Salut,

---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac

--> Télécharge FindyKill (par Chiquitine29) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l'installation avec les paramètres par defaut

--> Double-clique sur le raccourci FindyKill sur ton bureau (Clique droit sur le raccourci puis Exécuter en tant qu'administrateur pour Vista)

--> Au menu principal, choisis l'option 1 (Recherche)

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Voici le rapport de findykill

----------------- FindyKill V3.095 ------------------

* User : Aristide - PC-DE-ARISTIDE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 02/10/08 par Chiquitine29
* Recherche effectuée à 13:50:20 le 03/10/2008
* Windows Vista - Internet Explorer 7.0.6000.16711

((((((((((((((((( *** Recherche *** ))))))))))))))))))


»»»» Presence des fichiers dans C:

Présent ! - "C:\Muestras"
Présent ! - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch

Present ! - C:\Windows\Prefetch\DR.CARBON_KEYGEN.EXE-B80DAE8A.pf

»»»» Presence des fichiers dans C:\Windows\system32

Présent ! - C:\Windows\system32\mdelk.exe
Présent ! - C:\Windows\system32\wintems.exe
Présent ! - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\drivers

Présent ! - C:\Windows\system32\drivers\srosa.sys
Présent ! - C:\Windows\system32\drivers\hldrrr.exe
Présent ! - "C:\Windows\system32\drivers\downld"
Present ! - C:\Windows\system32\drivers\downld\1605890.exe
Present ! - C:\Windows\system32\drivers\downld\1649890.exe
Present ! - C:\Windows\system32\drivers\downld\1614031.exe
Present ! - C:\Windows\system32\drivers\downld\1633781.exe
Present ! - C:\Windows\system32\drivers\downld\173781.exe
Present ! - C:\Windows\system32\drivers\downld\508531.exe
Present ! - C:\Windows\system32\drivers\downld\1630453.exe
Present ! - C:\Windows\system32\drivers\downld\260703.exe
Present ! - C:\Windows\system32\drivers\downld\801593.exe
Present ! - C:\Windows\system32\drivers\downld\851843.exe
Present ! - C:\Windows\system32\drivers\downld\2023984.exe
Present ! - C:\Windows\system32\drivers\downld\313484.exe
Present ! - C:\Windows\system32\drivers\downld\2070515.exe
Present ! - C:\Windows\system32\drivers\downld\672546.exe
Present ! - C:\Windows\system32\drivers\downld\1684328.exe
Present ! - C:\Windows\system32\drivers\downld\1697968.exe
Present ! - C:\Windows\system32\drivers\downld\305218.exe
Present ! - C:\Windows\system32\drivers\downld\407718.exe
Present ! - C:\Windows\system32\drivers\downld\536359.exe

»»»» Presence des fichiers dans C:\Users\Aristide\AppData\Roaming

Présent ! - "C:\Users\Aristide\AppData\Roaming\m\flec006.exe"
Présent ! - "C:\Users\Aristide\AppData\Roaming\m\shared"
Présent ! - "C:\Users\Aristide\AppData\Roaming\m"

»»»» Presence des fichiers dans C:\Users\Aristide\AppData\Local\Temp


»»»» Registre :


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
(par d‚faut) REG_SZ
Windows Defender REG_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
WinampAgent REG_SZ "D:\Winamp 5 53\Winamp\winampa.exe"
UnlockerAssistant REG_SZ "D:\Unlocker 1 8 7\Unlocker\UnlockerAssistant.exe"
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
SearchSettings REG_SZ C:\Program Files\Search Settings\SearchSettings.exe
QuickTime Task REG_SZ "D:\QuickTime\QTTask.exe" -atboottime
PWRISOVM.EXE REG_SZ D:\PowerISO\PWRISOVM.EXE
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Kernel and Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
Adobe_ID0EYTHM REG_SZ C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
uTorrent REG_SZ "D:\UTorrent 1 8\uTorrent.exe"
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
Yahoo! Pager REG_SZ "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
ares destiny REG_SZ "D:\Ares Destiny\Ares.exe" -h
BitComet REG_SZ "D:\Bitcomet\BitComet.exe" /tray
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
eMuleAutoStart REG_SZ D:\Emule\emule.exe -AutoStart

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

Présent ! - HKEY_USERS\S-1-5-21-1130438823-3524183207-3403761355-1000\Software\Local AppWizard-Generated Applications\As Simple As Photoshop 6.1 [Patch]
Présent ! - HKEY_USERS\S-1-5-21-1130438823-3524183207-3403761355-1000\Software\Local AppWizard-Generated Applications\hldrrr
Présent ! - HKEY_USERS\S-1-5-21-1130438823-3524183207-3403761355-1000\Software\bisoft
Présent ! - HKEY_USERS\S-1-5-21-1130438823-3524183207-3403761355-1000\Software\FirtR
Présent ! - HKEY_USERS\S-1-5-21-1130438823-3524183207-3403761355-1000\Software\MuleAppData
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\As Simple As Photoshop 6.1 [Patch]
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\hldrrr
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_CURRENT_USER\Software\bisoft
Présent ! - HKEY_CURRENT_USER\Software\FirtR
Présent ! - HKEY_CURRENT_USER\Software\MuleAppData


»»»» Presence d infections dans Support amovible :


Présent ! - O:\autorun.inf
Présent ! - U:\autorun.inf
Présent ! - U:\nideiect.com
Présent ! - U:\ntde1ect.com


----------------- ! Fin du rapport ! ------------------

--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir

--> Double-clique sur le raccourci FindyKill sur ton bureau (Clique droit sur le raccourci puis Exécuter en tant qu'administrateur pour Vista)

--> Au menu principal, choisis l'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Voici le rapport après suppression



----------------- FindyKill V3.O85 ------------------

* User : Aristide - PC-DE-ARISTIDE
* Emplacement : C:\Program Files\FindyKill\FindyKill.cmd
* Outils Mis a jours le 02/10/08 par Chiquitine29
* Suppression effectuée à 14:08:39 le 03/10/2008
* Windows Vista - Internet Explorer 7.0.6000.16711


((((((((((((((( *** Suppression *** ))))))))))))))))))



»»»» Suppression des fichiers dans C:

Supprimé ! - "C:\Muestras"
Supprimé ! - C:\InfoSat.txt

»»»» Suppression des fichiers dans C:\Windows


»»»» Suppression des fichiers dans C:\Windows\Prefetch

Supprimé ! - C:\Windows\Prefetch\EMULE0.49B-INSTALLER1.EXE-9C000016.pf
Supprimé ! - C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf
Supprimé ! - C:\Windows\Prefetch\RUNDLL32.EXE-1758FC22.pf
Supprimé ! - C:\Windows\Prefetch\RUNDLL32.EXE-34B17D2A.pf
Supprimé ! - C:\Windows\Prefetch\RUNDLL32.EXE-41E85287.pf
Supprimé ! - C:\Windows\Prefetch\RUNDLL32.EXE-7768279B.pf
Supprimé ! - C:\Windows\Prefetch\RUNDLL32.EXE-8E7EF094.pf
Supprimé ! - C:\Windows\Prefetch\TVS05.EXE-8D12A0A4.pf
Supprimé ! - C:\Windows\Prefetch\TMMDW8.EXE-AFDBAB87.pf
Supprimé ! - C:\Windows\Prefetch\DR.CARBON_KEYGEN.EXE-B80DAE8A.pf

»»»» Suppression des fichiers dans C:\Windows\system32

Supprimé ! - C:\Windows\system32\mdelk.exe

»»»» Suppression des fichiers dans C:\Windows\system32\drivers

Supprimé ! - C:\Windows\system32\drivers\downld\1605890.exe
Supprimé ! - C:\Windows\system32\drivers\downld\1614031.exe
Supprimé ! - C:\Windows\system32\drivers\downld\1630453.exe
Supprimé ! - C:\Windows\system32\drivers\downld\1633781.exe
Supprimé ! - C:\Windows\system32\drivers\downld\1649890.exe
Supprimé ! - C:\Windows\system32\drivers\downld\1684328.exe
Supprimé ! - C:\Windows\system32\drivers\downld\1697968.exe
Supprimé ! - C:\Windows\system32\drivers\downld\173781.exe
Supprimé ! - C:\Windows\system32\drivers\downld\2023984.exe
Supprimé ! - C:\Windows\system32\drivers\downld\2070515.exe
Supprimé ! - C:\Windows\system32\drivers\downld\260703.exe
Supprimé ! - C:\Windows\system32\drivers\downld\305218.exe
Supprimé ! - C:\Windows\system32\drivers\downld\313484.exe
Supprimé ! - C:\Windows\system32\drivers\downld\407718.exe
Supprimé ! - C:\Windows\system32\drivers\downld\508531.exe
Supprimé ! - C:\Windows\system32\drivers\downld\536359.exe
Supprimé ! - C:\Windows\system32\drivers\downld\672546.exe
Supprimé ! - C:\Windows\system32\drivers\downld\801593.exe
Supprimé ! - C:\Windows\system32\drivers\downld\851843.exe
Supprimé ! - "C:\Windows\system32\drivers\downld"

»»»» Suppression des fichiers dans C:\Users\Aristide\AppData\Roaming


»»»» Suppression des fichiers dans C:\Users\Aristide\AppData\Local\Temp


»»»» Suppression des clefs du registre..

Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Supprimé ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Supprimé ! - HKEY_USERS\S-1-5-21-1130438823-3524183207-3403761355-1000\Software\Local AppWizard-Generated Applications\As Simple As Photoshop 6.1 [Patch]
Supprimé ! - HKEY_USERS\S-1-5-21-1130438823-3524183207-3403761355-1000\Software\Local AppWizard-Generated Applications\hldrrr
Supprimé ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\As Simple As Photoshop 6.1 [Patch]
Supprimé ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\hldrrr

»»»» Suppression des clefs du registre effectuée !


»»»» Mode sans echec restauré !

»»»» Affichage des fichiers cachés réparé !


»»»» Services de securité Windows redemarré !


»»»» Suppression des fichiers dans Support amovible :

Echec de la supression !! - O:\autorun.inf
Supprimé ! - U:\autorun.inf
Supprimé ! - U:\nideiect.com
Supprimé ! - U:\ntde1ect.com

»»»» Necessite une interpretation :

Suspect ! - C:\Windows\System32\mrt.exe

»»»» Recherche Cracks Keygen... :

C:\Users\Aristide\AppData\Roaming\uTorrent\Crack for VisualStudio2008.7z.torrent
C:\Users\Aristide\AppData\Roaming\uTorrent\Internet Download Manager 5.12 + crack + spolszczenie + toolbar.rar.torrent
C:\Users\Aristide\AppData\Roaming\uTorrent\RapidShare_Download_Direct pro + crack.rar.torrent
C:\Users\Aristide\Desktop\Nouveau dossier\dr.carbon_Keygen.exe


---------------- ! Fin du rapport ! ------------------

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

Voici le rapport combofix mais je precise que le probleme persiste
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe



ComboFix 08-10-02.04 - Aristide 2008-10-03 15:07:07.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1978 [GMT 0:00]
Lancé depuis: C:\Users\Aristide\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\msimg32.dll
C:\Windows\system32\f3PSSavr.scr
C:\Windows\system32\Memman.vxd
C:\Windows\system32\skinboxer43.dll
C:\Windows\system32\vcmgcd32.dl_
C:\Windows\system32\vcmgcd32.dll
E:\InfoSat.txt
U:\RECYCLER\RECYCLER.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-10-03 14:40 . 2008-06-01 14:36 397,824 --a------ C:\Windows\System32\Sexy Girls.scr
2008-10-03 14:40 . 2008-06-01 14:36 397,824 --a------ C:\Users\Aristide\AppData\Roaming\sv­chost.exe
2008-10-03 13:50 . 2008-10-03 14:10 <REP> d-------- C:\Program Files\FindyKill
2008-10-03 13:49 . 2008-10-03 13:50 <REP> d-------- C:\Program Files\Java
2008-10-02 22:32 . 2008-10-03 01:23 237,259,896 --a------ C:\Windows\MEMORY.DMP
2008-10-02 22:25 . 2008-10-02 22:25 <REP> d--hs---- C:\Windows\ftpcache
2008-10-01 10:16 . 2008-10-01 10:20 <REP> d-------- C:\Users\Aristide\AppData\Roaming\IDM
2008-09-25 17:00 . 2008-09-25 17:50 96,976 --a------ C:\Windows\System32\drivers\klin.dat
2008-09-25 17:00 . 2008-09-25 17:00 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-09-25 16:59 . 2008-09-25 16:59 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-09-25 16:59 . 2008-10-03 01:14 7,852,576 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-09-25 16:59 . 2008-10-03 01:14 729,120 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-09-25 16:59 . 2008-10-03 01:14 75,004 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-09-25 16:59 . 2008-10-03 01:14 10,908 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-09-25 16:46 . 2008-09-25 16:46 <REP> d-------- C:\Users\All Users\NortonInstaller
2008-09-25 16:46 . 2008-09-25 16:46 <REP> d-------- C:\PROGRA~2\NortonInstaller
2008-09-25 12:19 . 2008-09-25 12:20 169 --a------ C:\Windows\adidsl.ini
2008-09-25 12:19 . 2008-09-25 12:19 21 --a------ C:\Windows\Fast800.ini
2008-09-25 12:18 . 2008-09-25 12:18 <REP> d-------- C:\Program Files\SAGEM
2008-09-25 11:39 . 2007-03-21 20:39 1,060,864 --a------ C:\Windows\System32\MFC71.DLL
2008-09-25 11:39 . 2007-03-21 20:33 503,808 --a------ C:\Windows\System32\MSVCP71.DLL
2008-09-25 11:39 . 2007-03-21 20:33 348,160 --a------ C:\Windows\System32\MSVCR71.DLL
2008-09-23 18:43 . 2008-09-23 18:43 <REP> dr-h----- C:\Users\Aristide\AppData\Roaming\SecuROM
2008-09-20 22:50 . 2008-09-27 00:43 488 --a------ C:\Windows\System32\%LocalXml%
2008-09-17 10:06 . 2008-10-03 12:44 2,748 --a------ C:\Windows\System32\tmp.reg
2008-09-15 19:38 . 2008-09-26 14:19 <REP> d-------- C:\Users\Aristide\AppData\Roaming\dvdcss
2008-09-14 21:33 . 2008-09-14 21:33 <REP> d-------- C:\Users\Aristide\AppData\Roaming\oovooToolbar
2008-09-14 21:33 . 2008-09-14 21:37 <REP> d-------- C:\Users\Aristide\AppData\Roaming\ooVoo Details
2008-09-14 21:33 . 2008-09-14 21:33 <REP> d-------- C:\Program Files\oovooToolbar
2008-09-13 18:24 . 2008-09-13 18:24 <REP> d-------- C:\Users\All Users\Winamp Toolbar
2008-09-13 18:24 . 2008-09-14 20:58 <REP> d-------- C:\Users\All Users\OrbNetworks
2008-09-13 18:24 . 2008-09-13 18:24 <REP> d-------- C:\Program Files\Winamp Toolbar
2008-09-13 18:24 . 2008-09-13 18:24 <REP> d-------- C:\PROGRA~2\Winamp Toolbar
2008-09-13 18:24 . 2008-09-14 20:58 <REP> d-------- C:\PROGRA~2\OrbNetworks
2008-09-13 18:23 . 2008-09-29 14:40 <REP> d-------- C:\Program Files\Winamp Remote
2008-09-13 09:46 . 2008-09-13 09:46 <REP> d-------- C:\Users\All Users\TuneUp Software
2008-09-13 09:46 . 2008-09-13 09:46 <REP> d-------- C:\PROGRA~2\TuneUp Software
2008-09-13 09:46 . 2008-09-13 09:46 307,968 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-09-13 09:46 . 2008-02-27 13:15 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-09-13 09:46 . 2008-02-27 13:15 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-09-12 22:23 . 2008-07-28 17:19 116,736 --a------ C:\Windows\System32\drivers\mcdbus.sys
2008-09-11 18:46 . 2008-09-11 18:46 <REP> d-------- C:\Users\All Users\McAfee
2008-09-11 18:46 . 2008-09-11 18:46 <REP> d-------- C:\PROGRA~2\McAfee
2008-09-09 18:08 . 2008-09-09 18:09 <REP> d-a------ C:\Users\All Users\TEMP
2008-09-09 18:08 . 2008-09-09 18:09 <REP> d-a------ C:\PROGRA~2\TEMP
2008-09-09 18:04 . 2008-09-09 18:05 <REP> d--h----- C:\Users\All Users\{56759C22-EA1E-4BE5-A903-72F67D450F43}
2008-09-09 18:04 . 2008-09-09 18:05 <REP> d--h----- C:\PROGRA~2\{56759C22-EA1E-4BE5-A903-72F67D450F43}
2008-09-09 09:07 . 2008-09-09 09:07 <REP> d-------- C:\Users\Aristide\AppData\Roaming\TotalTrain
2008-09-06 14:44 . 2008-10-02 23:13 69 --a------ C:\Windows\NeroDigital.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 15:15 --------- d-----w C:\Users\Aristide\AppData\Roaming\uTorrent
2008-10-03 15:04 --------- d-----w C:\Users\Aristide\AppData\Roaming\TeraCopy
2008-10-02 22:48 --------- d-----w C:\PROGRA~2\Kaspersky Lab
2008-10-02 20:28 --------- d-----w C:\PROGRA~2\eMule
2008-10-02 15:30 --------- d-----w C:\Users\Aristide\AppData\Roaming\DMCache
2008-10-01 10:32 --------- d-----w C:\Users\Aristide\AppData\Roaming\Winamp
2008-10-01 10:32 --------- d-----w C:\PROGRA~2\FLEXnet
2008-09-25 16:53 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-09-25 12:19 32 ----a-w C:\Windows\system32\drivers\adidsl.cfg
2008-09-25 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 00:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-19 23:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-19 23:51 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-09-19 14:46 --------- d-----w C:\Users\Aristide\AppData\Roaming\Ahead
2008-09-19 00:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-09-03 01:53 258,048 ----a-w C:\Windows\System32\TubeFinder.exe
2008-09-01 23:27 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-09-01 23:27 --------- d-----w C:\Program Files\Realtek
2008-09-01 22:45 319,488 ----a-w C:\Windows\HideWin.exe
2008-09-01 16:19 --------- d-----w C:\Users\Aristide\AppData\Roaming\Ubisoft
2008-08-31 20:57 --------- d-----w C:\Program Files\Search Settings
2008-08-30 05:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-29 23:43 --------- d-----w C:\Program Files\Business Objects
2008-08-29 23:42 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-08-29 23:40 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-08-29 23:40 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-29 23:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-29 23:31 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-08-29 23:31 --------- d-----w C:\PROGRA~2\PreEmptive Solutions
2008-08-29 23:29 --------- d-----w C:\Program Files\HTML Help Workshop
2008-08-29 23:28 --------- d-----w C:\Program Files\MSBuild
2008-08-29 23:26 --------- d-----w C:\Program Files\Microsoft SDKs
2008-08-29 23:26 --------- d-----w C:\Program Files\CE Remote Tools
2008-08-29 23:25 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-08-27 17:09 --------- d-----w C:\Users\Aristide\AppData\Roaming\Orbit
2008-08-27 16:53 --------- d-----w C:\Users\Aristide\AppData\Roaming\GrabPro
2008-08-27 01:25 --------- d-----w C:\PROGRA~2\ConeXware
2008-08-25 16:09 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-08-25 16:07 --------- d-----w C:\PROGRA~2\ALM
2008-08-25 16:01 --------- d-----w C:\Program Files\QuickTime
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Mail
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Journal
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Defender
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Calendar
2008-08-17 19:51 --------- d-----w C:\Program Files\uTorrent
2008-08-17 16:06 --------- d-----w C:\PROGRA~2\Lavasoft
2008-08-09 23:23 --------- d-----w C:\Program Files\Bonjour
2008-08-09 12:48 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-08-09 12:48 --------- d-----w C:\Program Files\MSECACHE
2008-08-07 22:04 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-07 22:04 --------- d-----w C:\Program Files\Common Files\Real
2008-08-07 22:03 --------- d-----w C:\Program Files\Real
2008-08-05 23:52 --------- d-----w C:\PROGRA~2\Adobe Systems
2008-08-05 23:51 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-04 00:20 --------- d-----w C:\Users\Aristide\AppData\Roaming\MozillaControl
2008-07-31 10:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 10:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 10:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-29 20:21 218,376 ----a-w C:\Windows\System32\klogon.dll
2008-07-16 09:30 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-07-15 09:11 174 --sha-w C:\Program Files\desktop.ini
2008-07-15 09:07 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-07-15 09:07 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-07-15 09:07 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-07-15 09:07 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-07-15 09:07 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-07-15 09:07 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-07-15 09:07 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-07-15 09:07 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-07-15 09:07 2,923,520 ----a-w C:\Windows\explorer.exe
2008-07-15 09:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-07-15 09:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-07-15 09:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-07-15 09:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-07-14 06:47 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-07-14 06:47 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-07-14 06:47 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-07-14 06:47 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-07-14 06:47 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-07-14 06:47 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-07-14 06:47 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-07-14 06:46 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-07-14 06:46 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-14 06:46 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-07-14 06:45 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-07-14 06:43 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-13 09:22 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-07-13 09:22 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-07-13 09:22 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-07-13 09:22 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-07-13 09:20 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-07-13 09:20 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-07-13 09:20 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-07-13 09:20 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-07-13 09:20 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-07-13 09:20 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-07-13 09:20 16,896 ----a-w C:\Windows\System32\wfapigp.dll
.

------- Sigcheck -------

2008-09-19 00:54 803328 82c4070707d100febc3d25cf00b77a4c C:\Windows\System32\drivers\tcpip.sys
2006-11-02 08:58 802816 d944522b048a5feb7700b5170d3d9423 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
2008-09-19 00:54 803328 82c4070707d100febc3d25cf00b77a4c C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
2008-07-13 08:18 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "C:\Program Files\isoHunt\tbisoH.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
2008-07-29 19:56 1987544 --a------ C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2008-07-10 14:04 1600024 --a------ C:\Program Files\isoHunt\tbisoH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "C:\Program Files\isoHunt\tbisoH.dll" [2008-07-10 1600024]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL" [2008-07-29 1987544]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "C:\Program Files\isoHunt\tbisoH.dll" [2008-07-10 1600024]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL" [2008-07-29 1987544]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOT\oovooToolbar.OOVOOTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="D:\UTorrent 1 8\uTorrent.exe" [2008-08-16 267056]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2006-06-08 872448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Yahoo! Pager"="D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-11-06 3810544]
"ares destiny"="D:\Ares Destiny\Ares.exe" [2007-08-27 2993664]
"BitComet"="D:\Bitcomet\BitComet.exe" [2008-08-22 2567992]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"eMuleAutoStart"="D:\Emule\emule.exe" [2008-08-01 5500928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="D:\Winamp 5 53\Winamp\winampa.exe" [2008-08-03 56832]
"UnlockerAssistant"="D:\Unlocker 1 8 7\Unlocker\UnlockerAssistant.exe" [2008-05-02 36352]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-07 185896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 110592]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"QuickTime Task"="D:\QuickTime\QTTask.exe" [2007-12-11 307200]
"PWRISOVM.EXE"="D:\PowerISO\PWRISOVM.EXE" [2008-07-07 188416]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1904640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]

C:\Users\Aristide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [2008-09-12 575488]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Synchronizer.lnk - D:\Adobe Creative Suite 3\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Lancement rapide d'Adobe Acrobat.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-08-11 295606]
Logitech SetPoint.lnk - D:\Logitech 4 60\SetPoint\SetPoint.exe [2008-07-09 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1130438823-3524183207-3403761355-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{33A14AF4-8DE1-4DC3-AA8E-73F39A116B22}"= TCP:6004|D:\MS Office 2007\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{8B2DF36A-4600-4610-9801-6B27EEE466B2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8F6C3A10-4A70-401E-AF77-A40D08046C7B}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{C7F2893F-D769-45A3-8E85-9CC81D34B101}"= UDP:D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1BAE97F6-6AA6-46DA-A209-91CCC4D89AB9}"= TCP:D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EFB77742-E44F-4E00-BB9E-63693E353F05}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{DE9938C4-CE1C-4A5B-B4C9-AAB504BC1AFD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{05E8C7CF-519A-4645-BA3B-FC00B679E1FA}"= UDP:C:1\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2D5186E1-05DB-4934-AEF1-627340BFABB6}"= TCP:C:1\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D84A2C5F-96C8-4F7F-9880-DE0A4156004A}"= UDP:C:1\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{AC003FBE-8AEB-40F8-8DBE-48A9B23822F0}"= TCP:C:1\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{435A5D7A-C127-4606-BDD6-AADF91DD49EA}"= UDP:C:1\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{90103605-6895-4148-9240-52CA89DCA768}"= TCP:C:1\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{D502EFDC-20C2-4A33-9BB4-C3F02A4EBA08}"= UDP:D:\UTorrent 1 8\uTorrent.exe:µTorrent (TCP-In)
"{B46B00F3-C0E3-4F5F-AF84-FDF2DA69970F}"= TCP:D:\UTorrent 1 8\uTorrent.exe:µTorrent (UDP-In)
"{FAC18785-F011-4E20-8C11-7BDD6812CA01}"= UDP:3703:Adobe Version Cue CS3 Server
"{C50ADF18-E003-4713-BA80-51AE87B4F1CD}"= UDP:3704:Adobe Version Cue CS3 Server
"{58CF08FE-3D8C-4BAE-97FF-D09C0703F971}"= UDP:50900:Adobe Version Cue CS3 Server
"{D9734941-6BEB-4CB5-B30E-751565BD2B6F}"= UDP:50901:Adobe Version Cue CS3 Server
"{82AD7696-741F-425D-93BF-F44CA0C7C267}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{5004BE53-B8E6-40EA-9085-E576273E4B0D}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{5148B32A-3C4C-4A09-B0D1-2C05515C1428}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C20299BD-6A8E-477D-8D3A-573E6FBE5850}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F0ECBF53-89DE-4AA3-96A4-49DC28A0864E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{D6E597D7-10BF-4590-9718-6DC1B43EBD73}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3247F591-15AF-475D-8136-32324675758C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6EB47315-56CA-4871-818A-D92353F87117}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{8CF68E0E-6F84-4D84-8094-8E7DE7E1584C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{429892F2-6818-4457-A7C8-3E8A5F8323BE}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{804ADD5D-D460-4513-BF6E-8F31F84177B2}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{5F87594A-6FF6-4CE0-84CD-D91448D3E221}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{5B23FF40-88B2-48DE-8398-E6E1A303E6B7}"= UDP:443:TCP port 443 ooVoo
"{71A36C96-EEA9-4594-81D4-8197D9D90A8E}"= TCP:443:UDP port 443 ooVoo
"{3024E162-5300-423E-BBC2-66A2B364E530}"= UDP:37674:TCP port 37674 ooVoo
"{13A729A8-F2B7-40FC-9326-5EB1B03F59E3}"= TCP:37674:UDP port 37674 ooVoo
"{069FC467-1805-49FA-ABC8-389261600682}"= TCP:37675:UDP port 37675 ooVoo
"TCP Query User{8E5DE5F7-E84C-4C36-9025-B45BA65F7F50}D:\\bitcomet\\bitcomet.exe"= UDP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{2EC208F2-B6CC-4C8E-A923-B8CED862F08D}D:\\bitcomet\\bitcomet.exe"= TCP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{DF96001B-E0AF-4224-9906-ACBF202753CA}D:\\ares destiny\\ares.exe"= UDP:D:\ares destiny\ares.exe:Ares p2p for windows
"UDP Query User{FDDFFB36-0084-4541-BBE9-25EB826A371A}D:\\ares destiny\\ares.exe"= TCP:D:\ares destiny\ares.exe:Ares p2p for windows
"TCP Query User{7A129059-210F-4617-B03E-D91DE2EC0D34}C:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:C:\program files\winamp remote\bin\orbtray.exe:Orb
"UDP Query User{C6A0EC0D-FB01-40D8-B616-2F5F06AF8388}C:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:C:\program files\winamp remote\bin\orbtray.exe:Orb
"{74BC0BC5-DA62-4319-BEB1-FC3B5A63562F}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{93CE87FB-C928-4A7D-9A82-BF1B0EEEED8F}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{9001DF20-B39A-4274-A99B-38FA1051B75F}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{86B1F8A7-9D31-41AC-8EA4-661D8ADD46A1}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{66F8449D-BD0B-4500-8699-22065B359785}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{9E04FDDB-0D48-49E7-AB2F-D0D6CF4CD403}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{CE7030E7-8F4A-41E4-B210-E0FD27029B47}C:\\program files\\winamp remote\\bin\\orbir.exe"= UDP:C:\program files\winamp remote\bin\orbir.exe:OrbIR
"UDP Query User{658D05C2-CF3B-4152-8B1A-7965A6BC763C}C:\\program files\\winamp remote\\bin\\orbir.exe"= TCP:C:\program files\winamp remote\bin\orbir.exe:OrbIR
"TCP Query User{10128BE4-2B8A-48AB-A414-F1BAA8C0D91E}C:\\program files\\winamp remote\\bin\\orb.exe"= UDP:C:\program files\winamp remote\bin\orb.exe:Orb Application
"UDP Query User{2FA471A1-285E-4DA2-A96D-72D4B000611E}C:\\program files\\winamp remote\\bin\\orb.exe"= TCP:C:\program files\winamp remote\bin\orb.exe:Orb Application
"TCP Query User{07CE3D9D-DEE7-4332-996C-0381C082C848}D:\\ares destiny\\ares.exe"= UDP:D:\ares destiny\ares.exe:Ares p2p for windows
"UDP Query User{5E904CE6-E2C3-4292-99DC-E6396514E46A}D:\\ares destiny\\ares.exe"= TCP:D:\ares destiny\ares.exe:Ares p2p for windows
"TCP Query User{85E0D794-5C9C-4E61-B8B1-48D20480F1CB}D:\\utorrent 1 8\\utorrent.exe"= UDP:D:\utorrent 1 8\utorrent.exe:µTorrent
"UDP Query User{825C07D1-3B94-4E00-8578-FB9840608AD5}D:\\utorrent 1 8\\utorrent.exe"= TCP:D:\utorrent 1 8\utorrent.exe:µTorrent
"{608035D9-DD1D-45EB-BB24-1F1DD22F1F55}"= UDP:C:\Users\Aristide\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{309F3D08-4895-41C5-8522-047099195F24}"= TCP:C:\Users\Aristide\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{B9F11B52-69A6-4F03-B4C3-96D9EA1634B8}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{F5263E24-6FC4-429E-B40D-7B27C2D6379C}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"{7778CC22-D429-41BC-A46D-7127FCEB3551}"= UDP:26579:BitComet 26579 TCP
"{A6017C98-2F10-4F77-9677-734D3EA2AADE}"= TCP:26579:BitComet 26579 UDP
"{A44123C7-21DB-4F64-9CF6-9946A8E45CED}"= UDP:26579:BitComet 26579 TCP
"{3801B058-1E8C-4323-A859-DB49931583D1}"= TCP:26579:BitComet 26579 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 22016]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 3478528]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S0 OemBiosDevice;Royalty OEM BIOS Extension;C:\Windows\system32\DRIVERS\royal.sys [2007-03-02 240128]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 23152]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-09-13 307968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL P:\TAE7ESLP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1199acd7-4ddf-11dd-af06-000000000000}]
\shell\AutoRun\command - U:\mgjpcfdg.cmd
\shell\explore\Command - U:\mgjpcfdg.cmd
\shell\open\Command - U:\mgjpcfdg.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1f68a77-524d-11dd-94af-000000000000}]
\shell\Auto\command - O:\boot.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL O:\boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb543b7c-848e-11dd-91a8-fa83ac27cce4}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL O:\TMMDW8LP.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-FrameWorkService - (no file)
HKLM-Run-FrameWorkService - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Aristide\AppData\Roaming\Mozilla\Firefox\Profiles\iwne5oog.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF -: plugin - D:\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF -: plugin - D:\Firefox 3\plugins\np32dsw.dll
FF -: plugin - D:\Firefox 3\plugins\npBitCometAgent.dll
FF -: plugin - D:\Firefox 3\plugins\NPMyWebS.dll
FF -: plugin - D:\Firefox 3\plugins\npnul32.dll
FF -: plugin - D:\Firefox 3\plugins\nppdf32.dll
FF -: plugin - D:\Firefox 3\plugins\nppl3260.dll
FF -: plugin - D:\Firefox 3\plugins\npqtplugin.dll
FF -: plugin - D:\Firefox 3\plugins\npqtplugin2.dll
FF -: plugin - D:\Firefox 3\plugins\npqtplugin3.dll
FF -: plugin - D:\Firefox 3\plugins\npqtplugin4.dll
FF -: plugin - D:\Firefox 3\plugins\npqtplugin5.dll
FF -: plugin - D:\Firefox 3\plugins\npqtplugin6.dll
FF -: plugin - D:\Firefox 3\plugins\npqtplugin7.dll
FF -: plugin - D:\Firefox 3\plugins\nprjplug.dll
FF -: plugin - D:\Firefox 3\plugins\nprpjplug.dll
FF -: plugin - D:\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - D:\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - D:\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - D:\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - D:\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - D:\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - D:\QuickTime\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 15:13:58
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\WerFault.exe
D:\Adobe Creative Suite 3\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
D:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-10-03 15:17:02 - machine was rebooted [Aristide]
ComboFix-quarantined-files.txt 2008-10-03 15:16:50

Avant-CF: 10ÿ799ÿ124ÿ480 octets libres
Post-Run: 10,264,662,016 octets libres

430 --- E O F --- 2008-08-30 05:25:49

Je vais te faire un script mais tu peux déjà réinstaller les applications infectées comme Kaspersky.

/!\ Seul tertilus peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

File::
C:\Windows\System32\Sexy Girls.scr
C:\Users\Aristide\AppData\Roaming\svchost.exe
C:\Windows\System32\tmp.reg
O:\TMMDW8LP.exe
P:\TAE7ESLP.exe
U:\mgjpcfdg.cmd
O:\boot.exe

Folder::
C:\Program Files\FindyKill
C:\Program Files\Search Settings

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
"TkBellExe"=-
"QuickTime Task"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1199acd7-4ddf-11dd-af06-000000000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1f68a77-524d-11dd-94af-000000000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb543b7c-848e-11dd-91a8-fa83ac27cce4}]






---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/...

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt

Salut JO

je plusoie et rajoute:

Supprimé ! - HKEY_USERS\S-1-5-21-1130438823-3524183207-3403761355-1000\So­ftware\Local AppWizard-Generated Applications\As Simple As Photoshop 6.1 [Patch]


dans la plupart des cas le cracks,keygen, serial present sur cette clé est le responsable de l infection

@+ A découvrir : Estopa, Rosario Flores, La Oreja De Van Gogh
                   Bonne écoute 
                   @ + T' Chiki.

;-))

Merci Chiquitine.

(00)
_llll_   

Je suis entièrement d'accord avec mes deux collègues.

-;)

On te vois plus, que pasa ?

@+ A découvrir : Estopa, Rosario Flores, La Oreja De Van Gogh
                   Bonne écoute 
                   @ + T' Chiki.

Mp (00)
_llll_   

Lu A découvrir : Estopa, Rosario Flores, La Oreja De Van Gogh
                   Bonne écoute 
                   @ + T' Chiki.

Avant meme d'executer le script j'avais pu initialiser kaspersky. J'arrive à executer les prg et meme que j'arrive à effectuer un scan à partir du bareau avec hijackthis. Voilà le rapport après l'execution du script

ComboFix 08-10-02.04 - Aristide 2008-10-03 19:43:34.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.2167 [GMT 0:00]
Lancé depuis: C:\Users\Aristide\Desktop\ComboFix.exe
Commutateurs utilisés :: C:\Users\Aristide\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\Users\Aristide\AppData\Roaming\svchost.exe
C:\Windows\System32\Sexy Girls.scr
C:\Windows\System32\tmp.reg
O:\boot.exe
O:\TMMDW8LP.exe
P:\TAE7ESLP.exe
U:\mgjpcfdg.cmd
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FindyKill
C:\Program Files\FindyKill\FindyKill.cmd
C:\Program Files\FindyKill\FixReg\FixSrosa.reg
C:\Program Files\FindyKill\FixReg\Limpia
C:\Program Files\FindyKill\FixReg\Limpia.reg
C:\Program Files\FindyKill\FixReg\Mse.reg
C:\Program Files\FindyKill\FixReg\Repair.reg
C:\Program Files\FindyKill\FixReg\Wvista.reg
C:\Program Files\FindyKill\FixReg\Wxp.reg
C:\Program Files\FindyKill\Tools\Icone.ico
C:\Program Files\FindyKill\Tools\Kill.exe
C:\Program Files\FindyKill\Tools\Process.exe
C:\Program Files\FindyKill\Tools\swreg.exe
C:\Program Files\FindyKill\Uninstal.exe
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\SearchSettings.exe
C:\Users\Aristide\AppData\Roaming\svchost.exe
C:\Windows\System32\Sexy Girls.scr
C:\Windows\System32\tmp.reg
O:\TMMDW8LP.exe . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-10-03 19:48 . 2008-10-03 19:48 304 --ahs---- C:\Windows\klif.spi
2008-10-03 19:41 . 2008-10-03 19:42 <REP> d-------- C:\32788R22FWJFW
2008-10-03 13:49 . 2008-10-03 13:50 <REP> d-------- C:\Program Files\Java
2008-10-02 22:32 . 2008-10-03 01:23 237,259,896 --a------ C:\Windows\MEMORY.DMP
2008-10-02 22:25 . 2008-10-02 22:25 <REP> d--hs---- C:\Windows\ftpcache
2008-10-01 10:16 . 2008-10-01 10:20 <REP> d-------- C:\Users\Aristide\AppData\Roaming\IDM
2008-09-25 17:00 . 2008-09-25 17:50 96,976 --a------ C:\Windows\System32\drivers\klin.dat
2008-09-25 17:00 . 2008-09-25 17:00 87,855 --a------ C:\Windows\System32\drivers\klick.dat
2008-09-25 16:59 . 2008-09-25 16:59 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-09-25 16:59 . 2008-10-03 19:46 7,863,328 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-09-25 16:59 . 2008-10-03 19:46 753,696 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
2008-09-25 16:59 . 2008-10-03 19:46 75,088 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-09-25 16:59 . 2008-10-03 19:46 10,992 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
2008-09-25 16:46 . 2008-09-25 16:46 <REP> d-------- C:\Users\All Users\NortonInstaller
2008-09-25 16:46 . 2008-09-25 16:46 <REP> d-------- C:\PROGRA~2\NortonInstaller
2008-09-25 12:19 . 2008-09-25 12:20 169 --a------ C:\Windows\adidsl.ini
2008-09-25 12:19 . 2008-09-25 12:19 21 --a------ C:\Windows\Fast800.ini
2008-09-25 12:18 . 2008-09-25 12:18 <REP> d-------- C:\Program Files\SAGEM
2008-09-25 11:39 . 2007-03-21 20:39 1,060,864 --a------ C:\Windows\System32\MFC71.DLL
2008-09-25 11:39 . 2007-03-21 20:33 503,808 --a------ C:\Windows\System32\MSVCP71.DLL
2008-09-25 11:39 . 2007-03-21 20:33 348,160 --a------ C:\Windows\System32\MSVCR71.DLL
2008-09-23 18:43 . 2008-09-23 18:43 <REP> dr-h----- C:\Users\Aristide\AppData\Roaming\SecuROM
2008-09-20 22:50 . 2008-10-03 19:31 13,848 --a------ C:\Windows\System32\%LocalXml%
2008-09-15 19:38 . 2008-09-26 14:19 <REP> d-------- C:\Users\Aristide\AppData\Roaming\dvdcss
2008-09-14 21:33 . 2008-09-14 21:33 <REP> d-------- C:\Users\Aristide\AppData\Roaming\oovooToolbar
2008-09-14 21:33 . 2008-09-14 21:37 <REP> d-------- C:\Users\Aristide\AppData\Roaming\ooVoo Details
2008-09-14 21:33 . 2008-09-14 21:33 <REP> d-------- C:\Program Files\oovooToolbar
2008-09-13 18:24 . 2008-09-13 18:24 <REP> d-------- C:\Users\All Users\Winamp Toolbar
2008-09-13 18:24 . 2008-09-14 20:58 <REP> d-------- C:\Users\All Users\OrbNetworks
2008-09-13 18:24 . 2008-09-13 18:24 <REP> d-------- C:\Program Files\Winamp Toolbar
2008-09-13 18:24 . 2008-09-13 18:24 <REP> d-------- C:\PROGRA~2\Winamp Toolbar
2008-09-13 18:24 . 2008-09-14 20:58 <REP> d-------- C:\PROGRA~2\OrbNetworks
2008-09-13 18:23 . 2008-09-29 14:40 <REP> d-------- C:\Program Files\Winamp Remote
2008-09-13 09:46 . 2008-09-13 09:46 <REP> d-------- C:\Users\All Users\TuneUp Software
2008-09-13 09:46 . 2008-09-13 09:46 <REP> d-------- C:\PROGRA~2\TuneUp Software
2008-09-13 09:46 . 2008-09-13 09:46 307,968 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-09-13 09:46 . 2008-02-27 13:15 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-09-13 09:46 . 2008-02-27 13:15 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-09-12 22:23 . 2008-07-28 17:19 116,736 --a------ C:\Windows\System32\drivers\mcdbus.sys
2008-09-11 18:46 . 2008-09-11 18:46 <REP> d-------- C:\Users\All Users\McAfee
2008-09-11 18:46 . 2008-09-11 18:46 <REP> d-------- C:\PROGRA~2\McAfee
2008-09-09 18:08 . 2008-09-09 18:09 <REP> d-a------ C:\Users\All Users\TEMP
2008-09-09 18:08 . 2008-09-09 18:09 <REP> d-a------ C:\PROGRA~2\TEMP
2008-09-09 18:04 . 2008-09-09 18:05 <REP> d--h----- C:\Users\All Users\{56759C22-EA1E-4BE5-A903-72F67D450F43}
2008-09-09 18:04 . 2008-09-09 18:05 <REP> d--h----- C:\PROGRA~2\{56759C22-EA1E-4BE5-A903-72F67D450F43}
2008-09-09 09:07 . 2008-09-09 09:07 <REP> d-------- C:\Users\Aristide\AppData\Roaming\TotalTrain
2008-09-06 14:44 . 2008-10-02 23:13 69 --a------ C:\Windows\NeroDigital.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 19:48 --------- d-----w C:\PROGRA~2\Kaspersky Lab
2008-10-03 19:43 --------- d-----w C:\Users\Aristide\AppData\Roaming\uTorrent
2008-10-03 19:31 --------- d-----w C:\PROGRA~2\eMule
2008-10-03 15:04 --------- d-----w C:\Users\Aristide\AppData\Roaming\TeraCopy
2008-10-02 15:30 --------- d-----w C:\Users\Aristide\AppData\Roaming\DMCache
2008-10-01 10:32 --------- d-----w C:\Users\Aristide\AppData\Roaming\Winamp
2008-10-01 10:32 --------- d-----w C:\PROGRA~2\FLEXnet
2008-09-25 16:53 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-09-25 12:19 32 ----a-w C:\Windows\system32\drivers\adidsl.cfg
2008-09-25 12:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 00:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-19 23:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-19 23:51 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-09-19 14:46 --------- d-----w C:\Users\Aristide\AppData\Roaming\Ahead
2008-09-19 00:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-09-03 01:53 258,048 ----a-w C:\Windows\System32\TubeFinder.exe
2008-09-01 23:27 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-09-01 23:27 --------- d-----w C:\Program Files\Realtek
2008-09-01 22:45 319,488 ----a-w C:\Windows\HideWin.exe
2008-09-01 16:19 --------- d-----w C:\Users\Aristide\AppData\Roaming\Ubisoft
2008-08-30 05:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-29 23:43 --------- d-----w C:\Program Files\Business Objects
2008-08-29 23:42 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-08-29 23:40 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-08-29 23:40 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-29 23:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-29 23:31 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-08-29 23:31 --------- d-----w C:\PROGRA~2\PreEmptive Solutions
2008-08-29 23:29 --------- d-----w C:\Program Files\HTML Help Workshop
2008-08-29 23:28 --------- d-----w C:\Program Files\MSBuild
2008-08-29 23:26 --------- d-----w C:\Program Files\Microsoft SDKs
2008-08-29 23:26 --------- d-----w C:\Program Files\CE Remote Tools
2008-08-29 23:25 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-08-27 17:09 --------- d-----w C:\Users\Aristide\AppData\Roaming\Orbit
2008-08-27 16:53 --------- d-----w C:\Users\Aristide\AppData\Roaming\GrabPro
2008-08-27 01:25 --------- d-----w C:\PROGRA~2\ConeXware
2008-08-25 16:09 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-08-25 16:07 --------- d-----w C:\PROGRA~2\ALM
2008-08-25 16:01 --------- d-----w C:\Program Files\QuickTime
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Mail
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Journal
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Defender
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-25 15:07 --------- d-----w C:\Program Files\Windows Calendar
2008-08-17 19:51 --------- d-----w C:\Program Files\uTorrent
2008-08-17 16:06 --------- d-----w C:\PROGRA~2\Lavasoft
2008-08-09 23:23 --------- d-----w C:\Program Files\Bonjour
2008-08-09 12:48 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-08-09 12:48 --------- d-----w C:\Program Files\MSECACHE
2008-08-07 22:04 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-07 22:04 --------- d-----w C:\Program Files\Common Files\Real
2008-08-07 22:03 --------- d-----w C:\Program Files\Real
2008-08-05 23:52 --------- d-----w C:\PROGRA~2\Adobe Systems
2008-08-05 23:51 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-04 00:20 --------- d-----w C:\Users\Aristide\AppData\Roaming\MozillaControl
2008-07-31 10:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 10:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 10:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-29 20:21 218,376 ----a-w C:\Windows\System32\klogon.dll
2008-07-16 09:30 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-07-15 09:11 174 --sha-w C:\Program Files\desktop.ini
2008-07-15 09:07 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-07-15 09:07 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-07-15 09:07 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-07-15 09:07 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-07-15 09:07 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-07-15 09:07 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-07-15 09:07 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-07-15 09:07 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-07-15 09:07 2,923,520 ----a-w C:\Windows\explorer.exe
2008-07-15 09:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-07-15 09:05 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-07-15 09:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-07-15 09:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-07-14 06:47 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-07-14 06:47 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-07-14 06:47 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-07-14 06:47 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-07-14 06:47 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-07-14 06:47 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-07-14 06:47 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-07-14 06:46 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-07-14 06:46 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-14 06:46 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-07-14 06:45 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-07-14 06:43 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-13 09:22 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-07-13 09:22 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-07-13 09:22 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-07-13 09:22 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-07-13 09:20 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-07-13 09:20 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-07-13 09:20 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-07-13 09:20 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-07-13 09:20 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-07-13 09:20 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-07-13 09:20 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-07-13 09:20 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
.

------- Sigcheck -------

2008-09-19 00:54 803328 82c4070707d100febc3d25cf00b77a4c C:\Windows\System32\drivers\tcpip.sys
2006-11-02 08:58 802816 d944522b048a5feb7700b5170d3d9423 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
2008-09-19 00:54 803328 82c4070707d100febc3d25cf00b77a4c C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
2008-07-13 08:18 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "C:\Program Files\isoHunt\tbisoH.dll" [2008-07-10 1600024]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
2008-07-29 19:56 1987544 --a------ C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2008-07-10 14:04 1600024 --a------ C:\Program Files\isoHunt\tbisoH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "C:\Program Files\isoHunt\tbisoH.dll" [2008-07-10 1600024]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL" [2008-07-29 1987544]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "C:\Program Files\isoHunt\tbisoH.dll" [2008-07-10 1600024]
"{A057A204-BACC-4D26-8087-36EE87E26986}"= "C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL" [2008-07-29 1987544]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOT\oovooToolbar.OOVOOTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="D:\UTorrent 1 8\uTorrent.exe" [2008-08-16 267056]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-03 851968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"Yahoo! Pager"="D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-11-06 3810544]
"ares destiny"="D:\Ares Destiny\Ares.exe" [2008-10-03 2973184]
"BitComet"="D:\Bitcomet\BitComet.exe" [2008-08-22 2567992]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="D:\Winamp 5 53\Winamp\winampa.exe" [2008-10-03 36352]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-10-03 90112]
"PWRISOVM.EXE"="D:\PowerISO\PWRISOVM.EXE" [2008-10-03 167936]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-10-03 1884160]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]

C:\Users\Aristide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [2008-09-12 575488]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Synchronizer.lnk - D:\Adobe Creative Suite 3\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Lancement rapide d'Adobe Acrobat.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-08-11 295606]
Logitech SetPoint.lnk - D:\Logitech 4 60\SetPoint\SetPoint.exe [2008-07-09 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1130438823-3524183207-3403761355-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{33A14AF4-8DE1-4DC3-AA8E-73F39A116B22}"= TCP:6004|D:\MS Office 2007\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{8B2DF36A-4600-4610-9801-6B27EEE466B2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{8F6C3A10-4A70-401E-AF77-A40D08046C7B}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{C7F2893F-D769-45A3-8E85-9CC81D34B101}"= UDP:D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1BAE97F6-6AA6-46DA-A209-91CCC4D89AB9}"= TCP:D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EFB77742-E44F-4E00-BB9E-63693E353F05}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{DE9938C4-CE1C-4A5B-B4C9-AAB504BC1AFD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{05E8C7CF-519A-4645-BA3B-FC00B679E1FA}"= UDP:C:1\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2D5186E1-05DB-4934-AEF1-627340BFABB6}"= TCP:C:1\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D84A2C5F-96C8-4F7F-9880-DE0A4156004A}"= UDP:C:1\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{AC003FBE-8AEB-40F8-8DBE-48A9B23822F0}"= TCP:C:1\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{435A5D7A-C127-4606-BDD6-AADF91DD49EA}"= UDP:C:1\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{90103605-6895-4148-9240-52CA89DCA768}"= TCP:C:1\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{D502EFDC-20C2-4A33-9BB4-C3F02A4EBA08}"= UDP:D:\UTorrent 1 8\uTorrent.exe:µTorrent (TCP-In)
"{B46B00F3-C0E3-4F5F-AF84-FDF2DA69970F}"= TCP:D:\UTorrent 1 8\uTorrent.exe:µTorrent (UDP-In)
"{FAC18785-F011-4E20-8C11-7BDD6812CA01}"= UDP:3703:Adobe Version Cue CS3 Server
"{C50ADF18-E003-4713-BA80-51AE87B4F1CD}"= UDP:3704:Adobe Version Cue CS3 Server
"{58CF08FE-3D8C-4BAE-97FF-D09C0703F971}"= UDP:50900:Adobe Version Cue CS3 Server
"{D9734941-6BEB-4CB5-B30E-751565BD2B6F}"= UDP:50901:Adobe Version Cue CS3 Server
"{82AD7696-741F-425D-93BF-F44CA0C7C267}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{5004BE53-B8E6-40EA-9085-E576273E4B0D}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{5148B32A-3C4C-4A09-B0D1-2C05515C1428}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C20299BD-6A8E-477D-8D3A-573E6FBE5850}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F0ECBF53-89DE-4AA3-96A4-49DC28A0864E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{D6E597D7-10BF-4590-9718-6DC1B43EBD73}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3247F591-15AF-475D-8136-32324675758C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6EB47315-56CA-4871-818A-D92353F87117}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{8CF68E0E-6F84-4D84-8094-8E7DE7E1584C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{429892F2-6818-4457-A7C8-3E8A5F8323BE}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{804ADD5D-D460-4513-BF6E-8F31F84177B2}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{5F87594A-6FF6-4CE0-84CD-D91448D3E221}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{5B23FF40-88B2-48DE-8398-E6E1A303E6B7}"= UDP:443:TCP port 443 ooVoo
"{71A36C96-EEA9-4594-81D4-8197D9D90A8E}"= TCP:443:UDP port 443 ooVoo
"{3024E162-5300-423E-BBC2-66A2B364E530}"= UDP:37674:TCP port 37674 ooVoo
"{13A729A8-F2B7-40FC-9326-5EB1B03F59E3}"= TCP:37674:UDP port 37674 ooVoo
"{069FC467-1805-49FA-ABC8-389261600682}"= TCP:37675:UDP port 37675 ooVoo
"TCP Query User{8E5DE5F7-E84C-4C36-9025-B45BA65F7F50}D:\\bitcomet\\bitcomet.exe"= UDP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{2EC208F2-B6CC-4C8E-A923-B8CED862F08D}D:\\bitcomet\\bitcomet.exe"= TCP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{DF96001B-E0AF-4224-9906-ACBF202753CA}D:\\ares destiny\\ares.exe"= UDP:D:\ares destiny\ares.exe:Ares p2p for windows
"UDP Query User{FDDFFB36-0084-4541-BBE9-25EB826A371A}D:\\ares destiny\\ares.exe"= TCP:D:\ares destiny\ares.exe:Ares p2p for windows
"TCP Query User{7A129059-210F-4617-B03E-D91DE2EC0D34}C:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:C:\program files\winamp remote\bin\orbtray.exe:Orb
"UDP Query User{C6A0EC0D-FB01-40D8-B616-2F5F06AF8388}C:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:C:\program files\winamp remote\bin\orbtray.exe:Orb
"{74BC0BC5-DA62-4319-BEB1-FC3B5A63562F}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{93CE87FB-C928-4A7D-9A82-BF1B0EEEED8F}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{9001DF20-B39A-4274-A99B-38FA1051B75F}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{86B1F8A7-9D31-41AC-8EA4-661D8ADD46A1}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{66F8449D-BD0B-4500-8699-22065B359785}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{9E04FDDB-0D48-49E7-AB2F-D0D6CF4CD403}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{CE7030E7-8F4A-41E4-B210-E0FD27029B47}C:\\program files\\winamp remote\\bin\\orbir.exe"= UDP:C:\program files\winamp remote\bin\orbir.exe:OrbIR
"UDP Query User{658D05C2-CF3B-4152-8B1A-7965A6BC763C}C:\\program files\\winamp remote\\bin\\orbir.exe"= TCP:C:\program files\winamp remote\bin\orbir.exe:OrbIR
"TCP Query User{10128BE4-2B8A-48AB-A414-F1BAA8C0D91E}C:\\program files\\winamp remote\\bin\\orb.exe"= UDP:C:\program files\winamp remote\bin\orb.exe:Orb Application
"UDP Query User{2FA471A1-285E-4DA2-A96D-72D4B000611E}C:\\program files\\winamp remote\\bin\\orb.exe"= TCP:C:\program files\winamp remote\bin\orb.exe:Orb Application
"TCP Query User{07CE3D9D-DEE7-4332-996C-0381C082C848}D:\\ares destiny\\ares.exe"= UDP:D:\ares destiny\ares.exe:Ares p2p for windows
"UDP Query User{5E904CE6-E2C3-4292-99DC-E6396514E46A}D:\\ares destiny\\ares.exe"= TCP:D:\ares destiny\ares.exe:Ares p2p for windows
"TCP Query User{85E0D794-5C9C-4E61-B8B1-48D20480F1CB}D:\\utorrent 1 8\\utorrent.exe"= UDP:D:\utorrent 1 8\utorrent.exe:µTorrent
"UDP Query User{825C07D1-3B94-4E00-8578-FB9840608AD5}D:\\utorrent 1 8\\utorrent.exe"= TCP:D:\utorrent 1 8\utorrent.exe:µTorrent
"{608035D9-DD1D-45EB-BB24-1F1DD22F1F55}"= UDP:C:\Users\Aristide\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{309F3D08-4895-41C5-8522-047099195F24}"= TCP:C:\Users\Aristide\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{B9F11B52-69A6-4F03-B4C3-96D9EA1634B8}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{F5263E24-6FC4-429E-B40D-7B27C2D6379C}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"{7778CC22-D429-41BC-A46D-7127FCEB3551}"= UDP:26579:BitComet 26579 TCP
"{A6017C98-2F10-4F77-9677-734D3EA2AADE}"= TCP:26579:BitComet 26579 UDP
"{A44123C7-21DB-4F64-9CF6-9946A8E45CED}"= UDP:26579:BitComet 26579 TCP
"{3801B058-1E8C-4323-A859-DB49931583D1}"= TCP:26579:BitComet 26579 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 22016]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 3478528]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S0 OemBiosDevice;Royalty OEM BIOS Extension;C:\Windows\system32\DRIVERS\royal.sys [2007-03-02 240128]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 23152]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-09-13 307968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-eMuleAutoStart - D:\Emule\emule.exe
HKLM-Run-UnlockerAssistant - D:\Unlocker 1 8 7\Unlocker\UnlockerAssistant.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 19:48:30
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\conime.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
D:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-10-03 19:55:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 19:55:36
ComboFix2.txt 2008-10-03 15:17:03

Avant-CF: 9ÿ560ÿ309ÿ760 octets libres
Post-Run: 8,996,155,392 octets libres

400 --- E O F --- 2008-08-30 05:25:49

- Télécharge RavAntivirus d'Evosla sur ton bureau :
http://www.evosla.com/compteur.php?soft=rav_antivirus

- Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir avant de lancer le fix

- Clique droit sur le fichier rav.zip, puis "Extraire Ici".

- Doucle-clique sur "rav.exe" pour lancer le fix. (Pour Vista, clique droit sur rav et choisis Exécuter en tant qu'administrateur)

- Laisse le programme agir : il scanne automatiquement tous les lecteurs (disques fixes et amovibles)

- Quitte le programme quand le message suivant apparaît : Votre ordinateur est sain

- Ensuite : retire tes disques amovibles et redémarre le PC.

Bonjour,

Vlà. je viens de scanner mon poste avec RavAntivirus d'Evosla, je ne sais pas s'il y a encore une autre étape mais je voulais déjà te dire un grand merci, car ça m'a evité un formatage de la partition où est situé mon OS.

Il a trouvé quelque chose ?