-02-04 20:27:23 ----D---- C:\Program Files\WinRAR
2009-02-04 20:27:22 ----D---- C:\Program Files\Total Video Converter
2009-02-04 20:27:21 ----D---- C:\Program Files\Steam
2009-02-04 20:27:20 ----D---- C:\Program Files\Screamer Radio
2009-02-04 20:27:19 ----D---- C:\Program Files\QuickTime
2009-02-04 20:27:17 ----D---- C:\Program Files\Opera
2009-02-04 20:20:41 ----D---- C:\Program Files\Mozilla Firefox
2009-02-04 20:09:19 ----D---- C:\Program Files\IviCam
2009-02-04 20:09:17 ----D---- C:\Program Files\HDReg
2009-02-04 20:09:01 ----D---- C:\Program Files\Almacom
2009-02-04 19:04:42 ----D---- C:\Windows\Tasks
2009-02-04 18:57:53 ----D---- C:\Windows\system32\catroot2
2009-02-04 18:57:34 ----D---- C:\Program Files\Windows Media Player
2009-02-04 18:56:21 ----D---- C:\Program Files\Activision 2
2009-02-04 18:47:16 ----HD---- C:\ProgramData
2009-02-04 18:39:18 ----SHD---- C:\Windows\Installer
2009-02-04 18:39:17 ----HD---- C:\Config.Msi
2009-02-04 18:36:08 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-04 18:36:08 ----D---- C:\Windows\system32\drivers
2009-02-04 17:17:39 ----D---- C:\Windows\system32\WDI
2009-02-04 15:26:20 ----D---- C:\Windows\system32\catroot
2009-02-04 15:26:20 ----D---- C:\Windows\inf
2009-02-04 15:26:14 ----SHD---- C:\System Volume Information
2009-02-04 15:25:15 ----D---- C:\Program Files\Kaspersky Lab
2009-02-04 14:33:55 ----D---- C:\Program Files\DAEMON Tools
2009-02-04 13:42:55 ----D---- C:\Windows\Debug
2009-02-04 13:32:34 ----D---- C:\Windows\system32\Tasks
2009-02-04 13:31:48 ----D---- C:\Windows\winsxs
2009-02-04 02:37:04 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-02-04 02:14:38 ----RD---- C:\Users
2009-02-03 23:05:00 ----SHD---- C:\$Recycle.Bin
2009-02-03 23:03:40 ----D---- C:\Windows\Prefetch
2009-02-03 22:55:32 ----D---- C:\Users\Rom@in\AppData\Roaming\LimeWire
2009-02-03 22:26:19 ----D---- C:\Users\Rom@in\AppData\Roaming\dvdcss
2009-02-03 21:59:58 ----RSD---- C:\Windows\Fonts
2009-02-03 21:59:36 ----D---- C:\Program Files\Common Files\Adobe
2009-02-03 21:59:36 ----D---- C:\Program Files\Adobe
2009-02-03 21:58:11 ----D---- C:\Program Files\Common Files
2009-02-03 20:59:33 ----D---- C:\Program Files\LimeWire
2009-02-03 19:49:48 ----D---- C:\ProgramData\2DBoy
2009-02-03 17:48:42 ----D---- C:\Program Files\JkDefrag
2009-02-02 16:42:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-02 12:58:18 ----D---- C:\Program Files\Google
2009-02-02 12:48:21 ----D---- C:\ProgramData\Google
2009-02-02 11:56:05 ----D---- C:\PerfLogs
2009-02-02 08:51:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-02 08:51:45 ----D---- C:\Program Files\Ubisoft
2009-01-29 12:55:27 ----D---- C:\Users\Rom@in\AppData\Roaming\Skype
2009-01-28 17:25:01 ----D---- C:\Users\Rom@in\AppData\Roaming\Hamachi
2009-01-27 22:30:19 ----D---- C:\Program Files\Common Files\Steam
2009-01-27 22:08:00 ----RSD---- C:\Windows\assembly
2009-01-27 21:33:04 ----D---- C:\Program Files\Activision
2009-01-20 17:19:48 ----D---- C:\ProgramData\Electronic Arts
2009-01-20 12:17:46 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-01-15 20:24:08 ----D---- C:\Program Files\Packard Bell
2009-01-15 20:21:06 ----D---- C:\Program Files\VirtualDJ
2009-01-15 20:20:52 ----D---- C:\Users\Rom@in\AppData\Roaming\Wallpaper
2009-01-15 20:20:33 ----D---- C:\Program Files\Windows Live
2009-01-15 12:39:10 ----D---- C:\Program Files\Windows Mail
2009-01-15 12:38:54 ----D---- C:\ProgramData\Microsoft Help
2009-01-14 17:35:49 ----D---- C:\ProgramData\Ubisoft
2009-01-12 01:32:24 ----D---- C:\ProgramData\ma-config.com
2009-01-12 01:32:24 ----D---- C:\Program Files\ma-config.com
2009-01-10 02:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-08 18:10:49 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-11-03 112144]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-02-04 224272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-11-05 670208]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-25 2609152]
R3 Cam5603D;USB2.0 350K WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-28 847536]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-23 50176]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
S3 atdq1fy3;atdq1fy3; C:\Windows\system32\drivers\atdq1fy3.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-11-05 25280]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-05-25 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-01-27 316664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-02-04 355584]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

-----------------EOF-----------------












info.txt logfile of random's system information tool 1.05 2009-02-04 20:47:03

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat 4.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player-->MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
ADSL Neuf-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NEUF_FR*
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x40c -removeonly
ATI PCI Express (3GIO) Filter Driver-->C:\Program Files\InstallShield Installation Information\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x040c -removeonly
Audiosurf Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12910
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Ciel Compta Evolution pour Windows-->C:\Windows\unin040c.exe -fC:\CIEL\WCPTA\DeIsL1.isu
Ciel Serveur-->C:\Windows\unin040c.exe -fC:\CIEL\CIELSERVEUR\DeIsL1.isu
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Favorit-->c:\users\rom@in\appdata\local\iaumkui.bat
Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR*
Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JkDefrag 3.26 Fr-->"C:\Program Files\JkDefrag\unins000.exe"
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Les Mensuels RF-->MsiExec.exe /I{343B2398-388C-4A07-AD57-B1EDBA0FBE3A}
LimeWire PRO 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Norton 360-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *N360_2007_FR*
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Packard Bell Demo-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PB_DEMO*
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
Skype 3.2.2.163-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Total Video Converter 2.52-->"C:\Program Files\Total Video Converter\unins000.exe"
Transfert ETEBAC Almacom (Version d'évaluation)-->C:\PROGRA~1\Almacom\UNWISE.EXE C:\PROGRA~1\Almacom\INSTALL.LOG
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
USB2.0 350K WebCam-->Rundll32.exe BisonRem.dll,WinMainRmv
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Zuma Deluxe! 1.0-->C:\Windows\iun6002.exe "C:\Users\Rom@in\Desktop\Games\zuma\irunin.ini"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Kaspersky Anti-Virus
AS: Avira AntiVir PersonalEdition (outdated)
AS: Windows Defender
AS: Kaspersky Anti-Virus

System event log

Computer Name: CRITT
Event Code: 7036
Message: Le service Lanceur des services Windows Media Center est entré dans l'état : arrêté.
Record Number: 144146
Source Name: Service Control Manager
Time Written: 20090204194517.000000-000
Event Type: Information
User:

Computer Name: CRITT
Event Code: 14204
Message: Le service ‘WMPNetworkSvc’ a démarré.
Record Number: 144147
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20090204194519.000000-000
Event Type: Information
User:

Computer Name: CRITT
Event Code: 7036
Message: Le service Service Partage réseau du Lecteur Windows Media est entré dans l'état : en cours d'exécution.
Record Number: 144148
Source Name: Service Control Manager
Time Written: 20090204194519.000000-000
Event Type: Information
User:

Computer Name: CRITT
Event Code: 14206
Message: Le serveur multimédia ‘CRITT : Rom@in :’ a été initialisé et partage son contenu avec les appareils multimédia en réseau.
Record Number: 144149
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20090204194521.000000-000
Event Type: Information
User:

Computer Name: CRITT
Event Code: 7036
Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : en cours d'exécution.
Record Number: 144150
Source Name: Service Control Manager
Time Written: 20090204194550.000000-000
Event Type: Information
User:

Application event log

Computer Name: CRITT
Event Code: 1003
Message: Le service Windows Search a été démarré.

Record Number: 55749
Source Name: Microsoft-Windows-Search
Time Written: 20090204194318.000000-000
Event Type: Information
User:

Computer Name: CRITT
Event Code: 1
Message: Le client des services de certification a démarré correctement.
Record Number: 55750
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090204194316.668164-000
Event Type: Information
User: AUTORITE NT\SYSTEM

Computer Name: CRITT
Event Code: 4101
Message: Licence Windows validée.
Record Number: 55751
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090204194324.000000-000
Event Type: Information
User:

Computer Name: CRITT
Event Code: 9003
Message: Le Gestionnaire de fenêtrage n’a pas pu démarrer, car un thème composé n’est pas en cours d’utilisation
Record Number: 55752
Source Name: Desktop Window Manager
Time Written: 20090204194324.000000-000
Event Type: Information
User:

Computer Name: CRITT
Event Code: 1
Message: Le client des services de certification a démarré correctement.
Record Number: 55753
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090204194325.466564-000
Event Type: Information
User: CRITT\Rom@in

Security event log

Computer Name: CRITT
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

Code d’erreur : 2
Record Number: 31560
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081019154459.102573-000
Event Type: Échec de l'audit
User:

Computer Name: CRITT
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

Code d’erreur : 2
Record Number: 31561
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081019154702.361173-000
Event Type: Échec de l'audit
User:

Computer Name: CRITT
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

Code d’erreur : 2
Record Number: 31562
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081019154702.761173-000
Event Type: Échec de l'audit
User:

Computer Name: CRITT
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : CRITT$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : Marie
Domaine du compte : CRITT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x328
Nom du processus : C:\Windows\System32\winlogon.exe

Informations sur le réseau :
Adresse du réseau : 127.0.0.1
Port : 0

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 31563
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081019155254.101173-000
Event Type: Succès de l'audit
User:

Computer Name: CRITT
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : CRITT$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 2

Nouvelle ouverture de session :
ID de sécurité : S-1-5-21-447368759-1341460547-2703254564-1002
Nom du compte : Marie
Domaine du compte : CRITT
ID d’ouverture de session : 0xac82b
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x328
Nom du processus : C:\Windows\System32\winlogon.exe

Informations sur le réseau :
Nom de la station de travail : CRITT
Adresse du réseau source : 127.0.0.1
Port source : 0

Informations détaillées sur l’authentification :
Processus d’ouverture de session : User32
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 31564
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081019155254.101173-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

   
Répondre à psy

3

ep44, le 4 fév 2009 à 21:09:22

Ok c'est partit !

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Déconnecte toi d'internet et ferme toutes tes applications.

* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,

* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.

* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\

* Attends que Combofix ait terminé, un rapport sera créé.

* réactive ton parefeu, ton antivirus, la garde de ton antispyware

* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt

* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.


@+ C’est généralement lorsque le disque dur plante qu’on se ren­d compte qu’on a oublié de le sauvegarder.

   
Répondre à ep44

4

psy, le 4 fév 2009 à 21:16:37

Heu deux secondes tu dit: copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
dc en fait je kan le raport est fini tu ve que je te le post com lotre?
en atendant ta reponse je fai la manip
merci pour ton aide

   
Répondre à psy

5

ep44, le 4 fév 2009 à 21:31:51

Oui lance le logiciel et poste le rapport, tout comme le premier sauf que celui-ci tu le trouveras dans C:\Combofix.txt C’est généralement lorsque le disque dur plante qu’on se ren­d compte qu’on a oublié de le sauvegarder.

   
Répondre à ep44

6

psy, le 4 fév 2009 à 21:33:35

Ok ben voila

je pense avoir fait comme il faut

ComboFix 09-02-04.01 - Rom@in 2009-02-04 21:18:43.1 - NTFSx86
Lancé depuis: C:\Users\Rom@in\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Users\Rom@in\AppData\Local\ecaacey.dat
C:\Users\Rom@in\AppData\Local\ecaacey_nav.dat
C:\Users\Rom@in\AppData\Local\ecaacey_navps.dat
C:\Users\Rom@in\AppData\Local\zviwjey.dat
C:\Users\Rom@in\AppData\Local\zviwjey_nav.dat
C:\Users\Rom@in\AppData\Local\zviwjey_navps.dat
C:\Users\Rom@in\AppData\Roaming\addons.dat
C:\Windows\system32\config\systemprofile\AppData\Roaming\add­ons.dat
C:\Windows\system32\hs78k4rgf4d.dll
C:\Windows\system32\hsfd83jfdg.dll
C:\Windows\system32\winspool.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-04 au 2009-02-04 ))))))))))))))))))))))))))))))))))))
.

2009-02-04 20:46 . 2009-02-04 20:47 <REP> d-------- C:\rsit
2009-02-04 20:46 . 2009-02-04 20:47 <REP> d-------- C:\Program Files\trend micro
2009-02-04 19:04 . 2009-02-04 19:04 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2009-02-04 17:48 . 2009-02-04 17:48 33,808 --a------ C:\Windows\System32\drivers\klbg.sys
2009-02-04 15:35 . 2009-02-04 21:25 557,088 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2009-02-04 15:35 . 2009-02-04 21:25 2,984 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2009-02-04 15:27 . 2009-02-04 17:48 101,287 --a------ C:\Windows\System32\drivers\klin.dat
2009-02-04 15:27 . 2009-02-04 17:48 89,601 --a------ C:\Windows\System32\drivers\klick.dat
2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2009-02-04 13:33 . 2009-02-04 13:33 <REP> d-------- C:\Program Files\CCleaner
2009-02-04 13:31 . 2009-02-04 13:32 <REP> d-------- C:\Users\All Users\Lavasoft
2009-02-04 13:31 . 2009-02-04 13:32 <REP> d-------- C:\ProgramData\Lavasoft
2009-02-04 13:31 . 2009-02-04 18:39 <REP> d-------- C:\Program Files\Lavasoft
2009-02-04 03:36 . 2009-02-04 03:36 <REP> d-------- C:\Users\All Users\Windows Genuine Advantage
2009-02-04 03:26 . 2009-02-04 21:22 7,807,008 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2009-02-04 03:26 . 2009-02-04 21:22 92,564 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2009-02-04 02:38 . 2009-02-04 02:38 <REP> d-------- C:\kav
2009-02-04 02:17 . 2009-02-04 02:17 <REP> d--hs---- C:\Users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-04 02:17 . 2009-02-04 02:17 <REP> d--hs---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-03 23:03 . 2009-02-03 23:03 68,096 --a------ C:\Windows\System32\ajsjfukj.dll
2009-02-03 23:03 . 2009-02-03 23:03 2 --a------ C:\2124311817
2009-02-03 22:07 . 2009-02-04 17:33 <REP> d-------- C:\Windows\System32\systeme34
2009-02-03 22:07 . 2009-02-04 18:55 412,902 -rahs---- C:\Windows\System32\winjpg.jpg
2009-02-03 22:06 . 2007-10-19 03:38 1,437,841 --a------ C:\Windows\EBP_ComptesBancaires_2008_0_0_51.exe
2009-02-03 21:59 . 1997-01-22 20:26 565,760 --a------ C:\Windows\System32\MSVCP50.DLL
2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- C:\Users\Rom@in\AppData\Roaming\Nero
2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- C:\Users\All Users\Nero
2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- C:\ProgramData\Nero
2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- C:\Program Files\Common Files\Nero
2009-02-03 21:50 . 2009-02-04 13:46 <REP> d-------- C:\Windows\Nero Lite 9.2.6
2009-02-03 21:50 . 2009-02-03 21:55 <REP> d-------- C:\Program Files\Nero
2009-02-02 21:54 . 2009-02-02 21:54 <REP> d-------- C:\Users\Rom@in\AppData\Roaming\ArchosLink
2009-02-02 21:44 . 2009-02-02 21:44 <REP> d-------- C:\Program Files\Archos
2009-02-02 12:00 . 2009-02-04 20:27 <REP> d-------- C:\Windows\Speeditup Free
2009-02-02 12:00 . 2009-02-02 12:03 <REP> d-------- C:\Program Files\Speeditup Free
2009-01-20 18:12 . 2009-01-20 18:12 <REP> d-------- C:\Program Files\Electronic Arts
2009-01-20 12:38 . 2009-01-20 13:27 <REP> d-------- C:\Users\Rom@in\AppData\Roaming\Red Alert 3
2009-01-20 11:48 . 2009-01-20 11:48 7,456 --a------ C:\Windows\System32\ealregsnapshot1.reg
2009-01-14 23:27 . 2008-12-16 03:42 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2009-01-14 17:35 . 2009-01-14 17:35 <REP> d-------- C:\Users\Rom@in\AppData\Roaming\Ubisoft
2009-01-13 23:47 . 2009-01-13 23:47 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-07 11:15 . 2009-01-07 11:15 <REP> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 20:26 --------- d-----w C:\ProgramData\Kaspersky Lab
2009-02-04 19:27 --------- d-----w C:\Program Files\Total Video Converter
2009-02-04 19:27 --------- d-----w C:\Program Files\Steam
2009-02-04 19:27 --------- d-----w C:\Program Files\Screamer Radio
2009-02-04 19:27 --------- d-----w C:\Program Files\QuickTime
2009-02-04 19:27 --------- d-----w C:\Program Files\Opera
2009-02-04 19:09 --------- d-----w C:\Program Files\IviCam
2009-02-04 19:09 --------- d-----w C:\Program Files\HDReg
2009-02-04 19:09 --------- d-----w C:\Program Files\Almacom
2009-02-04 17:56 --------- d-----w C:\Program Files\Activision 2
2009-02-04 14:25 --------- d-----w C:\Program Files\Kaspersky Lab
2009-02-04 13:33 --------- d-----w C:\Program Files\DAEMON Tools
2009-02-04 01:37 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2009-02-03 21:55 --------- d-----w C:\Users\Rom@in\AppData\Roaming\LimeWire
2009-02-03 21:26 --------- d-----w C:\Users\Rom@in\AppData\Roaming\dvdcss
2009-02-03 20:59 --------- d-----w C:\Program Files\Common Files\Adobe
2009-02-03 19:59 --------- d-----w C:\Program Files\LimeWire
2009-02-03 18:49 --------- d-----w C:\ProgramData\2DBoy
2009-02-03 16:48 --------- d-----w C:\Program Files\JkDefrag
2009-02-02 11:58 --------- d-----w C:\Program Files\Google
2009-02-02 07:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-02-02 07:51 --------- d-----w C:\Program Files\Ubisoft
2009-01-29 11:55 --------- d-----w C:\Users\Rom@in\AppData\Roaming\Skype
2009-01-28 16:25 --------- d-----w C:\Users\Rom@in\AppData\Roaming\Hamachi
2009-01-27 21:30 --------- d-----w C:\Program Files\Common Files\Steam
2009-01-27 20:33 --------- d-----w C:\Program Files\Activision
2009-01-27 20:08 22,328 ----a-w C:\Users\Rom@in\AppData\Roaming\PnkBstrK.sys
2009-01-20 16:19 --------- d-----w C:\ProgramData\Electronic Arts
2009-01-20 11:17 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2009-01-15 19:24 --------- d-----w C:\Program Files\Packard Bell
2009-01-15 19:21 --------- d-----w C:\Program Files\VirtualDJ
2009-01-15 19:20 --------- d-----w C:\Users\Rom@in\AppData\Roaming\Wallpaper
2009-01-15 19:20 --------- d-----w C:\Program Files\Windows Live
2009-01-15 11:39 --------- d-----w C:\Program Files\Windows Mail
2009-01-15 11:38 --------- d-----w C:\ProgramData\Microsoft Help
2009-01-14 16:35 --------- d-----w C:\ProgramData\Ubisoft
2009-01-12 00:32 --------- d-----w C:\ProgramData\ma-config.com
2009-01-12 00:32 --------- d-----w C:\Program Files\ma-config.com
2008-12-28 17:56 --------- d-----w C:\Program Files\HP
2008-12-28 17:55 --------- d-----w C:\ProgramData\HP
2008-12-28 16:09 --------- d-----w C:\ProgramData\WEBREG
2008-12-28 16:06 --------- d-----w C:\Users\Rom@in\AppData\Roaming\HP
2008-12-28 15:54 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-12-28 15:51 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-12-19 13:15 158,657,136 ----a-w C:\Users\Public\tom_clancy_s_rainbow_six_vegas_2_pack_de_trois_cartes_multi-langues_248150.exe
2008-12-19 13:13 95,700,424 ----a-w C:\Users\Public\tom_clancy_s_rainbow_six_vegas_2_patch_v1.03_multi-langues_247890.exe
2008-12-10 10:55 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2008-12-08 14:09 --------- d-----w C:\Users\Rom@in\AppData\Roaming\FileSubmit
2008-12-01 19:47 30,544 ----a-w C:\Windows\dirdib.drv
2008-12-01 19:47 30,464 ----a-w C:\Windows\macromix.dll
2008-11-24 18:25 302,352 ----a-w C:\Windows\System32\MSWNG300.DLL
2008-11-06 16:35 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-08-12 14:51 174 --sha-w C:\Program Files\desktop.ini
2008-08-26 01:00 48,591,904 --sha-w C:\Windows\System32\drivers\fidbox(180).dat
.

------- Sigcheck -------

2008-10-29 07:29 2944000 c42493a773ebb6a1e8d186a224bc4a21 C:\Windows\explorer.exe
2006-11-02 10:45 2940416 ac6816f454eb2a13ec1827c9f41e8aaf C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
2008-03-07 21:30 2940416 25178ba59d1c4bf07a49bd4f640b40d1 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
2008-10-29 07:20 2940416 20527022b54a2675948feef222ead5eb C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
2008-03-07 21:30 2940416 11dd113e63f57f0bb1ac009673db9a41 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
2008-10-28 03:15 2940416 033a1ebd8157d43b60be2c4c1e211bd5 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
2008-01-19 08:33 2944000 8e9d5fdf012f3bb26267267cd046da66 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
2008-10-29 07:29 2944000 c42493a773ebb6a1e8d186a224bc4a21 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
2008-10-30 04:59 2944512 25f1f13a14ca67c78a8c489889fff089 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

2006-11-02 10:45 25600 25abc30234606a14d35f0ac6ed07aa78 C:\Windows\System32\ctfmon.exe
2006-11-02 10:45 25600 25abc30234606a14d35f0ac6ed07aa78 C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

2008-01-19 08:33 41984 80926efb8623fbde9d7f58f6aa287e2b C:\Windows\System32\userinit.exe
2006-11-02 10:45 41472 53c515d9d909829e0bfe1de75965fdb9 C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
2008-01-19 08:33 41984 80926efb8623fbde9d7f58f6aa287e2b C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 142848]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 14:24 857648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 17:48 201992]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 12:26 4722688 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 10:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Steam"="c:\program files\steam\steam.exe" -silent
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"Skytel"=Skytel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{296BA58F-6BF0-46F7-B366-53F64AA89475}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3D0948E9-CC72-4220-9BD3-D4301BDC76AE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77E88F26-A7E4-44D3-A36B-6F8F4CD9944B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{404A384C-475E-4266-9642-F669E3F32E2E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{04AA1113-4B11-4A34-907F-F47CF4ACF163}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{13D72760-E5E8-4DDA-898A-131DC5BF04F7}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F9F36169-06AF-4F1D-A624-A561D3A1B158}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{299CF05E-ABB0-43CE-8057-2B54219600AD}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{C1760B7C-8041-49BC-A32C-EB3AE6D607A5}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{512D9052-1079-4ACC-98BF-90B7300C2330}"= UDP:C:\Program Files\IviCam\Ivicam.exe:Ivisible_Ivicam
"{07F6622C-F2D5-49EB-B4C0-6C8FF09AB474}"= TCP:C:\Program Files\IviCam\Ivicam.exe:Ivisible_Ivicam
"{8E25028B-0F7D-4F82-8D30-3D0288523415}"= UDP:C:\Program Files\IviCam\BackSurvey.exe:Ivisible_BackSurvey
"{55DDC04F-4EBB-4E9B-9D0E-68969C19C8F1}"= TCP:C:\Program Files\IviCam\BackSurvey.exe:Ivisible_BackSurvey
"{48B741E7-68D0-4E2A-B9E3-48E90BC77F38}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{F5A55FF4-75AE-46F5-8DD6-D5DDF4904F68}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{585DE286-A6C5-4A44-BDFB-EC806EB8F6A7}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{56D26A8E-1CE5-4F63-9925-A85303B0466C}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{4C274173-2090-4683-983C-ECF6BED7AB8E}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{18F3607F-71CB-4934-AD9D-4F98E40CB8C7}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"TCP Query User{0441FBB9-6621-4204-8199-6D0765984332}C:\\vdp\\vdp.exe"= UDP:C:\vdp\vdp.exe:Video surveillance PRO 2008
"UDP Query User{77FE77AD-3136-410E-8E83-AD7607726D8B}C:\\vdp\\vdp.exe"= TCP:C:\vdp\vdp.exe:Video surveillance PRO 2008
"TCP Query User{567DE03A-35DE-475F-8B23-8B084CB05530}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{99F07889-BA5C-4429-B7DB-230DC895A9BD}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{E59AFF37-0BCD-4F2C-B4DC-2080542F88E5}C:\\program files\\steam\\steamapps\\halflife666173\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\halflife666173\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{A71EDBCC-B42F-4258-8312-BBFC5A84C615}C:\\program files\\steam\\steamapps\\halflife666173\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\halflife666173\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{4EA5D000-2A6C-423B-9D15-838AC67F7E23}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{9355024F-7529-48A4-914F-931A0D48B67F}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"{9155BCFF-A2E5-4CC9-8FA6-4D11214AF60F}"= UDP:C:\Program Files\Activision 2\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4764B527-E00D-4510-8E84-C6940F51C02C}"= TCP:C:\Program Files\Activision 2\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C179472B-C2B9-4333-B612-44CCB916110D}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AB04E4D7-DD13-4AB1-97A0-05F45D46A63F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{FDFCBB91-73EC-45BA-8576-712D3191EDDE}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"UDP Query User{1C950941-F073-42AE-A202-841D7FE206E3}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"{F491972D-BBFA-49B3-804E-0C43F51F0824}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0FED9D4B-94E9-419A-8A70-C3B4054E54E0}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{81745D56-1089-462F-8C38-8758C602B407}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4C1E88F6-8B15-4E23-A84F-66F3A7000AFE}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{24A0481A-DB38-4339-A925-A9CB903A1885}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{C6B07663-0EEA-425C-9BF2-527CEE2848AF}"= UDP:C:\Program Files\Activision 2\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{D3330648-AB7D-4D86-A675-8378E4AF35EE}"= TCP:C:\Program Files\Activision 2\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{8DFF072C-EEAB-42D2-927B-0371F4316393}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{346A7F74-C406-4DFA-8B18-B823351681AF}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{99B51C32-39FA-4EC0-AC84-DE05DEBAA7D1}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
"UDP Query User{184DFEAB-7BE6-42C7-8DCE-FB0A7A6473F7}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
"{58D3EEF9-10F8-436A-9570-C5B460088D3C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8486DD2A-6D61-4711-BD3D-5AC3DB488B6E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F59D30FD-F887-449C-A5CA-0E9F425A1E53}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV
"{BC4E330F-FFE4-45C4-A270-F2ECCA3EE27B}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV
"TCP Query User{2DAC1BBE-AB3F-46B5-B460-3AB3509E19B6}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{9757B9E8-59C4-43CA-9910-E04C29E59FF7}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{4FA07E38-6E6B-43DB-A77E-78A278094D9E}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"UDP Query User{A01E1E06-E67D-44C9-8DDF-F976B0CB75D5}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"TCP Query User{7E54CE3D-5FEC-4C03-878A-08E37F812F66}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{FE652118-2888-4CD0-912B-C1A20E46F36D}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{7BAEF2ED-CB68-4E8F-B4A6-E9450297FB31}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C2697F73-09DD-466D-9508-592ABE29BD2A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{202AC6F1-B191-446F-BB76-C93A5D45DB5A}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{616CB04A-8736-42B3-8488-10C61F5F11E8}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{A8117A06-06EA-42D4-80E0-EAEC2E7CF2FB}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{91B5601C-14E9-4EFF-8A80-87E46D06A555}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{EBA9F7B1-4E5E-4CD1-8DAF-C332A6C53162}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{42751737-81D2-41A9-A6C6-0AA14834DE71}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{FDA8767E-CFCB-4891-B5A4-F4400B4DD3E6}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{A5AC40B7-3392-4F59-A378-97D98BAFE183}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{12449851-F88A-4082-9E83-2794AFFF0CA0}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{6538110C-4023-45A6-A1D7-0F134C6D5DDB}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{D7AC0BAD-164E-4108-9140-E486B765C8BC}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{D08F9BDF-EDED-4A64-B3E2-34044D41644C}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"{8A46F6C3-BD18-4CC5-8F69-B4F2AA297C7F}"= UDP:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{559562A2-0785-4453-A76F-2D0A06B5F4E1}"= TCP:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{31A54D79-8AB5-46FD-A725-FF64A0000DA6}"= UDP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{FAFFC9F1-8067-4CB8-829D-14C41A2AEF70}"= TCP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{344249D8-39AE-4F96-A5C9-F8E1B10D3EE1}"= UDP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{9E909346-9955-4251-B1E4-624E6DCADF4B}"= TCP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{FBEF6729-024B-45BE-920C-322DAC91DF5B}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
"UDP Query User{D20ACB91-0BFA-4C3B-BF1D-9A1F32304F5E}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
"TCP Query User{E0A413A1-97AD-433C-B06B-FC566464C2C9}C:\\program files\\steam\\steamapps\\halflife666173\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\halflife666173\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{20B5A22C-1A94-4B40-AA71-5CC5E42889E5}C:\\program files\\steam\\steamapps\\halflife666173\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\halflife666173\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{22F6876E-6DB5-4BC1-9F81-CE69DEF6DF1D}C:\\program files\\steam\\steamapps\\halflife666173\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\halflife666173\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{FE1903D5-02C6-46B5-BB9F-DA9D9CB564A0}C:\\program files\\steam\\steamapps\\halflife666173\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\halflife666173\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{4ABCC412-1A01-4AEE-B2CA-B9A5CD5F4989}C:\\program files\\activision\\call of duty - world at war\\codwaw1.exe"= UDP:C:\program files\activision\call of duty - world at war\codwaw1.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{ED6368AA-AEAE-4C7B-A985-8CC643B7F00D}C:\\program files\\activision\\call of duty - world at war\\codwaw1.exe"= TCP:C:\program files\activision\call of duty - world at war\codwaw1.exe:Call of Duty(R): World at War Campaign/Coop
"TCP Query User{71EF54F6-F9F0-4489-B0E7-60F0C307FD2F}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{C49F99DE-D7E0-42FD-A3E4-0612EC15E9F3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{7F38E253-393E-4B09-8961-DB9514428877}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"UDP Query User{4977E6F7-2C42-41EC-93BB-A61C745240A5}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"TCP Query User{BAF380F1-D89F-43F8-8AB8-AFDCF09ED456}C:\\kav\\kis7.0\\french\\setup.exe"= UDP:C:\kav\kis7.0\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"UDP Query User{AEA1AE11-DA82-4FA5-A5E5-544A45F77991}C:\\kav\\kis7.0\\french\\setup.exe"= TCP:C:\kav\kis7.0\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Windows\\system32\\wininit.exe"= C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1

R0 klbg;klbg;C:\Windows\system32\drivers\klbg.sys [2009-02-04 17:48 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10 20496]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - AFD
*Deregistered* - atapi
*Deregistered* - Beep
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - Compbatt
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - fastfat
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - Hardlock
*Deregistered* - HTTP
*Deregistered* - iScsiPrt
*Deregistered* - kl1
*Deregistered* - KLIF
*Deregistered* - KLIM6
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - pciide
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - RDPWD
*Deregistered* - rspndr
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - sptd
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - ssmdrv
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - TDTCP
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tssecsrv
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f49e2de-de0e-11dc-8f46-001e8c53b5aa}]
\shell\AutoRun\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\shell\open\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{855aaa2d-31fd-11dd-b641-001e8c53b5aa}]
\shell\AutoRun\command - 8ng8w.com
\shell\explore\Command - 8ng8w.com
\shell\open\Command - 8ng8w.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffc9fae-ef86-11dc-9a14-001e8c53b5aa}]
\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a389e005-273d-11dd-afa4-001e8c53b5aa}]
\shell\AutoRun\command - 8ng8w.com
\shell\explore\Command - 8ng8w.com
\shell\open\Command - 8ng8w.com
.
Contenu du dossier 'Tâches planifiées'

2009-02-04 C:\Windows\Tasks\Extension de garantie.job
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

2009-02-04 C:\Windows\Tasks\User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-jsf8uiw3jnjgffght - C:\Windows\Temp\winlognn.exe
HKU-Default-Run-jsf8uiw3jnjgffght - C:\Windows\TEMP\winlognn.exe
MSConfigStartUp-iaumkui - c:\users\rom@in\appdata\local\iaumkui.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\QTTask.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.freewebtown.com/alrefai/login.live.html
uInternet Settings,ProxyOverride = *.local
Trusted Zone: localhost
FF - ProfilePath - C:\Users\Rom@in\AppData\Roaming\Mozilla\Firefox\Profiles\ae1eae33.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.photo-trafic.com/session-du-jour.php
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files\Opera\program\plugins\npdivx32.dll
FF - plugin: C:\Program Files\Opera\program\plugins\nppdf32.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
.

   
Répondre à psy

7

ep44, le 4 fév 2009 à 22:06:25

1/ selectionne ceci


File::
C:\Windows\System32\ajsjfukj.dll
c:\windows\temp\winlognn.exe

Folder::
C:\2124311817
C:\Program Files\DaemonTools_WhenUSave_Installer


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.



2/ Ensuite fait analyser ces fichiers sur ce site => http://www.virustotal.com/fr/

C:\Users\Rom@in\AppData\Roaming\PnkBstrK.sys
C:\Windows\System32\systeme34


3/ Télécharge CCleaner
http://www.filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69




4/ Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le
=> Ensuite va en mode sans echec


Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport


@+ C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

   
Répondre à ep44

8

psy, le 4 fév 2009 à 22:32:45

Donc voila pour le début ensuite je continue a suivre tes informations en attendant merci beaucoup a toi



ComboFix 09-02-04.01 - Rom@in 2009-02-04 22:19:32.2 - NTFSx86
Lancé depuis: c:\users\Rom@in\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Rom@in\Desktop\CFScript.txt

FILE ::
c:\windows\System32\ajsjfukj.dll
c:\windows\temp\winlognn.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\2124311817\
c:\program files\DaemonTools_WhenUSave_Installer
c:\program files\DaemonTools_WhenUSave_Installer\vvsn.cfg
c:\windows\System32\ajsjfukj.dll
.
---- Exécution préalable -------
.
C:\Autorun.inf
c:\users\Rom@in\AppData\Local\ecaacey.dat
c:\users\Rom@in\AppData\Local\ecaacey_nav.dat
c:\users\Rom@in\AppData\Local\ecaacey_navps.dat
c:\users\Rom@in\AppData\Local\zviwjey.dat
c:\users\Rom@in\AppData\Local\zviwjey_nav.dat
c:\users\Rom@in\AppData\Local\zviwjey_navps.dat
c:\users\Rom@in\AppData\Roaming\addons.dat
c:\windows\system32\config\systemprofile\AppData\Roaming\add­ons.dat
c:\windows\system32\hs78k4rgf4d.dll
c:\windows\system32\hsfd83jfdg.dll
c:\windows\system32\winspool.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-04 au 2009-02-04 ))))))))))))))))))))))))))))))))))))
.

2009-02-04 20:46 . 2009-02-04 20:47 <REP> d-------- C:\rsit
2009-02-04 20:46 . 2009-02-04 20:47 <REP> d-------- c:\program files\trend micro
2009-02-04 19:04 . 2009-02-04 19:04 355,584 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-02-04 17:48 . 2009-02-04 17:48 33,808 --a------ c:\windows\System32\drivers\klbg.sys
2009-02-04 15:35 . 2009-02-04 22:24 573,472 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2009-02-04 15:35 . 2009-02-04 22:23 3,012 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2009-02-04 15:27 . 2009-02-04 17:48 101,287 --a------ c:\windows\System32\drivers\klin.dat
2009-02-04 15:27 . 2009-02-04 17:48 89,601 --a------ c:\windows\System32\drivers\klick.dat
2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-04 13:33 . 2009-02-04 13:33 <REP> d-------- c:\program files\CCleaner
2009-02-04 13:31 . 2009-02-04 13:32 <REP> d-------- c:\users\All Users\Lavasoft
2009-02-04 13:31 . 2009-02-04 13:32 <REP> d-------- c:\programdata\Lavasoft
2009-02-04 13:31 . 2009-02-04 18:39 <REP> d-------- c:\program files\Lavasoft
2009-02-04 03:36 . 2009-02-04 03:36 <REP> d-------- c:\users\All Users\Windows Genuine Advantage
2009-02-04 03:26 . 2009-02-04 21:22 7,807,008 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-02-04 03:26 . 2009-02-04 21:22 92,564 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-02-04 02:38 . 2009-02-04 02:38 <REP> d-------- C:\kav
2009-02-04 02:17 . 2009-02-04 02:17 <REP> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-04 02:17 . 2009-02-04 02:17 <REP> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-03 23:03 . 2009-02-03 23:03 2 --a------ C:\2124311817
2009-02-03 22:07 . 2009-02-04 17:33 <REP> d-------- c:\windows\System32\systeme34
2009-02-03 22:07 . 2009-02-04 18:55 412,902 -rahs---- c:\windows\System32\winjpg.jpg
2009-02-03 22:06 . 2007-10-19 03:38 1,437,841 --a------ c:\windows\EBP_ComptesBancaires_2008_0_0_51.exe
2009-02-03 21:59 . 1997-01-22 20:26 565,760 --a------ c:\windows\System32\MSVCP50.DLL
2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- c:\users\Rom@in\AppData\Roaming\Nero
2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- c:\users\All Users\Nero
2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- c:\programdata\Nero
2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- c:\program files\Common Files\Nero
2009-02-03 21:50 . 2009-02-04 13:46 <REP> d-------- c:\windows\Nero Lite 9.2.6
2009-02-03 21:50 . 2009-02-03 21:55 <REP> d-------- c:\program files\Nero
2009-02-02 21:54 . 2009-02-02 21:54 <REP> d-------- c:\users\Rom@in\AppData\Roaming\ArchosLink
2009-02-02 21:44 . 2009-02-02 21:44 <REP> d-------- c:\program files\Archos
2009-02-02 12:00 . 2009-02-04 20:27 <REP> d-------- c:\windows\Speeditup Free
2009-02-02 12:00 . 2009-02-02 12:03 <REP> d-------- c:\program files\Speeditup Free
2009-01-20 18:12 . 2009-01-20 18:12 <REP> d-------- c:\program files\Electronic Arts
2009-01-20 12:38 . 2009-01-20 13:27 <REP> d-------- c:\users\Rom@in\AppData\Roaming\Red Alert 3
2009-01-20 11:48 . 2009-01-20 11:48 7,456 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-01-14 23:27 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 17:35 . 2009-01-14 17:35 <REP> d-------- c:\users\Rom@in\AppData\Roaming\Ubisoft
2009-01-13 23:47 . 2009-01-13 23:47 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-07 11:15 . 2009-01-07 11:15 <REP> d-------- c:\program files\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 20:54 --------- d-----w c:\program files\Total Video Converter
2009-02-04 20:53 --------- d-----w c:\program files\Screamer Radio
2009-02-04 20:30 --------- d-----w c:\programdata\Kaspersky Lab
2009-02-04 19:27 --------- d-----w c:\program files\Steam
2009-02-04 19:27 --------- d-----w c:\program files\QuickTime
2009-02-04 19:27 --------- d-----w c:\program files\Opera
2009-02-04 19:09 --------- d-----w c:\program files\IviCam
2009-02-04 19:09 --------- d-----w c:\program files\HDReg
2009-02-04 19:09 --------- d-----w c:\program files\Almacom
2009-02-04 17:56 --------- d-----w c:\program files\Activision 2
2009-02-04 14:25 --------- d-----w c:\program files\Kaspersky Lab
2009-02-04 13:33 --------- d-----w c:\program files\DAEMON Tools
2009-02-04 01:37 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
2009-02-03 21:55 --------- d-----w c:\users\Rom@in\AppData\Roaming\LimeWire
2009-02-03 21:26 --------- d-----w c:\users\Rom@in\AppData\Roaming\dvdcss
2009-02-03 20:59 --------- d-----w c:\program files\Common Files\Adobe
2009-02-03 19:59 --------- d-----w c:\program files\LimeWire
2009-02-03 18:49 --------- d-----w c:\programdata\2DBoy
2009-02-03 16:48 --------- d-----w c:\program files\JkDefrag
2009-02-02 11:58 --------- d-----w c:\program files\Google
2009-02-02 07:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-02 07:51 --------- d-----w c:\program files\Ubisoft
2009-01-29 11:55 --------- d-----w c:\users\Rom@in\AppData\Roaming\Skype
2009-01-28 16:25 --------- d-----w c:\users\Rom@in\AppData\Roaming\Hamachi
2009-01-27 21:30 --------- d-----w c:\program files\Common Files\Steam
2009-01-27 20:33 --------- d-----w c:\program files\Activision
2009-01-27 20:08 22,328 ----a-w c:\users\Rom@in\AppData\Roaming\PnkBstrK.sys
2009-01-20 16:19 --------- d-----w c:\programdata\Electronic Arts
2009-01-20 11:17 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2009-01-15 19:24 --------- d-----w c:\program files\Packard Bell
2009-01-15 19:21 --------- d-----w c:\program files\VirtualDJ
2009-01-15 19:20 --------- d-----w c:\users\Rom@in\AppData\Roaming\Wallpaper
2009-01-15 19:20 --------- d-----w c:\program files\Windows Live
2009-01-15 11:39 --------- d-----w c:\program files\Windows Mail
2009-01-15 11:38 --------- d-----w c:\programdata\Microsoft Help
2009-01-14 16:35 --------- d-----w c:\programdata\Ubisoft
2009-01-12 00:32 --------- d-----w c:\programdata\ma-config.com
2009-01-12 00:32 --------- d-----w c:\program files\ma-config.com
2008-12-28 17:56 --------- d-----w c:\program files\HP
2008-12-28 17:55 --------- d-----w c:\programdata\HP
2008-12-28 16:09 --------- d-----w c:\programdata\WEBREG
2008-12-28 16:06 --------- d-----w c:\users\Rom@in\AppData\Roaming\HP
2008-12-28 15:54 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-12-28 15:51 --------- d-----w c:\programdata\Hewlett-Packard
2008-12-19 13:15 158,657,136 ----a-w c:\users\Public\tom_clancy_s_rainbow_six_vegas_2_pack_de_trois_cartes_multi-langues_248150.exe
2008-12-19 13:13 95,700,424 ----a-w c:\users\Public\tom_clancy_s_rainbow_six_vegas_2_patch_v1.03_multi-langues_247890.exe
2008-12-08 14:09 --------- d-----w c:\users\Rom@in\AppData\Roaming\FileSubmit
2008-12-01 19:47 30,544 ----a-w c:\windows\dirdib.drv
2008-12-01 19:47 30,464 ----a-w c:\windows\macromix.dll
2008-11-24 18:25 302,352 ----a-w c:\windows\System32\MSWNG300.DLL
2008-11-06 16:35 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-08-12 14:51 174 --sha-w c:\program files\desktop.ini
2008-08-26 01:00 48,591,904 --sha-w c:\windows\System32\drivers\fidbox(180).dat
.

------- Sigcheck -------

2008-10-29 07:29 2944000 c42493a773ebb6a1e8d186a224bc4a21 c:\windows\explorer.exe
2006-11-02 10:45 2940416 ac6816f454eb2a13ec1827c9f41e8aaf c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
2008-03-07 21:30 2940416 25178ba59d1c4bf07a49bd4f640b40d1 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
2008-10-29 07:20 2940416 20527022b54a2675948feef222ead5eb c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
2008-03-07 21:30 2940416 11dd113e63f57f0bb1ac009673db9a41 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
2008-10-28 03:15 2940416 033a1ebd8157d43b60be2c4c1e211bd5 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
2008-01-19 08:33 2944000 8e9d5fdf012f3bb26267267cd046da66 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
2008-10-29 07:29 2944000 c42493a773ebb6a1e8d186a224bc4a21 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
2008-10-30 04:59 2944512 25f1f13a14ca67c78a8c489889fff089 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

2006-11-02 10:45 25600 25abc30234606a14d35f0ac6ed07aa78 c:\windows\System32\ctfmon.exe
2006-11-02 10:45 25600 25abc30234606a14d35f0ac6ed07aa78 c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

2008-01-19 08:33 41984 80926efb8623fbde9d7f58f6aa287e2b c:\windows\System32\userinit.exe
2006-11-02 10:45 41472 53c515d9d909829e0bfe1de75965fdb9 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
2008-01-19 08:33 41984 80926efb8623fbde9d7f58f6aa287e2b c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2009-02-04_21.29.16.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-04 20:25:21 221,184 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-04 21:24:01 221,184 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-02 10:25:36 2,560 ----a-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Mse\ObjBrow.dat
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
+ 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
+ 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data

   
Répondre à psy

9

psy, le 4 fév 2009 à 22:55:29

Ok donc la g tout fait je vais redémarrer en mode sans échec et lancer malwarebytes mais est-ce que après j pourrai revenir en mode normal?

   
Répondre à psy

10

ep44, le 4 fév 2009 à 23:03:04

Oui le sacn sera très long mais laisse le travailler,

je reprendrais la suite demain :)

@+ C’est généralement lorsque le disque dur plante qu’on se ren­d compte qu’on a oublié de le sauvegarder.

   
Répondre à ep44

11

psy, le 5 fév 2009 à 00:58:06

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1728
Windows 6.0.6001 Service Pack 1

05/02/2009 00:56:07
mbam-log-2009-02-05 (00-56-07).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 150845
Temps écoulé: 1 hour(s), 43 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2FREE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGAS.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROTTRAY.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVFNSVR.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSRV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBPROXY.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Windows\System32\ajsjfukj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Rom@in\AppData\Local\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

   
Répondre à psy

12

ep44, le 5 fév 2009 à 20:53:33

Bonsoir

Très bien, pour voir ou nous en sommes refais un rapport RSIT mais en lançant cette commande
Fait Démarrer > Exécuter > et copie colle
"%userprofile%\bureau\RSIT.exe" /info

Poste les deux rapports stp que tu retrouveras dans C:\rsit

@+

C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

   
Répondre à ep44

14

psy, le 11 fév 2009 à 12:31:18

Salut,
désolé je me suis absenté donc j'ai fait les deux rapport.
par ailleurs je pense que le virus win 32 a endommagé mon ordi car maintenant windows instaler ne fonctione plus ainsi que internet explorer et windows media player.mon antivirus kaspersky 2009 trouve le virus win 32 un peu partout a chaque démarrage il le supprime a chaque emplacement mais il est toujours là.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rom@in at 2009-02-10 11:14:31
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 23 GB (22%) free of 106 GB
Total RAM: 2046 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:03, on 10/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rom@in\Desktop\log virus\RSIT.exe
C:\Program Files\trend micro\Rom@in.exe
C:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
End of file - 4523 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie.job
C:\Windows\tasks\User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4722688]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 142848]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-01-20 1451248]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iaumkui]
c:\users\rom@in\appdata\local\iaumkui.exe iaumkui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Extension de garantie.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

C:\Users\Rom@in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Extension de garantie.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\wininit.exe"="C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1"
"C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f49e2de-de0e-11dc-8f46-001e8c53b5aa}]
shell\AutoRun\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
shell\open\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{855aaa2d-31fd-11dd-b641-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffc9fae-ef86-11dc-9a14-001e8c53b5aa}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a389e005-273d-11dd-afa4-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com


======File associations======

.js - open -
.vbs - open -

======List of files/folders created in the last 1 months======

2009-02-06 14:01:04 ----A---- C:\Windows\system32\uxtuneup.dll
2009-02-05 00:47:15 ----HD---- C:\Windows\msdownld.tmp
2009-02-04 22:52:02 ----A---- C:\Windows\system32\wscript.exe
2009-02-04 22:52:02 ----A---- C:\Windows\system32\mshta.exe
2009-02-04 22:51:05 ----D---- C:\Users\Rom@in\AppData\Roaming\Malwarebytes
2009-02-04 22:50:41 ----D---- C:\ProgramData\Malwarebytes
2009-02-04 22:50:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-04 22:28:10 ----A---- C:\ComboFix.txt
2009-02-04 22:18:01 ----D---- C:\ComboFix
2009-02-04 21:21:07 ----D---- C:\Windows\temp
2009-02-04 21:18:04 ----A---- C:\Windows\zip.exe
2009-02-04 21:18:04 ----A---- C:\Windows\VFIND.exe
2009-02-04 21:18:04 ----A---- C:\Windows\SWXCACLS.exe
2009-02-04 21:18:04 ----A---- C:\Windows\sed.exe
2009-02-04 21:18:04 ----A---- C:\Windows\grep.exe
2009-02-04 21:18:04 ----A---- C:\Windows\fdsv.exe
2009-02-04 21:17:55 ----D---- C:\Windows\ERDNT
2009-02-04 21:17:55 ----D---- C:\Qoobox
2009-02-04 20:46:15 ----D---- C:\Program Files\trend micro
2009-02-04 20:46:14 ----D---- C:\rsit
2009-02-04 19:04:28 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-02-04 13:34:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-02-04 13:34:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-04 13:33:01 ----D---- C:\Program Files\CCleaner
2009-02-04 13:31:54 ----D---- C:\Program Files\Lavasoft
2009-02-04 13:31:53 ----D---- C:\ProgramData\Lavasoft
2009-02-04 03:36:21 ----D---- C:\ProgramData\Windows Genuine Advantage
2009-02-04 02:38:39 ----D---- C:\kav
2009-02-04 02:17:42 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-03 22:07:32 ----D---- C:\Windows\system32\systeme34
2009-02-03 22:06:48 ----A---- C:\Windows\EBP_ComptesBancaires_2008_0_0_51.exe
2009-02-03 21:59:37 ----A---- C:\Windows\system32\MSVCP50.DLL
2009-02-03 21:58:11 ----D---- C:\Program Files\Common Files\Nero
2009-02-03 21:58:10 ----D---- C:\Users\Rom@in\AppData\Roaming\Nero
2009-02-03 21:58:02 ----D---- C:\ProgramData\Nero
2009-02-03 21:50:23 ----D---- C:\Windows\Nero Lite 9.2.6
2009-02-03 21:50:20 ----D---- C:\Program Files\Nero
2009-02-02 22:34:49 ----A---- C:\Windows\system32\75bda9d8-.txt
2009-02-02 21:54:28 ----D---- C:\Users\Rom@in\AppData\Roaming\ArchosLink
2009-02-02 21:44:34 ----D---- C:\Program Files\Archos
2009-02-02 12:00:17 ----D---- C:\Windows\Speeditup Free
2009-02-02 12:00:17 ----D---- C:\Program Files\Speeditup Free
2009-01-20 18:12:23 ----D---- C:\Program Files\Electronic Arts
2009-01-20 12:38:29 ----D---- C:\Users\Rom@in\AppData\Roaming\Red Alert 3
2009-01-14 17:35:49 ----D---- C:\Users\Rom@in\AppData\Roaming\Ubisoft

======List of files/folders modified in the last 1 months======

2009-02-10 11:12:21 ----D---- C:\Windows
2009-02-10 11:11:29 ----D---- C:\Program Files\Mozilla Firefox
2009-02-10 11:09:19 ----D---- C:\Windows\Prefetch
2009-02-10 11:07:09 ----D---- C:\ProgramData\Kaspersky Lab
2009-02-10 10:34:34 ----AD---- C:\Windows\System32
2009-02-10 01:32:51 ----D---- C:\Program Files\Steam
2009-02-09 22:18:04 ----D---- C:\Users\Rom@in\AppData\Roaming\LimeWire
2009-02-09 19:14:22 ----SHD---- C:\System Volume Information
2009-02-09 13:32:40 ----D---- C:\Program Files\WinRAR
2009-02-08 21:34:30 ----RD---- C:\Program Files
2009-02-08 21:16:09 ----SHD---- C:\Windows\oem
2009-02-08 21:16:04 ----D---- C:\Program Files\Internet Explorer
2009-02-08 12:09:37 ----D---- C:\Users\Rom@in\AppData\Roaming\dvdcss
2009-02-08 11:33:21 ----D---- C:\Program Files\Activision
2009-02-06 22:27:18 ----D---- C:\Program Files\JkDefrag
2009-02-06 14:00:22 ----D---- C:\Windows\system32\fr-FR
2009-02-06 14:00:22 ----D---- C:\Windows\system32\en-US
2009-02-06 08:57:36 ----D---- C:\Program Files\Common Files\Steam
2009-02-05 01:58:42 ----D---- C:\Windows\system32\Tasks
2009-02-05 01:32:46 ----SHD---- C:\boot
2009-02-05 01:32:45 ----D---- C:\Windows\system32\config
2009-02-04 22:51:01 ----D---- C:\Windows\system32\drivers
2009-02-04 22:50:41 ----HD---- C:\ProgramData
2009-02-04 22:24:17 ----A---- C:\Windows\system.ini
2009-02-04 22:21:39 ----D---- C:\Windows\AppPatch
2009-02-04 22:21:39 ----D---- C:\Program Files\Common Files
2009-02-04 21:54:21 ----D---- C:\Program Files\Total Video Converter
2009-02-04 21:53:32 ----D---- C:\Program Files\Screamer Radio
2009-02-04 20:27:43 ----D---- C:\Windows\system32\URTTEMP
2009-02-04 20:27:29 ----D---- C:\Windows\BisonCam
2009-02-04 20:27:19 ----D---- C:\Program Files\QuickTime
2009-02-04 20:27:17 ----D---- C:\Program Files\Opera
2009-02-04 20:09:19 ----D---- C:\Program Files\IviCam
2009-02-04 20:09:17 ----D---- C:\Program Files\HDReg
2009-02-04 20:09:01 ----D---- C:\Program Files\Almacom
2009-02-04 19:04:42 ----D---- C:\Windows\Tasks
2009-02-04 18:57:53 ----D---- C:\Windows\system32\catroot2
2009-02-04 18:57:34 ----D---- C:\Program Files\Windows Media Player
2009-02-04 18:56:21 ----D---- C:\Program Files\Activision 2
2009-02-04 18:39:18 ----SHD---- C:\Windows\Installer
2009-02-04 18:39:17 ----HD---- C:\Config.Msi
2009-02-04 18:36:08 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-04 17:17:39 ----D---- C:\Windows\system32\WDI
2009-02-04 15:26:20 ----D---- C:\Windows\system32\catroot
2009-02-04 15:26:20 ----D---- C:\Windows\inf
2009-02-04 15:25:15 ----D---- C:\Program Files\Kaspersky Lab
2009-02-04 14:33:55 ----D---- C:\Program Files\DAEMON Tools
2009-02-04 13:42:55 ----D---- C:\Windows\Debug
2009-02-04 13:31:48 ----D---- C:\Windows\winsxs
2009-02-04 02:37:04 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-02-04 02:14:38 ----RD---- C:\Users
2009-02-03 23:05:00 ----SHD---- C:\$Recycle.Bin
2009-02-03 21:59:58 ----RSD---- C:\Windows\Fonts
2009-02-03 21:59:36 ----D---- C:\Program Files\Common Files\Adobe
2009-02-03 21:59:36 ----D---- C:\Program Files\Adobe
2009-02-03 20:59:33 ----D---- C:\Program Files\LimeWire
2009-02-03 19:49:48 ----D---- C:\ProgramData\2DBoy
2009-02-02 16:42:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-02 12:58:18 ----D---- C:\Program Files\Google
2009-02-02 12:48:21 ----D---- C:\ProgramData\Google
2009-02-02 11:56:05 ----D---- C:\PerfLogs
2009-02-02 08:51:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-02 08:51:45 ----D---- C:\Program Files\Ubisoft
2009-01-29 12:55:27 ----D---- C:\Users\Rom@in\AppData\Roaming\Skype
2009-01-28 17:25:01 ----D---- C:\Users\Rom@in\AppData\Roaming\Hamachi
2009-01-27 22:08:00 ----RSD---- C:\Windows\assembly
2009-01-20 17:19:48 ----D---- C:\ProgramData\Electronic Arts
2009-01-20 12:17:46 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-01-15 20:24:08 ----D---- C:\Program Files\Packard Bell
2009-01-15 20:21:06 ----D---- C:\Program Files\VirtualDJ
2009-01-15 20:20:52 ----D---- C:\Users\Rom@in\AppData\Roaming\Wallpaper
2009-01-15 20:20:33 ----D---- C:\Program Files\Windows Live
2009-01-15 12:39:10 ----D---- C:\Program Files\Windows Mail
2009-01-15 12:38:54 ----D---- C:\ProgramData\Microsoft Help
2009-01-14 17:35:49 ----D---- C:\ProgramData\Ubisoft
2009-01-12 01:32:24 ----D---- C:\ProgramData\ma-config.com
2009-01-12 01:32:24 ----D---- C:\Program Files\ma-config.com

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-11-03 112144]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-02-04 224272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-11-05 670208]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-25 2609152]
R3 Cam5603D;USB2.0 350K WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-28 847536]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-23 50176]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
S3 ahhsi8qd;ahhsi8qd; C:\Windows\system32\drivers\ahhsi8qd.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-11-05 25280]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-05-25 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-06 316664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-02-04 355584]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

-----------------EOF-----------------



malwarebytes:


Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1729
Windows 6.0.6001 Service Pack 1

09/02/2009 16:37:13
mbam-log-2009-02-09 (16-37-13).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|J:\|)
Eléments examinés: 152361
Temps écoulé: 1 hour(s), 22 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

   
Répondre à psy

13

psy, le 10 fév 2009 à 11:23:40

Salut,
désolé je me suis absenté donc j'ai fait les deux rapport.
par ailleurs je pense que le virus win 32 a endommagé mon ordi car maintenant windows instaler ne fonctione plus ainsi que internet explorer et windows media player.mon antivirus kaspersky 2009 trouve le virus win 32 un peu partout a chaque démarrage il le supprime a chaque emplacement mais il est toujours là.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rom@in at 2009-02-10 11:14:31
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 23 GB (22%) free of 106 GB
Total RAM: 2046 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:03, on 10/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rom@in\Desktop\log virus\RSIT.exe
C:\Program Files\trend micro\Rom@in.exe
C:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
End of file - 4523 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie.job
C:\Windows\tasks\User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4722688]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 142848]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-01-20 1451248]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iaumkui]
c:\users\rom@in\appdata\local\iaumkui.exe iaumkui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Extension de garantie.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

C:\Users\Rom@in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Extension de garantie.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\wininit.exe"="C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1"
"C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f49e2de-de0e-11dc-8f46-001e8c53b5aa}]
shell\AutoRun\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
shell\open\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{855aaa2d-31fd-11dd-b641-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffc9fae-ef86-11dc-9a14-001e8c53b5aa}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a389e005-273d-11dd-afa4-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com


======File associations======

.js - open -
.vbs - open -

======List of files/folders created in the last 1 months======

2009-02-06 14:01:04 ----A---- C:\Windows\system32\uxtuneup.dll
2009-02-05 00:47:15 ----HD---- C:\Windows\msdownld.tmp
2009-02-04 22:52:02 ----A---- C:\Windows\system32\wscript.exe
2009-02-04 22:52:02 ----A---- C:\Windows\system32\mshta.exe
2009-02-04 22:51:05 ----D---- C:\Users\Rom@in\AppData\Roaming\Malwarebytes
2009-02-04 22:50:41 ----D---- C:\ProgramData\Malwarebytes
2009-02-04 22:50:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-04 22:28:10 ----A---- C:\ComboFix.txt
2009-02-04 22:18:01 ----D---- C:\ComboFix
2009-02-04 21:21:07 ----D---- C:\Windows\temp
2009-02-04 21:18:04 ----A---- C:\Windows\zip.exe
2009-02-04 21:18:04 ----A---- C:\Windows\VFIND.exe
2009-02-04 21:18:04 ----A---- C:\Windows\SWXCACLS.exe
2009-02-04 21:18:04 ----A---- C:\Windows\sed.exe
2009-02-04 21:18:04 ----A---- C:\Windows\grep.exe
2009-02-04 21:18:04 ----A---- C:\Windows\fdsv.exe
2009-02-04 21:17:55 ----D---- C:\Windows\ERDNT
2009-02-04 21:17:55 ----D---- C:\Qoobox
2009-02-04 20:46:15 ----D---- C:\Program Files\trend micro
2009-02-04 20:46:14 ----D---- C:\rsit
2009-02-04 19:04:28 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-02-04 13:34:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-02-04 13:34:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-04 13:33:01 ----D---- C:\Program Files\CCleaner
2009-02-04 13:31:54 ----D---- C:\Program Files\Lavasoft
2009-02-04 13:31:53 ----D---- C:\ProgramData\Lavasoft
2009-02-04 03:36:21 ----D---- C:\ProgramData\Windows Genuine Advantage
2009-02-04 02:38:39 ----D---- C:\kav
2009-02-04 02:17:42 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-03 22:07:32 ----D---- C:\Windows\system32\systeme34
2009-02-03 22:06:48 ----A---- C:\Windows\EBP_ComptesBancaires_2008_0_0_51.exe
2009-02-03 21:59:37 ----A---- C:\Windows\system32\MSVCP50.DLL
2009-02-03 21:58:11 ----D---- C:\Program Files\Common Files\Nero
2009-02-03 21:58:10 ----D---- C:\Users\Rom@in\AppData\Roaming\Nero
2009-02-03 21:58:02 ----D---- C:\ProgramData\Nero
2009-02-03 21:50:23 ----D---- C:\Windows\Nero Lite 9.2.6
2009-02-03 21:50:20 ----D---- C:\Program Files\Nero
2009-02-02 22:34:49 ----A---- C:\Windows\system32\75bda9d8-.txt
2009-02-02 21:54:28 ----D---- C:\Users\Rom@in\AppData\Roaming\ArchosLink
2009-02-02 21:44:34 ----D---- C:\Program Files\Archos
2009-02-02 12:00:17 ----D---- C:\Windows\Speeditup Free
2009-02-02 12:00:17 ----D---- C:\Program Files\Speeditup Free
2009-01-20 18:12:23 ----D---- C:\Program Files\Electronic Arts
2009-01-20 12:38:29 ----D---- C:\Users\Rom@in\AppData\Roaming\Red Alert 3
2009-01-14 17:35:49 ----D---- C:\Users\Rom@in\AppData\Roaming\Ubisoft

======List of files/folders modified in the last 1 months======

2009-02-10 11:12:21 ----D---- C:\Windows
2009-02-10 11:11:29 ----D---- C:\Program Files\Mozilla Firefox
2009-02-10 11:09:19 ----D---- C:\Windows\Prefetch
2009-02-10 11:07:09 ----D---- C:\ProgramData\Kaspersky Lab
2009-02-10 10:34:34 ----AD---- C:\Windows\System32
2009-02-10 01:32:51 ----D---- C:\Program Files\Steam
2009-02-09 22:18:04 ----D---- C:\Users\Rom@in\AppData\Roaming\LimeWire
2009-02-09 19:14:22 ----SHD---- C:\System Volume Information
2009-02-09 13:32:40 ----D---- C:\Program Files\WinRAR
2009-02-08 21:34:30 ----RD---- C:\Program Files
2009-02-08 21:16:09 ----SHD---- C:\Windows\oem
2009-02-08 21:16:04 ----D---- C:\Program Files\Internet Explorer
2009-02-08 12:09:37 ----D---- C:\Users\Rom@in\AppData\Roaming\dvdcss
2009-02-08 11:33:21 ----D---- C:\Program Files\Activision
2009-02-06 22:27:18 ----D---- C:\Program Files\JkDefrag
2009-02-06 14:00:22 ----D---- C:\Windows\system32\fr-FR
2009-02-06 14:00:22 ----D---- C:\Windows\system32\en-US
2009-02-06 08:57:36 ----D---- C:\Program Files\Common Files\Steam
2009-02-05 01:58:42 ----D---- C:\Windows\system32\Tasks
2009-02-05 01:32:46 ----SHD---- C:\boot
2009-02-05 01:32:45 ----D---- C:\Windows\system32\config
2009-02-04 22:51:01 ----D---- C:\Windows\system32\drivers
2009-02-04 22:50:41 ----HD---- C:\ProgramData
2009-02-04 22:24:17 ----A---- C:\Windows\system.ini
2009-02-04 22:21:39 ----D---- C:\Windows\AppPatch
2009-02-04 22:21:39 ----D---- C:\Program Files\Common Files
2009-02-04 21:54:21 ----D---- C:\Program Files\Total Video Converter
2009-02-04 21:53:32 ----D---- C:\Program Files\Screamer Radio
2009-02-04 20:27:43 ----D---- C:\Windows\system32\URTTEMP
2009-02-04 20:27:29 ----D---- C:\Windows\BisonCam
2009-02-04 20:27:19 ----D---- C:\Program Files\QuickTime
2009-02-04 20:27:17 ----D---- C:\Program Files\Opera
2009-02-04 20:09:19 ----D---- C:\Program Files\IviCam
2009-02-04 20:09:17 ----D---- C:\Program Files\HDReg
2009-02-04 20:09:01 ----D---- C:\Program Files\Almacom
2009-02-04 19:04:42 ----D---- C:\Windows\Tasks
2009-02-04 18:57:53 ----D---- C:\Windows\system32\catroot2
2009-02-04 18:57:34 ----D---- C:\Program Files\Windows Media Player
2009-02-04 18:56:21 ----D---- C:\Program Files\Activision 2
2009-02-04 18:39:18 ----SHD---- C:\Windows\Installer
2009-02-04 18:39:17 ----HD---- C:\Config.Msi
2009-02-04 18:36:08 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-04 17:17:39 ----D---- C:\Windows\system32\WDI
2009-02-04 15:26:20 ----D---- C:\Windows\system32\catroot
2009-02-04 15:26:20 ----D---- C:\Windows\inf
2009-02-04 15:25:15 ----D---- C:\Program Files\Kaspersky Lab
2009-02-04 14:33:55 ----D---- C:\Program Files\DAEMON Tools
2009-02-04 13:42:55 ----D---- C:\Windows\Debug
2009-02-04 13:31:48 ----D---- C:\Windows\winsxs
2009-02-04 02:37:04 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-02-04 02:14:38 ----RD---- C:\Users
2009-02-03 23:05:00 ----SHD---- C:\$Recycle.Bin
2009-02-03 21:59:58 ----RSD---- C:\Windows\Fonts
2009-02-03 21:59:36 ----D---- C:\Program Files\Common Files\Adobe
2009-02-03 21:59:36 ----D---- C:\Program Files\Adobe
2009-02-03 20:59:33 ----D---- C:\Program Files\LimeWire
2009-02-03 19:49:48 ----D---- C:\ProgramData\2DBoy
2009-02-02 16:42:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-02 12:58:18 ----D---- C:\Program Files\Google
2009-02-02 12:48:21 ----D---- C:\ProgramData\Google
2009-02-02 11:56:05 ----D---- C:\PerfLogs
2009-02-02 08:51:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-02 08:51:45 ----D---- C:\Program Files\Ubisoft
2009-01-29 12:55:27 ----D---- C:\Users\Rom@in\AppData\Roaming\Skype
2009-01-28 17:25:01 ----D---- C:\Users\Rom@in\AppData\Roaming\Hamachi
2009-01-27 22:08:00 ----RSD---- C:\Windows\assembly
2009-01-20 17:19:48 ----D---- C:\ProgramData\Electronic Arts
2009-01-20 12:17:46 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-01-15 20:24:08 ----D---- C:\Program Files\Packard Bell
2009-01-15 20:21:06 ----D---- C:\Program Files\VirtualDJ
2009-01-15 20:20:52 ----D---- C:\Users\Rom@in\AppData\Roaming\Wallpaper
2009-01-15 20:20:33 ----D---- C:\Program Files\Windows Live
2009-01-15 12:39:10 ----D---- C:\Program Files\Windows Mail
2009-01-15 12:38:54 ----D---- C:\ProgramData\Microsoft Help
2009-01-14 17:35:49 ----D---- C:\ProgramData\Ubisoft
2009-01-12 01:32:24 ----D---- C:\ProgramData\ma-config.com
2009-01-12 01:32:24 ----D---- C:\Program Files\ma-config.com

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-11-03 112144]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-02-04 224272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-11-05 670208]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-25 2609152]
R3 Cam5603D;USB2.0 350K WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-28 847536]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-23 50176]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
S3 ahhsi8qd;ahhsi8qd; C:\Windows\system32\drivers\ahhsi8qd.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-11-05 25280]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-05-25 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-06 316664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-02-04 355584]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

-----------------EOF-----------------



malwarebytes:


Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1729
Windows 6.0.6001 Service Pack 1

09/02/2009 16:37:13
mbam-log-2009-02-09 (16-37-13).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|J:\|)
Eléments examinés: 152361
Temps écoulé: 1 hour(s), 22 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

   
Répondre à psy

15

psy, le 11 fév 2009 à 12:38:12

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rom@in at 2009-02-11 12:36:24
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 25 GB (23%) free of 106 GB
Total RAM: 2046 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:51, on 11/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rom@in\Desktop\RSIT.exe
C:\Program Files\trend micro\Rom@in.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
End of file - 4476 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie.job
C:\Windows\tasks\User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4722688]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 142848]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-01-20 1451248]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iaumkui]
c:\users\rom@in\appdata\local\iaumkui.exe iaumkui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Extension de garantie.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

C:\Users\Rom@in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Extension de garantie.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\wininit.exe"="C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1"
"C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f49e2de-de0e-11dc-8f46-001e8c53b5aa}]
shell\AutoRun\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
shell\open\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{855aaa2d-31fd-11dd-b641-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffc9fae-ef86-11dc-9a14-001e8c53b5aa}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a389e005-273d-11dd-afa4-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com


======File associations======

.js - open -
.vbs - open -

======List of files/folders created in the last 1 months======

2009-02-10 11:22:18 ----D---- C:\32788R22FWJFW
2009-02-06 14:01:04 ----A---- C:\Windows\system32\uxtuneup.dll
2009-02-05 00:47:15 ----HD---- C:\Windows\msdownld.tmp
2009-02-04 22:52:02 ----A---- C:\Windows\system32\wscript.exe
2009-02-04 22:52:02 ----A---- C:\Windows\system32\mshta.exe
2009-02-04 22:51:05 ----D---- C:\Users\Rom@in\AppData\Roaming\Malwarebytes
2009-02-04 22:50:41 ----D---- C:\ProgramData\Malwarebytes
2009-02-04 22:50:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-04 22:28:10 ----A---- C:\ComboFix.txt
2009-02-04 22:18:01 ----D---- C:\ComboFix
2009-02-04 21:21:07 ----D---- C:\Windows\temp
2009-02-04 21:18:04 ----A---- C:\Windows\zip.exe
2009-02-04 21:18:04 ----A---- C:\Windows\VFIND.exe
2009-02-04 21:18:04 ----A---- C:\Windows\SWXCACLS.exe
2009-02-04 21:18:04 ----A---- C:\Windows\sed.exe
2009-02-04 21:18:04 ----A---- C:\Windows\grep.exe
2009-02-04 21:18:04 ----A---- C:\Windows\fdsv.exe
2009-02-04 21:17:55 ----D---- C:\Windows\ERDNT
2009-02-04 21:17:55 ----D---- C:\Qoobox
2009-02-04 20:46:15 ----D---- C:\Program Files\trend micro
2009-02-04 20:46:14 ----D---- C:\rsit
2009-02-04 19:04:28 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-02-04 13:34:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-02-04 13:34:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-04 13:33:01 ----D---- C:\Program Files\CCleaner
2009-02-04 13:31:54 ----D---- C:\Program Files\Lavasoft
2009-02-04 13:31:53 ----D---- C:\ProgramData\Lavasoft
2009-02-04 03:36:21 ----D---- C:\ProgramData\Windows Genuine Advantage
2009-02-04 02:38:39 ----D---- C:\kav
2009-02-04 02:17:42 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-03 22:07:32 ----D---- C:\Windows\system32\systeme34
2009-02-03 22:06:48 ----A---- C:\Windows\EBP_ComptesBancaires_2008_0_0_51.exe
2009-02-03 21:59:37 ----A---- C:\Windows\system32\MSVCP50.DLL
2009-02-03 21:58:11 ----D---- C:\Program Files\Common Files\Nero
2009-02-03 21:58:10 ----D---- C:\Users\Rom@in\AppData\Roaming\Nero
2009-02-03 21:58:02 ----D---- C:\ProgramData\Nero
2009-02-03 21:50:23 ----D---- C:\Windows\Nero Lite 9.2.6
2009-02-03 21:50:20 ----D---- C:\Program Files\Nero
2009-02-02 22:34:49 ----A---- C:\Windows\system32\75bda9d8-.txt
2009-02-02 21:54:28 ----D---- C:\Users\Rom@in\AppData\Roaming\ArchosLink
2009-02-02 21:44:34 ----D---- C:\Program Files\Archos
2009-02-02 12:00:17 ----D---- C:\Windows\Speeditup Free
2009-02-02 12:00:17 ----D---- C:\Program Files\Speeditup Free
2009-01-20 18:12:23 ----D---- C:\Program Files\Electronic Arts
2009-01-20 12:38:29 ----D---- C:\Users\Rom@in\AppData\Roaming\Red Alert 3
2009-01-14 17:35:49 ----D---- C:\Users\Rom@in\AppData\Roaming\Ubisoft

======List of files/folders modified in the last 1 months======

2009-02-11 12:36:32 ----D---- C:\Windows\Prefetch
2009-02-11 12:28:24 ----D---- C:\Program Files\Mozilla Firefox
2009-02-11 12:22:30 ----A---- C:\Windows\system32\MuiUnattend.exe
2009-02-11 12:22:29 ----A---- C:\Windows\system32\SystemPropertiesPerformance.exe
2009-02-11 12:22:29 ----A---- C:\Windows\system32\systeminfo.exe
2009-02-11 12:22:28 ----AD---- C:\Windows\System32
2009-02-11 12:22:28 ----A---- C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
2009-02-11 12:22:28 ----A---- C:\Windows\system32\sbunattend.exe
2009-02-11 12:22:26 ----A---- C:\Windows\system32\rdrleakdiag.exe
2009-02-11 12:22:26 ----A---- C:\Windows\system32\DeviceEject.exe
2009-02-11 12:22:26 ----A---- C:\Windows\fveupdate.exe
2009-02-11 12:22:25 ----A---- C:\Windows\system32\openfiles.exe
2009-02-11 12:22:25 ----A---- C:\Windows\system32\bitsadmin.exe
2009-02-11 12:22:24 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-02-11 12:22:24 ----A---- C:\Windows\system32\bthudtask.exe
2009-02-11 11:19:24 ----D---- C:\Windows\system32\catroot2
2009-02-11 11:19:24 ----D---- C:\Windows\system32\catroot
2009-02-11 11:19:14 ----D---- C:\Windows\winsxs
2009-02-11 11:17:35 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-02-11 11:13:17 ----D---- C:\Windows
2009-02-11 11:13:01 ----D---- C:\ProgramData\Kaspersky Lab
2009-02-11 02:43:38 ----D---- C:\Users\Rom@in\AppData\Roaming\dvdcss
2009-02-11 00:10:27 ----D---- C:\Program Files\Steam
2009-02-10 22:17:44 ----SHD---- C:\System Volume Information
2009-02-10 21:04:17 ----SD---- C:\Users\Rom@in\AppData\Roaming\Microsoft
2009-02-10 13:13:17 ----D---- C:\Program Files\WinRAR
2009-02-10 11:13:05 ----D---- C:\Program Files\Activision 2
2009-02-09 22:18:04 ----D---- C:\Users\Rom@in\AppData\Roaming\LimeWire
2009-02-08 21:34:30 ----RD---- C:\Program Files
2009-02-08 21:16:09 ----SHD---- C:\Windows\oem
2009-02-08 21:16:04 ----D---- C:\Program Files\Internet Explorer
2009-02-08 11:33:21 ----D---- C:\Program Files\Activision
2009-02-06 22:27:18 ----D---- C:\Program Files\JkDefrag
2009-02-06 14:00:22 ----D---- C:\Windows\system32\fr-FR
2009-02-06 14:00:22 ----D---- C:\Windows\system32\en-US
2009-02-06 08:57:36 ----D---- C:\Program Files\Common Files\Steam
2009-02-05 01:58:42 ----D---- C:\Windows\system32\Tasks
2009-02-05 01:32:46 ----SHD---- C:\boot
2009-02-05 01:32:45 ----D---- C:\Windows\system32\config
2009-02-04 22:51:01 ----D---- C:\Windows\system32\drivers
2009-02-04 22:50:41 ----HD---- C:\ProgramData
2009-02-04 22:24:17 ----A---- C:\Windows\system.ini
2009-02-04 22:21:39 ----D---- C:\Windows\AppPatch
2009-02-04 22:21:39 ----D---- C:\Program Files\Common Files
2009-02-04 21:54:21 ----D---- C:\Program Files\Total Video Converter
2009-02-04 21:53:32 ----D---- C:\Program Files\Screamer Radio
2009-02-04 20:27:43 ----D---- C:\Windows\system32\URTTEMP
2009-02-04 20:27:29 ----D---- C:\Windows\BisonCam
2009-02-04 20:27:19 ----D---- C:\Program Files\QuickTime
2009-02-04 20:27:17 ----D---- C:\Program Files\Opera
2009-02-04 20:09:19 ----D---- C:\Program Files\IviCam
2009-02-04 20:09:17 ----D---- C:\Program Files\HDReg
2009-02-04 20:09:01 ----D---- C:\Program Files\Almacom
2009-02-04 19:04:42 ----D---- C:\Windows\Tasks
2009-02-04 18:57:34 ----D---- C:\Program Files\Windows Media Player
2009-02-04 18:39:18 ----SHD---- C:\Windows\Installer
2009-02-04 18:39:17 ----HD---- C:\Config.Msi
2009-02-04 18:36:08 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-04 17:17:39 ----D---- C:\Windows\system32\WDI
2009-02-04 15:26:20 ----D---- C:\Windows\inf
2009-02-04 15:25:15 ----D---- C:\Program Files\Kaspersky Lab
2009-02-04 14:33:55 ----D---- C:\Program Files\DAEMON Tools
2009-02-04 13:42:55 ----D---- C:\Windows\Debug
2009-02-04 02:37:04 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-02-04 02:14:38 ----RD---- C:\Users
2009-02-03 23:05:00 ----SHD---- C:\$Recycle.Bin
2009-02-03 21:59:58 ----RSD---- C:\Windows\Fonts
2009-02-03 21:59:36 ----D---- C:\Program Files\Common Files\Adobe
2009-02-03 21:59:36 ----D---- C:\Program Files\Adobe
2009-02-03 20:59:33 ----D---- C:\Program Files\LimeWire
2009-02-03 19:49:48 ----D---- C:\ProgramData\2DBoy
2009-02-02 16:42:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-02 12:58:18 ----D---- C:\Program Files\Google
2009-02-02 12:48:21 ----D---- C:\ProgramData\Google
2009-02-02 11:56:05 ----D---- C:\PerfLogs
2009-02-02 08:51:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-02 08:51:45 ----D---- C:\Program Files\Ubisoft
2009-01-29 12:55:27 ----D---- C:\Users\Rom@in\AppData\Roaming\Skype
2009-01-28 17:25:01 ----D---- C:\Users\Rom@in\AppData\Roaming\Hamachi
2009-01-27 22:08:00 ----RSD---- C:\Windows\assembly
2009-01-20 17:19:48 ----D---- C:\ProgramData\Electronic Arts
2009-01-20 12:17:46 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-01-15 20:24:08 ----D---- C:\Program Files\Packard Bell
2009-01-15 20:21:06 ----D---- C:\Program Files\VirtualDJ
2009-01-15 20:20:52 ----D---- C:\Users\Rom@in\AppData\Roaming\Wallpaper
2009-01-15 20:20:33 ----D---- C:\Program Files\Windows Live
2009-01-15 12:39:10 ----D---- C:\Program Files\Windows Mail
2009-01-15 12:38:54 ----D---- C:\ProgramData\Microsoft Help
2009-01-14 17:35:49 ----D---- C:\ProgramData\Ubisoft
2009-01-12 01:32:24 ----D---- C:\ProgramData\ma-config.com
2009-01-12 01:32:24 ----D---- C:\Program Files\ma-config.com

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-11-03 112144]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-02-04 224272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-11-05 670208]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-25 2609152]
R3 Cam5603D;USB2.0 350K WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-28 847536]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-23 50176]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
S3 agvukw2e;agvukw2e; C:\Windows\system32\drivers\agvukw2e.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-11-05 25280]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-05-25 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-06 316664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-02-04 355584]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

-----------------EOF-----------------

   
Répondre à psy

16

ep44, le 12 fév 2009 à 22:40:53

Bonsoir

Excuse moi pour la réponse tardive des soucis avec mon FAI

Fait ceci car tu as toujours des fichiers néfastes

Télécharge OTMoveIt3 (de Old_Timer).
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Enregistre-le sur ton Bureau.

- Double-clique sur OTMoveit3.exe pour le lancer.
( Si tu es sous Vista, click droit sur l'icone d'OTMoveIt3 --> exécuter en tant qu'administrateur pour le lancer )
- Vérifie que l'option Unregister Dll's and Ocx's est cochée.
- Copie la liste qui se trouve dans la zone code ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste instructions for Items to be Moved.

Code:
:Processes
explorer.exe

:Files
C:\Windows\TEMP\winlognn.exe
C:\Windows\system32\systeme34

:Commands
[purity]
[emptytemp]
[Reboot]


- Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
- Copie toute la sélection apparaissant dans ce cadre Résults. Colle ce rapport dans ton prochain message.
- Clique sur Exit pour fermer.
- Si tu ne trouves plus le rapport,c'est un fichier .log qui se trouve en C:\_OTMoveIt\MovedFiles.

Remarque : Il est possible qu'il te soit demandé de redémarrer ton ordinateur pour supprimer les fichiers.
Accepte. Dans ce cas, après redémarrage, tu trouveras justement le rapport dans le dossier C:\_OTMoveIt\MovedFiles.



Ensuite
Ensuite fait: Démarrer > Exécuter > tape cmd (Ok)

- Dans la fenêtre DOS, taper chacune des lignes suivantes, une à une et très exactement, en validant avec [Entrée] après chacune :

sc stop "CLTNetCnService" [Entrée]

sc delete "CLTNetCnService" [Entrée]

Ensuite vérifie si tu trouve
C:\Program Files\Common Files\Symantec Shared

si oui supprime.

@+

C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

   
Répondre à ep44

17

Psy, le 15 fév 2009 à 21:53:53

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Windows\TEMP\winlognn.exe not found.
C:\Windows\system32\systeme34 moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Rom@in\AppData\Local\Temp\etilqs_JpdbtephA0sA9eQJNO­f3 scheduled to be deleted on reboot.
File delete failed. C:\Users\Rom@in\AppData\Local\Temp\~DF2174.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Rom@in\AppData\Local\Temp\~DF217B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Rom@in\AppData\Local\Temp\~DFD3D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Rom@in\AppData\Local\Temp\~DFD44.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\cch~1490c7bd6.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~1490c98fc.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~1499867fc.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~149989719.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~1499d4386.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~1499d5fb7.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~149dc303f.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~149dc4be4.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~149e246c9.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~149e27aa1.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~14a35a26c.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~14a35d05c.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~14dc2660e.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~14dc281c1.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~1d2e6d2cb.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~1d2e6eeaf.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~33fa2fec.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~33fe8327.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~8f92b487.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~8f92cf8b.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\WER668F.tmp.version.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\WER669F.tmp.appcompat.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\WER66CF.tmp.hdmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02152009_214225

Files moved on Reboot...
File C:\Users\Rom@in\AppData\Local\Temp\etilqs_JpdbtephA0sA9eQJNO­f3 not found!
File C:\Users\Rom@in\AppData\Local\Temp\~DF2174.tmp not found!
File C:\Users\Rom@in\AppData\Local\Temp\~DF217B.tmp not found!
File C:\Users\Rom@in\AppData\Local\Temp\~DFD3D.tmp not found!
File C:\Users\Rom@in\AppData\Local\Temp\~DFD44.tmp not found!
File C:\Windows\temp\cch~1490c7bd6.htp not found!
File C:\Windows\temp\cch~1490c98fc.htp not found!
File C:\Windows\temp\cch~1499867fc.htp not found!
File C:\Windows\temp\cch~149989719.htp not found!
File C:\Windows\temp\cch~1499d4386.htp not found!
File C:\Windows\temp\cch~1499d5fb7.htp not found!
File C:\Windows\temp\cch~149dc303f.htp not found!
File C:\Windows\temp\cch~149dc4be4.htp not found!
File C:\Windows\temp\cch~149e246c9.htp not found!
File C:\Windows\temp\cch~149e27aa1.htp not found!
File C:\Windows\temp\cch~14a35a26c.htp not found!
File C:\Windows\temp\cch~14a35d05c.htp not found!
File C:\Windows\temp\cch~14dc2660e.htp not found!
File C:\Windows\temp\cch~14dc281c1.htp not found!
File C:\Windows\temp\cch~1d2e6d2cb.htp not found!
File C:\Windows\temp\cch~1d2e6eeaf.htp not found!
File C:\Windows\temp\cch~33fa2fec.htp not found!
File C:\Windows\temp\cch~33fe8327.htp not found!
File C:\Windows\temp\cch~8f92b487.htp not found!
File C:\Windows\temp\cch~8f92cf8b.htp not found!
File C:\Windows\temp\WER668F.tmp.version.txt not found!
File C:\Windows\temp\WER669F.tmp.appcompat.txt not found!
File C:\Windows\temp\WER66CF.tmp.hdmp not found!
C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\urlclassifier3.sqlite moved successfully.
C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1ea­e33.default\XUL.mfl moved successfully.

   
Répondre à Psy

18

ep44, le 16 fév 2009 à 19:56:22

Bonsoir

pour commencer


Télécharge CCleaner
http://www.filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69


Ensuite


* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le
=> Ensuite va en mode sans echec


Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport


ensuite

fait un scan en ligne

avec bitdefender et colle le rapport

http://www.bitdefender.com/scan8/ie.html

Scan à faire sous Internet Explorer

et accepte le contrôle activeX de IE


ensuite un nouveau rapport hijack stp
@+ C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

   
Répondre à ep44

19

psy, le 2 mar 2009 à 12:05:44

Je suis Vraiment Désolé de t'avoir fait patienter aussi longtemps mais g u un empêchement.
je vais redémarrer en mode sans échec pour faire ta manipulation car maintenant c'est de pire en pire je n'ai plus windows installer et quand g ouvert ma session tout avait disparu plus de données perso plus de fond d'écran plus de bureau mozilla a revenu au mode initial tt mes marques pages supprimés et je ne peut plus travaille.je te remercie pour tes conseil et ta patience.
je te poste les raports.



.

   
Répondre à psy

20

psy, le 2 mar 2009 à 12:10:04

J'avais oublié internet explorer ne marche plus depuis que j'ai c'est problème de virus et g essayer de le réinstaller mais windows installer ne fonctionne plus donc je vais le faire sous mozzilla.en attendant ta reponse

   
Répondre à psy

21

psy, le 2 mar 2009 à 14:24:54

Voila les deux rapports: malware et RSIT



Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1729
Windows 6.0.6001 Service Pack 1

02/03/2009 13:17:25
mbam-log-2009-03-02 (13-17-25).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|J:\|)
Eléments examinés: 156247
Temps écoulé: 42 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion­\Explorer\Browser Helper Objects\{12c9eb50-9928-48cc-8dce-4134363995dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xjvsczhr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12c9eb50-9928-48cc-8dce-4134363995dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\akwrcfap (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\akwrcfap (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\akwrcfap (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12c9eb50-9928-48cc-8dce-4134363995dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Windows\System32\tyrsdwr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\Rom@in\Local Settings\Application Data\mlkaxwdc_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Rom@in\Local Settings\Application Data\mlkaxwdc_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Rom@in\Local Settings\Application Data\mlkaxwdc.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Rom@in\Local Settings\Application Data\mlkaxwdc.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.



...............................................................................................................................................................





Logfile of random's system information tool 1.05 (written by random/random)
Run by Rom@in at 2009-03-02 14:18:53
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 25 GB (23%) free of 106 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:08, on 02/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Rom@in\Desktop\log virus\RSIT.exe
C:\Program Files\trend micro\Rom@in.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [mlkaxwdc] "c:\users\rom@in\appdata\local\mlkaxwdc.exe" mlkaxwdc
O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\System32\msiexec.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
End of file - 4491 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie.job
C:\Windows\tasks\User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4722688]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 142848]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-01-20 1451248]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"mlkaxwdc"=c:\users\rom@in\appdata\local\mlkaxwdc.exe mlkaxwdc []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iaumkui]
c:\users\rom@in\appdata\local\iaumkui.exe iaumkui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Extension de garantie.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

C:\Users\Rom@in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Extension de garantie.job
SA.DAT
SCHEDLGU.TXT
User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\wininit.exe"="C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1"
"C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f49e2de-de0e-11dc-8f46-001e8c53b5aa}]
shell\AutoRun\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
shell\open\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{855aaa2d-31fd-11dd-b641-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffc9fae-ef86-11dc-9a14-001e8c53b5aa}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a389e005-273d-11dd-afa4-001e8c53b5aa}]
shell\AutoRun\command - 8ng8w.com
shell\explore\command - 8ng8w.com
shell\open\command - 8ng8w.com


======File associations======

.js - open -
.vbs - open -

======List of files/folders created in the last 1 months======

2009-02-28 11:58:01 ----RD---- C:\Users\Rom@in\AppData\Roaming\Brother
2009-02-27 18:07:02 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-02-27 18:07:02 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-02-27 18:07:01 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-02-27 18:07:01 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-02-27 18:07:01 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-02-27 18:07:00 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-02-27 18:07:00 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-02-27 18:05:30 ----D---- C:\Windows\system32\directx
2009-02-15 22:57:47 ----D---- C:\ProgramData\Test Drive Unlimited
2009-02-15 21:42:25 ----D---- C:\_OTMoveIt
2009-02-11 19:01:58 ----A---- C:\Windows\BRWMARK.INI
2009-02-11 19:01:58 ----A---- C:\Windows\BRPP2KA.INI
2009-02-10 11:22:18 ----D---- C:\32788R22FWJFW
2009-02-06 14:01:04 ----A---- C:\Windows\system32\uxtuneup.dll
2009-02-05 00:47:15 ----HD---- C:\Windows\msdownld.tmp
2009-02-04 22:52:02 ----A---- C:\Windows\system32\wscript.exe
2009-02-04 22:52:02 ----A---- C:\Windows\system32\mshta.exe
2009-02-04 22:51:05 ----D---- C:\Users\Rom@in\AppData\Roaming\Malwarebytes
2009-02-04 22:50:41 ----D---- C:\ProgramData\Malwarebytes
2009-02-04 22:50:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-04 22:28:10 ----A---- C:\ComboFix.txt
2009-02-04 22:18:01 ----D---- C:\ComboFix
2009-02-04 21:21:07 ----D---- C:\Windows\temp
2009-02-04 21:18:04 ----A---- C:\Windows\zip.exe
2009-02-04 21:18:04 ----A---- C:\Windows\VFIND.exe
2009-02-04 21:18:04 ----A---- C:\Windows\SWXCACLS.exe
2009-02-04 21:18:04 ----A---- C:\Windows\sed.exe
2009-02-04 21:18:04 ----A---- C:\Windows\grep.exe
2009-02-04 21:18:04 ----A---- C:\Windows\fdsv.exe
2009-02-04 21:17:55 ----D---- C:\Windows\ERDNT
2009-02-04 21:17:55 ----D---- C:\Qoobox
2009-02-04 20:46:15 ----D---- C:\Program Files\trend micro
2009-02-04 20:46:14 ----D---- C:\rsit
2009-02-04 19:04:28 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-02-04 13:34:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-02-04 13:34:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-04 13:33:01 ----D---- C:\Program Files\CCleaner
2009-02-04 13:31:54 ----D---- C:\Program Files\Lavasoft
2009-02-04 13:31:53 ----D---- C:\ProgramData\Lavasoft
2009-02-04 03:36:21 ----D---- C:\ProgramData\Windows Genuine Advantage
2009-02-04 02:38:39 ----D---- C:\kav
2009-02-04 02:17:42 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-03 22:06:48 ----A---- C:\Windows\EBP_ComptesBancaires_2008_0_0_51.exe
2009-02-03 21:59:37 ----A---- C:\Windows\system32\MSVCP50.DLL
2009-02-03 21:58:11 ----D---- C:\Program Files\Common Files\Nero
2009-02-03 21:58:10 ----D---- C:\Users\Rom@in\AppData\Roaming\Nero
2009-02-03 21:58:02 ----D---- C:\ProgramData\Nero
2009-02-03 21:50:23 ----D---- C:\Windows\Nero Lite 9.2.6
2009-02-03 21:50:20 ----D---- C:\Program Files\Nero

======List of files/folders modified in the last 1 months======

2009-03-02 14:13:49 ----D---- C:\Windows\Prefetch
2009-03-02 14:09:13 ----D---- C:\Program Files\Common Files\BitDefender
2009-03-02 14:03:57 ----D---- C:\Program Files\Mozilla Firefox
2009-03-02 13:49:21 ----D---- C:\Windows
2009-03-02 13:48:20 ----D---- C:\ProgramData\Kaspersky Lab
2009-03-02 13:46:33 ----D---- C:\Program Files\ATK Hotkey
2009-03-02 13:46:33 ----AD---- C:\Windows\System32
2009-03-02 13:46:33 ----A---- C:\Windows\system32\Ati2evxx.exe
2009-03-02 13:46:32 ----A---- C:\Windows\system32\audiodg.exe
2009-03-02 13:43:27 ----RD---- C:\Program Files
2009-03-02 13:43:27 ----D---- C:\Program Files\Internet Explorer
2009-03-02 13:20:44 ----D---- C:\Windows\system32\drivers
2009-03-02 03:00:55 ----SHD---- C:\System Volume Information
2009-03-01 23:59:14 ----D---- C:\Program Files\Steam
2009-02-28 13:16:11 ----D---- C:\Windows\inf
2009-02-28 13:16:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-27 08:36:32 ----D---- C:\Windows\system32\catroot2
2009-02-22 16:08:47 ----D---- C:\Users\Rom@in\AppData\Roaming\dvdcss
2009-02-20 16:37:31 ----A---- C:\Windows\system32\TapiUnattend.exe
2009-02-20 16:36:41 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-02-20 16:34:29 ----D---- C:\Program Files\JkDefrag
2009-02-20 15:46:04 ----A---- C:\Windows\system32\SystemPropertiesProtection.exe
2009-02-20 15:42:42 ----A---- C:\Windows\system32\unattendedjoin.exe
2009-02-20 15:28:02 ----A---- C:\Windows\system32\winrshost.exe
2009-02-20 15:26:40 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-02-20 14:32:18 ----D---- C:\Windows\system32\config
2009-02-20 14:32:10 ----D---- C:\Windows\Tasks
2009-02-20 14:32:10 ----D---- C:\Windows\system32\spool
2009-02-20 14:32:10 ----D---- C:\Windows\system32\Msdtc
2009-02-20 14:32:08 ----D---- C:\Windows\system32\wbem
2009-02-20 14:32:08 ----D---- C:\Windows\registration
2009-02-20 01:59:30 ----D---- C:\Windows\Minidump
2009-02-20 01:40:57 ----A---- C:\Windows\system32\spoolsv.exe
2009-02-20 01:40:57 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-02-19 12:44:08 ----D---- C:\Users\Rom@in\AppData\Roaming\LimeWire
2009-02-16 16:52:12 ----A---- C:\Windows\system32\taskeng.exe
2009-02-16 15:59:14 ----SHD---- C:\boot
2009-02-16 02:18:45 ----A---- C:\Windows\system32\SystemPropertiesAdvanced.exe
2009-02-16 02:18:22 ----A---- C:\Windows\system32\RunLegacyCPLElevated.exe
2009-02-16 02:18:12 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-02-16 02:17:19 ----A---- C:\Windows\system32\icsunattend.exe
2009-02-15 22:57:47 ----HD---- C:\ProgramData
2009-02-14 00:47:53 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-02-14 00:40:12 ----D---- C:\Windows\ehome
2009-02-11 19:02:19 ----D---- C:\Windows\winsxs
2009-02-11 19:01:51 ----D---- C:\Windows\system32\catroot
2009-02-11 19:00:40 ----D---- C:\Windows\twain_32
2009-02-11 18:49:20 ----D---- C:\Windows\Debug
2009-02-11 16:32:45 ----D---- C:\Program Files\Windows Mail
2009-02-11 12:22:30 ----A---- C:\Windows\system32\MuiUnattend.exe
2009-02-11 12:22:29 ----A---- C:\Windows\system32\SystemPropertiesPerformance.exe
2009-02-11 12:22:29 ----A---- C:\Windows\system32\systeminfo.exe
2009-02-11 12:22:28 ----A---- C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe
2009-02-11 12:22:28 ----A---- C:\Windows\system32\sbunattend.exe
2009-02-11 12:22:26 ----A---- C:\Windows\system32\rdrleakdiag.exe
2009-02-11 12:22:26 ----A---- C:\Windows\system32\DeviceEject.exe
2009-02-11 12:22:26 ----A---- C:\Windows\fveupdate.exe
2009-02-11 12:22:25 ----A---- C:\Windows\system32\openfiles.exe
2009-02-11 12:22:25 ----A---- C:\Windows\system32\bitsadmin.exe
2009-02-11 12:22:24 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-02-11 12:22:24 ----A---- C:\Windows\system32\bthudtask.exe
2009-02-11 11:17:35 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-02-10 21:04:17 ----SD---- C:\Users\Rom@in\AppData\Roaming\Microsoft
2009-02-10 13:13:17 ----D---- C:\Program Files\WinRAR
2009-02-10 11:13:05 ----D---- C:\Program Files\Activision 2
2009-02-08 21:16:09 ----SHD---- C:\Windows\oem
2009-02-08 11:33:21 ----D---- C:\Program Files\Activision
2009-02-06 14:00:22 ----D---- C:\Windows\system32\fr-FR
2009-02-06 14:00:22 ----D---- C:\Windows\system32\en-US
2009-02-06 08:57:36 ----D---- C:\Program Files\Common Files\Steam
2009-02-05 01:58:42 ----D---- C:\Windows\system32\Tasks
2009-02-04 22:24:17 ----A---- C:\Windows\system.ini
2009-02-04 22:21:39 ----D---- C:\Windows\AppPatch
2009-02-04 22:21:39 ----D---- C:\Program Files\Common Files
2009-02-04 21:54:21 ----D---- C:\Program Files\Total Video Converter
2009-02-04 21:53:32 ----D---- C:\Program Files\Screamer Radio
2009-02-04 20:27:43 ----D---- C:\Windows\system32\URTTEMP
2009-02-04 20:27:37 ----D---- C:\Windows\Speeditup Free
2009-02-04 20:27:29 ----D---- C:\Windows\BisonCam
2009-02-04 20:27:19 ----D---- C:\Program Files\QuickTime
2009-02-04 20:27:17 ----D---- C:\Program Files\Opera
2009-02-04 20:09:19 ----D---- C:\Program Files\IviCam
2009-02-04 20:09:17 ----D---- C:\Program Files\HDReg
2009-02-04 20:09:01 ----D---- C:\Program Files\Almacom
2009-02-04 18:57:34 ----D---- C:\Program Files\Windows Media Player
2009-02-04 18:39:18 ----SHD---- C:\Windows\Installer
2009-02-04 18:36:08 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-04 17:17:39 ----D---- C:\Windows\system32\WDI
2009-02-04 15:25:15 ----D---- C:\Program Files\Kaspersky Lab
2009-02-04 14:33:55 ----D---- C:\Program Files\DAEMON Tools
2009-02-04 02:37:04 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-02-04 02:14:38 ----RD---- C:\Users
2009-02-04 00:21:12 ----A---- C:\Windows\system32\mrt.exe
2009-02-03 23:05:00 ----SHD---- C:\$Recycle.Bin
2009-02-03 23:00:36 ----A---- C:\Windows\system32\75bda9d8-.txt
2009-02-03 21:59:58 ----RSD---- C:\Windows\Fonts
2009-02-03 21:59:36 ----D---- C:\Program Files\Common Files\Adobe
2009-02-03 21:59:36 ----D---- C:\Program Files\Adobe
2009-02-03 20:59:33 ----D---- C:\Program Files\LimeWire
2009-02-03 19:49:48 ----D---- C:\ProgramData\2DBoy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-11-03 112144]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-02-04 224272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-11-05 670208]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-25 2609152]
R3 Cam5603D;USB2.0 350K WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-28 847536]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-23 50176]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
S3 acprwbie;acprwbie; C:\Windows\system32\drivers\acprwbie.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-11-05 25280]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2009-03-02 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-03-02 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2009-03-02 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-06 316664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-02-04 355584]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

-----------------EOF-----------------

   
Répondre à psy
28 réponses 12 Suivant
Posez votre question Répondre
Collection CommentÇaMarche.net