Tom's Guide > Forum > Sécurité - Virus > Je n'accede plus a ma session

Je n'accede plus a ma session

Forum Sécurité - Virus : Je n'accede plus a ma session

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
corsy   19-08-2009 à 21:58:39

bonjour,voila mon gros probleme c'est que je ne peux plus acceder a ma session,c'est a dire quand je rentre mon mot de passe,j'accede a ma session mais tous les element du bureau et la barre demarrer n'est plus visible,seul mon fond d'ecran est visible

je ne sais pas d'ou ca vient,mais je sais qu'avant ca j'avais un rond tout rouge avec une croix blanche sur la barre des tache ki me disait ke mon pc etait infecter,j'ai fait une analyse antiviruse et antispyware avec spybot et avast en mode sans echec mais rien a changer,ca ma certe permi de suprimer des virus mais je n'accede plus a mes sessions,je suis obliger de me conneceter en mode sans echec pour acceder a mes documents

j'ai essayer de reparer windows avec le cd mais rien ne change

merci de maider

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Destrio5   19-08-2009 à 22:36:05
- 0 +

Bonjour,

(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).


Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5
corsy   19-08-2009 à 22:54:55
- 0 +

merci pour ta reponse,j'espere que le contenu n'es pas trop long kar je l'ai mi entierement et ca me parrait un peu trop long

voici le contenu de log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by moi at 2005-01-11 15:04:34
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 36 GB (49%) free of 73 GB
Total RAM: 2558 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:50, on 11/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\moi\Bureau\RSIT.exe
C:\Program Files\trend micro\moi.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: (no name) - {00000000-5736-4205-0008-781cd0e19f00} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\moi\msword98.exe
O4 - HKCU\..\Run: [braviax] ù
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 1643235828
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\cru629.dat
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6566 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}
{00000000-5736-4205-0008-781cd0e19f00}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"msword98"=C:\WINDOWS\system32\msword98.exe [2009-08-16 26686]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"nwiz"=nwiz.exe /install []
"sysldtray"=C:\windows\ld12.exe [2005-01-10 36864]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"braviax"=C:\WINDOWS\system32\braviax.exe [2005-01-10 11264]
"SRFirstRun"=rundll32 srclient.dll,CreateFirstRunRp []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msword98"=C:\Documents and Settings\moi\msword98.exe [2009-08-16 26686]
"braviax"=ù []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe [2008-11-18 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
C:\Program Files\Athan\Athan.exe [2007-09-06 1003520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1036 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2004-09-15 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetCruiser Proxy]
C:\Program Files\NetCruiser\NCProxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe /SILENT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe -tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC_Monitor]
C:\WINDOWS\Philips\SPC230NC\Monitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcs4diamond]
C:\Program Files\AV Vcs 4.0\Vcs4Core.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wippien]
C:\Program Files\Wippien\Wippien.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard]
C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
C:\Program Files\Office Mouse Driver\StartAutorun.exe MouseDrv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
C:\PROGRA~1\AOL9~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
C:\PROGRA~1\Sipru\sipru.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
C:\Program Files\SkyMessager\skymess.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2005-12-14 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2

C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage
ikowin32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\cru629.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=176

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AMSN\bin\wish.exe"="C:\Program Files\AMSN\bin\wish.exe:*:Disabled:Wish Application"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\SkyMessager\skymess.exe"="C:\Program Files\SkyMessager\skymess.exe:*:Disabled:SkyMessager"
"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Disabled:Partage de l'application RTC"
"C:\Valve\Steam\SteamApps\kash_e2\counter-strike\hl.exe"="C:\Valve\Steam\SteamApps\kash_e2\counter-strike\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Disabled:Xfire"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe"="C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe:*:Disabled:Radio Fr Solo"
"C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Disabled:Teamspeak RC2"
"C:\Documents and Settings\moi\Bureau\viviplay.exe"="C:\Documents and Settings\moi\Bureau\viviplay.exe:*:Disabled:ViViMediaPlay Microsoft ???????"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC"
"C:\Program Files\Sports Interactive\Football Manager 2006\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2006\fm.exe:*:Disabled:Football Manager 2006"
"C:\Program Files\NetCruiser\NCProxy.exe"="C:\Program Files\NetCruiser\NCProxy.exe:*:Disabled:NCProxy"
"C:\Program Files\AnalogX\Proxy\proxy.exe"="C:\Program Files\AnalogX\Proxy\proxy.exe:*:Disabled:proxy"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Disabled:Pmc.exe"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMC.Service.Main.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:LocalSubNet:Disabled:PMC.Tvtv.Wizard.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Disabled:PMSInstallInit.exe"
"C:\Program Files\MaxTV Online\maxtv.exe"="C:\Program Files\MaxTV Online\maxtv.exe:*:Disabled:maxtv"
"C:\Documents and Settings\moi\Bureau\maxtv\maxtv.exe"="C:\Documents and Settings\moi\Bureau\maxtv\maxtv.exe:*:Disabled:maxtv"
"C:\Documents and Settings\moi\Mes documents\divers\pokebipscript\mirc.exe"="C:\Documents and Settings\moi\Mes documents\divers\pokebipscript\mirc.exe:*:Disabled:mIRC"
"C:\Documents and Settings\moi\Bureau\pokebipscript\mirc.exe"="C:\Documents and Settings\moi\Bureau\pokebipscript\mirc.exe:*:Disabled:mIRC"
"C:\Program Files\Pinnacle\MediaCenter\PSST.exe"="C:\Program Files\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Disabled:PSST.exe"
"C:\Program Files\MaxTV Online\plugins\Streamer.exe"="C:\Program Files\MaxTV Online\plugins\Streamer.exe:*:Disabled:Streamer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Valve\Condition Zero\steaminstall.exe"="C:\Valve\Condition Zero\steaminstall.exe:*:Enabled:Jouer online avec Steam"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\moi\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\moi\Application Data\SopCast\adv\SopAdver.exe:*:Disabled:SopAdver"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVU Player Component"
"C:\Program Files\TVU Player\TVUPlayer.exe"="C:\Program Files\TVU Player\TVUPlayer.exe:*:Disabled:TVUPlayer"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\moi\Bureau\hali2.part01\Half-Life 2\hl2.exe"="C:\Documents and Settings\moi\Bureau\hali2.part01\Half-Life 2\hl2.exe:*:Disabled:hl2"
"C:\Program Files\DMV\MaxTV\plugins\dll\vlc.exe"="C:\Program Files\DMV\MaxTV\plugins\dll\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player"
"C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe:*:Disabled:Assistance à distance - Windows Messenger et voix"
"C:\Valve\Condition Zero\czero.exe"="C:\Valve\Condition Zero\czero.exe:*:Disabled:Condition Zero Launcher"
"C:\Program Files\DMV\MaxTV\MaxTV.exe"="C:\Program Files\DMV\MaxTV\MaxTV.exe:*:Disabled:MaxTV"
"C:\Program Files\neuf telecom\MP9 Premium\MP9Premium.exe"="C:\Program Files\neuf telecom\MP9 Premium\MP9Premium.exe:*:Disabled:SesamTV Media Center"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Browser"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\PeerTV\VLC\vlc.exe"="C:\Program Files\PeerTV\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\PeerTV\PeerCast.exe"="C:\Program Files\PeerTV\PeerCast.exe:*:Disabled:PeerCast"
"C:\Program Files\MaxTV Online\plugins\PeerCast.exe"="C:\Program Files\MaxTV Online\plugins\PeerCast.exe:*:Disabled:PeerCast"
"C:\Program Files\PPMate\ppmnet.exe"="C:\Program Files\PPMate\ppmnet.exe:*:Disabled:PPMate"
"C:\Program Files\PPMate\ppmate.exe"="C:\Program Files\PPMate\ppmate.exe:*:Disabled:PPMate"
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Disabled:UUSEE"
"C:\Valve\Steam\Steam.exe"="C:\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe:*:Enabled:pes6.exe"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Documents and Settings\moi\Bureau\PortChkPES2009EUPC_103\PortChkPES2009EUPC.exe"="C:\Documents and Settings\moi\Bureau\PortChkPES2009EUPC_103\PortChkPES2009EUPC.exe:*:Enabled:Port Checker"
"C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Disabled:adsl TV"
"C:\Program Files\Sipru\sipru.exe"="C:\Program Files\Sipru\sipru.exe:*:Disabled:sipru"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\Program Files\Tvants\Tvants.exe"="C:\Program Files\Tvants\Tvants.exe:*:Disabled:Tvants"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Saints Row 2\SR2_pc.exe"="C:\Program Files\Saints Row 2\SR2_pc.exe:*:Enabled:SR2_pc"
"C:\Program Files\Qtracker\qtracker.exe"="C:\Program Files\Qtracker\qtracker.exe:*:Enabled:Qtracker"
"C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe"="C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Documents and Settings\moi\Bureau\PES6ONLINEvn1\PES6ONLINEvn\CODE\GoalServer6.exe"="C:\Documents and Settings\moi\Bureau\PES6ONLINEvn1\PES6ONLINEvn\CODE\GoalServer6.exe:*:Enabled:GoalServer6"
"C:\Documents and Settings\moi\Bureau\PSL_GS6_v1.20\GoalServer6.exe"="C:\Documents and Settings\moi\Bureau\PSL_GS6_v1.20\GoalServer6.exe:*:Enabled:GoalServer6 Alpha"
"C:\Documents and Settings\moi\Bureau\Outpes6server\GoalServer6.exe"="C:\Documents and Settings\moi\Bureau\Outpes6server\GoalServer6.exe:*:Enabled:GoalServer6"
"C:\Program Files\fluffy\WinStun\WinStun.exe"="C:\Program Files\fluffy\WinStun\WinStun.exe:*:Enabled:STUN Client"
"C:\Program Files\Wippien\Wippien.exe"="C:\Program Files\Wippien\Wippien.exe:*:Enabled:Wippien"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi"
"C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe"="C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent"
"C:\Documents and Settings\moi\Bureau\PES6_STARTER\GoalServer6.exe"="C:\Documents and Settings\moi\Bureau\PES6_STARTER\GoalServer6.exe:*:Enabled:GoalServer6"
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"="C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\secours\Bureau\pour sabrina\eMule\emule.exe"="C:\Documents and Settings\secours\Bureau\pour sabrina\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{721eb3e9-f13c-11dc-822e-001143228d4c}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76a91040-669e-11db-bd6d-00038a000015}]
shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c85b53c-f472-11da-bc42-00038a000015}]
shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ed4eb38-543e-11da-ba74-00038a000015}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs


======List of files/folders created in the last 1 months======

2009-08-18 13:13:56 ----SHD---- C:\$RECYCLE.BIN
2009-08-16 02:50:51 ----A---- C:\WINDOWS\system32\msword98.exe
2009-08-14 10:39:57 ----A---- C:\WINDOWS\CA533A.INI
2009-08-13 21:10:14 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-08-13 21:10:14 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-08-13 21:10:13 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-08-13 21:09:56 ----D---- C:\WINDOWS\system32\xlive
2009-08-13 21:09:55 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-08-13 21:09:15 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-08-13 21:09:15 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-08-13 21:09:14 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-08-13 21:09:10 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-08-13 21:09:10 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-08-13 21:09:06 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-08-13 21:09:03 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-08-13 20:07:47 ----D---- C:\Program Files\Street Fighter IV
2009-08-13 10:55:49 ----D---- C:\Program Files\Simulateur de conduite 3D
2009-07-23 13:53:57 ----D---- C:\Program Files\DkZ Studio
2009-07-15 17:02:41 ----D---- C:\Documents and Settings\moi\Application Data\ArcSoft
2009-07-15 16:41:20 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-07-15 16:38:51 ----A---- C:\WINDOWS\system32\CoInst.dll
2009-07-15 16:38:50 ----A---- C:\WINDOWS\system32\SPC230NC.INI
2009-07-15 16:38:47 ----D---- C:\WINDOWS\Philips
2009-06-27 17:51:22 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2009-06-27 17:49:01 ----D---- C:\Program Files\Windows Live
2009-06-12 11:40:29 ----D---- C:\Documents and Settings\moi\Application Data\Download Manager
2009-06-03 15:24:33 ----D---- C:\Program Files\Runtime Software
2009-04-27 00:21:52 ----D---- C:\Program Files\WinamaxPoker
2009-04-21 23:20:44 ----A---- C:\WINDOWS\system32\xlivefnt.dll
2009-04-21 23:20:44 ----A---- C:\WINDOWS\system32\xlive.dll
2009-04-21 23:19:06 ----A---- C:\WINDOWS\system32\xlive.dll.cat
2009-04-13 22:47:46 ----D---- C:\Documents and Settings\moi\Application Data\Dealio
2009-03-31 20:44:07 ----D---- C:\WINDOWS\system32\athan
2009-03-31 20:44:04 ----D---- C:\Program Files\Athan
2009-03-14 01:53:36 ----D---- C:\Documents and Settings\moi\Application Data\Wippien
2009-03-04 20:36:16 ----D---- C:\Program Files\JPEG Compression
2009-03-02 19:02:03 ----D---- C:\Program Files\Cheat 'O Matic
2009-02-02 17:12:18 ----D---- C:\Documents and Settings\moi\Application Data\Facebook
2009-01-30 02:58:36 ----A---- C:\WINDOWS\Robota.INI
2009-01-30 02:56:04 ----D---- C:\Documents and Settings\moi\Application Data\MAGIX
2009-01-30 02:54:08 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2009-01-30 02:52:52 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-01-30 02:52:50 ----A---- C:\WINDOWS\system32\mgxasio2.dll
2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\TTIC32.dll
2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\TTI32.dll
2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\STRING32.dll
2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\MXRestore.exe
2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\mgxcdr.txt
2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\DLLRES32.dll
2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLRD32.dll
2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLIX.dll
2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLISO32.dll
2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLIO32.dll
2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLAV32.dll
2009-01-30 02:51:46 ----D---- C:\Documents and Settings\All Users\Application Data\MAGIX
2009-01-30 02:51:05 ----D---- C:\Program Files\MAGIX
2009-01-30 02:51:05 ----A---- C:\WINDOWS\system32\DLLDEV32i.dll
2009-01-30 02:50:41 ----D---- C:\WINDOWS\system32\MAGIX
2009-01-30 02:50:41 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2009-01-30 02:50:41 ----A---- C:\WINDOWS\mgxoschk.ini
2009-01-30 02:48:11 ----D---- C:\Documents and Settings\moi\Application Data\invibes
2009-01-30 02:48:02 ----D---- C:\Program Files\Micro Application
2009-01-30 01:05:08 ----A---- C:\log.txt
2009-01-30 01:04:02 ----D---- C:\Program Files\Qtracker
2009-01-30 00:57:38 ----D---- C:\Documents and Settings\moi\Application Data\Hamachi
2009-01-26 10:16:42 ----D---- C:\Program Files\Activision
2009-01-26 10:12:12 ----SHD---- C:\WINDOWS\ftpcache
2009-01-24 15:27:45 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-01-24 15:27:45 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-01-24 15:27:44 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-01-24 15:27:42 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-01-24 15:27:42 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-01-24 15:27:41 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-01-24 15:10:46 ----D---- C:\WINDOWS\nview
2009-01-24 15:10:46 ----D---- C:\WINDOWS\NV28082812.TMP
2009-01-24 15:10:46 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-01-24 15:08:46 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-12-31 14:46:21 ----D---- C:\Program Files\MSXML 6.0
2008-12-31 14:10:18 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-31 14:10:18 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-31 14:10:17 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-31 14:10:14 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-31 14:10:12 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-31 14:10:12 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-31 14:10:09 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-31 14:10:05 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-31 14:09:53 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-31 14:09:38 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-31 14:09:27 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-12-31 14:09:05 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-31 14:09:05 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-31 14:09:03 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-12-31 14:07:25 ----D---- C:\WINDOWS\Logs
2008-12-31 14:07:23 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-12-31 11:24:12 ----RHD---- C:\Documents and Settings\moi\Application Data\SecuROM
2008-12-31 02:08:17 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2008-12-31 02:05:22 ----D---- C:\Program Files\MSBuild
2008-12-31 02:02:00 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-31 02:01:57 ----D---- C:\WINDOWS\system32\en-us
2008-12-31 02:00:57 ----D---- C:\Program Files\Reference Assemblies
2008-12-31 02:00:37 ----A---- C:\WINDOWS\system32\spmsg2.dll
2008-12-31 01:56:47 ----D---- C:\Documents and Settings\moi\Application Data\DAEMON Tools
2008-12-31 01:56:46 ----D---- C:\Documents and Settings\moi\Application Data\DAEMON Tools Pro
2008-12-31 01:55:24 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2008-12-31 01:55:15 ----D---- C:\Program Files\DAEMON Tools Lite
2008-12-31 01:47:51 ----D---- C:\Documents and Settings\moi\Application Data\DAEMON Tools Lite
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsth.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrses.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrszht.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrstr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsth.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrssv.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrssl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrspt.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrspl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsno.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrses.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsar.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\keystone.exe
2008-12-03 19:29:33 ----A---- C:\log_lobby_dumper.txt
2008-12-03 19:29:33 ----A---- C:\log_lobby.txt
2008-11-29 17:54:45 ----A---- C:\WINDOWS\system32\SET17C3.tmp
2008-11-29 17:54:44 ----A---- C:\WINDOWS\system32\SET17B5.tmp
2008-11-29 17:54:44 ----A---- C:\WINDOWS\system32\SET17B0.tmp
2008-11-29 17:54:43 ----A---- C:\WINDOWS\system32\SET17AD.tmp
2008-11-29 17:50:46 ----A---- C:\WINDOWS\SETC14.tmp
2008-11-29 17:50:36 ----A---- C:\WINDOWS\system32\SETBEA.tmp
2008-11-29 17:50:34 ----A---- C:\WINDOWS\system32\SETBE8.tmp
2008-11-29 17:50:33 ----A---- C:\WINDOWS\system32\SETBE5.tmp
2008-11-29 17:50:32 ----A---- C:\WINDOWS\system32\SETBE2.tmp
2008-11-29 17:50:31 ----A---- C:\WINDOWS\system32\SETBE0.tmp
2008-11-29 17:50:30 ----A---- C:\WINDOWS\system32\SETBDD.tmp
2008-11-29 17:50:30 ----A---- C:\WINDOWS\system32\SETBD8.tmp
2008-11-29 17:50:29 ----A---- C:\WINDOWS\system32\SETBD3.tmp
2008-11-29 17:50:29 ----A---- C:\WINDOWS\system32\SETBD2.tmp
2008-11-29 17:50:29 ----A---- C:\WINDOWS\system32\SETBCF.tmp
2008-11-29 17:50:28 ----A---- C:\WINDOWS\system32\SETBCE.tmp
2008-11-29 17:50:28 ----A---- C:\WINDOWS\system32\SETBCD.tmp
2008-11-29 17:50:28 ----A---- C:\WINDOWS\system32\SETBC8.tmp
2008-11-29 17:50:27 ----A---- C:\WINDOWS\system32\SETBC7.tmp
2008-11-29 17:50:26 ----A---- C:\WINDOWS\system32\SETBC1.tmp
2008-11-29 17:50:26 ----A---- C:\WINDOWS\system32\SETBBF.tmp
2008-11-29 17:50:25 ----A---- C:\WINDOWS\system32\SETBBC.tmp
2008-11-29 17:50:25 ----A---- C:\WINDOWS\system32\SETBB9.tmp
2008-11-29 17:50:24 ----A---- C:\WINDOWS\system32\SETBB4.tmp
2008-11-29 17:50:24 ----A---- C:\WINDOWS\system32\SETBAE.tmp
2008-11-29 17:50:23 ----A---- C:\WINDOWS\system32\SETBA6.tmp
2008-11-29 17:50:23 ----A---- C:\WINDOWS\system32\SETBA5.tmp
2008-11-29 17:50:22 ----A---- C:\WINDOWS\system32\SETBA0.tmp
2008-11-29 17:50:22 ----A---- C:\WINDOWS\system32\SETB9E.tmp
2008-11-29 17:50:21 ----A---- C:\WINDOWS\system32\SETB9B.tmp
2008-11-29 17:50:21 ----A---- C:\WINDOWS\system32\SETB99.tmp
2008-11-29 17:50:20 ----A---- C:\WINDOWS\system32\SETB98.tmp
2008-11-29 17:50:20 ----A---- C:\WINDOWS\system32\SETB96.tmp
2008-11-29 17:50:20 ----A---- C:\WINDOWS\system32\SETB94.tmp
2008-11-29 17:50:19 ----A---- C:\WINDOWS\system32\SETB93.tmp
2008-11-29 17:50:19 ----A---- C:\WINDOWS\system32\SETB92.tmp
2008-11-29 17:50:19 ----A---- C:\WINDOWS\system32\SETB91.tmp
2008-11-29 17:50:18 ----A---- C:\WINDOWS\system32\SETB8F.tmp
2008-11-29 17:50:18 ----A---- C:\WINDOWS\system32\SETB8E.tmp
2008-11-29 17:50:18 ----A---- C:\WINDOWS\system32\SETB8D.tmp
2008-11-29 17:50:17 ----A---- C:\WINDOWS\system32\SETB86.tmp
2008-11-29 17:50:13 ----A---- C:\WINDOWS\system32\SETB5A.tmp
2008-11-29 17:50:13 ----A---- C:\WINDOWS\system32\SETB59.tmp
2008-11-29 17:50:12 ----A---- C:\WINDOWS\system32\SETB49.tmp
2008-11-29 17:50:11 ----A---- C:\WINDOWS\system32\SETB3E.tmp
2008-11-29 17:50:09 ----A---- C:\WINDOWS\system32\SETB30.tmp
2008-11-29 17:50:09 ----A---- C:\WINDOWS\system32\SETB2F.tmp
2008-11-29 17:50:09 ----A---- C:\WINDOWS\system32\SETB2E.tmp
2008-11-29 17:50:08 ----A---- C:\WINDOWS\system32\SETB2C.tmp
2008-11-29 17:50:08 ----A---- C:\WINDOWS\system32\SETB26.tmp
2008-11-29 17:50:07 ----A---- C:\WINDOWS\system32\SETB18.tmp
2008-11-29 17:50:06 ----A---- C:\WINDOWS\system32\SETB11.tmp
2008-11-29 17:50:06 ----A---- C:\WINDOWS\system32\SETB0D.tmp
2008-11-29 17:50:05 ----A---- C:\WINDOWS\system32\SETB08.tmp
2008-11-29 17:50:04 ----A---- C:\WINDOWS\system32\SETAFB.tmp
2008-11-29 17:50:04 ----A---- C:\WINDOWS\system32\SETAF5.tmp
2008-11-29 17:50:03 ----A---- C:\WINDOWS\system32\SETAEE.tmp
2008-11-29 17:50:03 ----A---- C:\WINDOWS\system32\SETAED.tmp
2008-11-29 17:50:03 ----A---- C:\WINDOWS\system32\SETAEC.tmp
2008-11-29 17:50:02 ----A---- C:\WINDOWS\system32\SETAE9.tmp
2008-11-29 17:50:02 ----A---- C:\WINDOWS\system32\SETAE1.tmp
2008-11-29 17:49:58 ----A---- C:\WINDOWS\system32\SETAB5.tmp
2008-11-29 17:49:58 ----A---- C:\WINDOWS\system32\SETAB0.tmp
2008-11-29 17:49:57 ----A---- C:\WINDOWS\system32\SETAA9.tmp
2008-11-29 17:49:57 ----A---- C:\WINDOWS\system32\SETAA7.tmp
2008-11-29 17:49:56 ----A---- C:\WINDOWS\system32\SETAA5.tmp
2008-11-29 17:49:56 ----A---- C:\WINDOWS\system32\SETAA1.tmp
2008-11-29 17:49:54 ----A---- C:\WINDOWS\system32\SETA89.tmp
2008-11-29 17:49:54 ----A---- C:\WINDOWS\system32\SETA87.tmp
2008-11-29 17:49:53 ----A---- C:\WINDOWS\system32\SETA7A.tmp
2008-11-29 17:49:52 ----A---- C:\WINDOWS\system32\SETA78.tmp
2008-11-29 17:49:52 ----A---- C:\WINDOWS\system32\SETA72.tmp
2008-11-29 17:49:52 ----A---- C:\WINDOWS\system32\SETA70.tmp
2008-11-29 17:49:51 ----A---- C:\WINDOWS\system32\SETA64.tmp
2008-11-29 17:49:50 ----A---- C:\WINDOWS\system32\SETA60.tmp
2008-11-29 17:49:50 ----A---- C:\WINDOWS\system32\SETA5F.tmp
2008-11-29 17:49:49 ----A---- C:\WINDOWS\system32\SETA5C.tmp
2008-11-29 17:49:48 ----A---- C:\WINDOWS\system32\SETA4D.tmp
2008-11-29 17:49:48 ----A---- C:\WINDOWS\system32\SETA46.tmp
2008-11-29 17:49:47 ----A---- C:\WINDOWS\system32\SETA44.tmp
2008-11-29 17:49:47 ----A---- C:\WINDOWS\system32\SETA42.tmp
2008-11-29 17:49:47 ----A---- C:\WINDOWS\system32\SETA3A.tmp
2008-11-29 17:49:46 ----A---- C:\WINDOWS\system32\SETA39.tmp
2008-11-29 17:49:46 ----A---- C:\WINDOWS\system32\SETA37.tmp
2008-11-29 17:49:46 ----A---- C:\WINDOWS\system32\SETA34.tmp
2008-11-29 17:49:46 ----A---- C:\WINDOWS\system32\SETA32.tmp
2008-11-29 17:49:46 ----A---- C:\WINDOWS\system32\SETA31.tmp
2008-11-29 17:49:45 ----A---- C:\WINDOWS\system32\SETA2F.tmp
2008-11-29 17:49:44 ----A---- C:\WINDOWS\system32\SETA24.tmp
2008-11-29 17:49:43 ----A---- C:\WINDOWS\system32\SETA20.tmp
2008-11-29 17:49:43 ----A---- C:\WINDOWS\system32\SETA1B.tmp
2008-11-29 17:49:42 ----A---- C:\WINDOWS\system32\SETA18.tmp
2008-11-29 17:49:42 ----A---- C:\WINDOWS\system32\SETA14.tmp
2008-11-29 17:49:42 ----A---- C:\WINDOWS\system32\SETA13.tmp
2008-11-29 17:49:42 ----A---- C:\WINDOWS\system32\SETA12.tmp
2008-11-29 17:49:41 ----A---- C:\WINDOWS\system32\SETA11.tmp
2008-11-29 17:49:41 ----A---- C:\WINDOWS\system32\SETA0D.tmp
2008-11-29 17:49:40 ----A---- C:\WINDOWS\system32\SETA06.tmp
2008-11-29 17:49:40 ----A---- C:\WINDOWS\system32\SETA05.tmp
2008-11-29 17:49:40 ----A---- C:\WINDOWS\system32\SETA03.tmp
2008-11-29 17:49:40 ----A---- C:\WINDOWS\system32\SETA02.tmp
2008-11-29 17:49:39 ----A---- C:\WINDOWS\system32\SET9F5.tmp
2008-11-29 17:49:38 ----A---- C:\WINDOWS\system32\SET9F3.tmp
2008-11-29 17:49:37 ----A---- C:\WINDOWS\system32\SET9EE.tmp
2008-11-29 17:49:37 ----A---- C:\WINDOWS\system32\SET9ED.tmp
2008-11-29 17:49:37 ----A---- C:\WINDOWS\system32\SET9EB.tmp
2008-11-29 17:49:36 ----A---- C:\WINDOWS\system32\SET9E6.tmp
2008-11-29 17:49:35 ----A---- C:\WINDOWS\system32\SET9D9.tmp
2008-11-29 17:49:34 ----A---- C:\WINDOWS\system32\SET9CF.tmp
2008-11-29 17:49:34 ----A---- C:\WINDOWS\system32\SET9C7.tmp
2008-11-29 17:49:33 ----A---- C:\WINDOWS\system32\SET9C4.tmp
2008-11-29 17:49:33 ----A---- C:\WINDOWS\system32\SET9C3.tmp
2008-11-29 17:49:33 ----A---- C:\WINDOWS\system32\SET9BF.tmp
2008-11-29 17:49:32 ----A---- C:\WINDOWS\system32\SET9B4.tmp
2008-11-29 17:49:32 ----A---- C:\WINDOWS\system32\SET9B3.tmp
2008-11-29 17:49:31 ----A---- C:\WINDOWS\system32\SET9AC.tmp
2008-11-29 17:49:31 ----A---- C:\WINDOWS\system32\SET9A7.tmp
2008-11-29 17:49:30 ----A---- C:\WINDOWS\system32\SET9A2.tmp
2008-11-29 17:49:29 ----A---- C:\WINDOWS\system32\SET99C.tmp
2008-11-29 17:49:29 ----A---- C:\WINDOWS\system32\SET999.tmp
2008-11-29 17:49:29 ----A---- C:\WINDOWS\system32\SET998.tmp
2008-11-29 17:49:29 ----A---- C:\WINDOWS\system32\SET997.tmp
2008-11-29 17:49:28 ----A---- C:\WINDOWS\system32\SET98C.tmp
2008-11-29 17:49:28 ----A---- C:\WINDOWS\system32\SET98A.tmp
2008-11-29 17:49:27 ----A---- C:\WINDOWS\system32\SET988.tmp
2008-11-29 17:49:26 ----A---- C:\WINDOWS\system32\SET97E.tmp
2008-11-29 17:49:26 ----A---- C:\WINDOWS\system32\SET97B.tmp
2008-11-29 17:49:25 ----A---- C:\WINDOWS\system32\SET977.tmp
2008-11-29 17:49:25 ----A---- C:\WINDOWS\system32\SET976.tmp
2008-11-29 17:49:25 ----A---- C:\WINDOWS\system32\SET975.tmp
2008-11-29 17:49:25 ----A---- C:\WINDOWS\system32\SET96F.tmp
2008-11-29 17:49:24 ----A---- C:\WINDOWS\system32\SET96D.tmp
2008-11-29 17:49:24 ----A---- C:\WINDOWS\system32\SET96B.tmp
2008-11-29 17:49:24 ----A---- C:\WINDOWS\system32\SET962.tmp
2008-11-29 17:49:23 ----A---- C:\WINDOWS\system32\SET961.tmp
2008-11-29 17:49:23 ----A---- C:\WINDOWS\system32\SET95C.tmp
2008-11-29 17:49:23 ----A---- C:\WINDOWS\system32\SET958.tmp
2008-11-29 17:49:23 ----A---- C:\WINDOWS\system32\SET957.tmp
2008-11-29 17:49:22 ----A---- C:\WINDOWS\system32\SET953.tmp
2008-11-29 17:49:22 ----A---- C:\WINDOWS\system32\SET952.tmp
2008-11-29 17:49:21 ----A---- C:\WINDOWS\system32\SET941.tmp
2008-11-29 17:49:21 ----A---- C:\WINDOWS\system32\SET93F.tmp
2008-11-29 17:49:19 ----A---- C:\WINDOWS\system32\SET927.tmp
2008-11-29 17:49:18 ----A---- C:\WINDOWS\system32\SET90E.tmp
2008-11-29 17:49:17 ----A---- C:\WINDOWS\system32\SET902.tmp
2008-11-29 17:49:17 ----A---- C:\WINDOWS\system32\SET8FE.tmp
2008-11-29 17:49:16 ----A---- C:\WINDOWS\system32\SET8F5.tmp
2008-11-29 17:49:16 ----A---- C:\WINDOWS\system32\SET8F4.tmp
2008-11-29 17:49:15 ----A---- C:\WINDOWS\system32\SET8DD.tmp
2008-11-29 17:49:12 ----A---- C:\WINDOWS\system32\SET8B7.tmp
2008-11-29 17:49:12 ----A---- C:\WINDOWS\system32\SET8B5.tmp
2008-11-29 17:49:12 ----A---- C:\WINDOWS\system32\SET8B4.tmp
2008-11-29 17:49:12 ----A---- C:\WINDOWS\system32\SET8B2.tmp
2008-11-29 17:49:11 ----A---- C:\WINDOWS\system32\SET8AF.tmp
2008-11-29 17:49:10 ----A---- C:\WINDOWS\system32\SET896.tmp
2008-11-29 17:49:09 ----A---- C:\WINDOWS\system32\SET888.tmp
2008-11-29 17:49:08 ----A---- C:\WINDOWS\system32\SET885.tmp
2008-11-29 17:49:08 ----A---- C:\WINDOWS\system32\SET882.tmp
2008-11-29 17:49:08 ----A---- C:\WINDOWS\system32\SET87D.tmp
2008-11-29 17:49:07 ----A---- C:\WINDOWS\system32\SET86E.tmp
2008-11-29 17:49:07 ----A---- C:\WINDOWS\system32\SET86B.tmp
2008-11-29 17:49:06 ----A---- C:\WINDOWS\system32\SET85D.tmp
2008-11-29 17:49:05 ----A---- C:\WINDOWS\system32\SET85B.tmp
2008-11-29 17:49:05 ----A---- C:\WINDOWS\system32\SET859.tmp
2008-11-29 17:49:04 ----A---- C:\WINDOWS\system32\SET844.tmp
2008-11-29 17:49:03 ----A---- C:\WINDOWS\system32\SET841.tmp
2008-11-29 17:49:03 ----A---- C:\WINDOWS\system32\SET840.tmp
2008-11-29 17:49:03 ----A---- C:\WINDOWS\system32\SET836.tmp
2008-11-29 17:49:02 ----A---- C:\WINDOWS\system32\SET82D.tmp
2008-11-29 17:49:01 ----A---- C:\WINDOWS\system32\SET81B.tmp
2008-11-29 17:49:01 ----A---- C:\WINDOWS\system32\SET819.tmp
2008-11-29 17:49:00 ----A---- C:\WINDOWS\system32\SET809.tmp
2008-11-29 17:48:58 ----A---- C:\WINDOWS\system32\SET800.tmp
2008-11-29 17:48:58 ----A---- C:\WINDOWS\system32\SET7FB.tmp
2008-11-29 17:48:57 ----A---- C:\WINDOWS\system32\SET7ED.tmp
2008-11-29 17:48:56 ----A---- C:\WINDOWS\system32\SET7E2.tmp
2008-11-29 17:48:56 ----A---- C:\WINDOWS\system32\SET7DF.tmp
2008-11-29 17:48:55 ----A---- C:\WINDOWS\system32\SET7CC.tmp
2008-11-29 17:48:52 ----A---- C:\WINDOWS\system32\SET782.tmp
2008-11-29 17:48:51 ----A---- C:\WINDOWS\system32\SET778.tmp
2008-11-29 17:48:51 ----A---- C:\WINDOWS\system32\SET777.tmp
2008-11-29 17:48:51 ----A---- C:\WINDOWS\system32\SET774.tmp
2008-11-29 17:48:50 ----A---- C:\WINDOWS\system32\SET76F.tmp
2008-11-29 17:48:50 ----A---- C:\WINDOWS\system32\SET76B.tmp
2008-11-29 17:48:50 ----A---- C:\WINDOWS\system32\SET76A.tmp
2008-11-29 17:48:46 ----A---- C:\WINDOWS\system32\SET720.tmp
2008-11-29 17:48:44 ----A---- C:\WINDOWS\system32\SET6FF.tmp
2008-11-29 17:48:44 ----A---- C:\WINDOWS\system32\SET6FE.tmp
2008-11-29 17:48:41 ----A---- C:\WINDOWS\system32\SET6B4.tmp
2008-11-29 17:48:40 ----A---- C:\WINDOWS\system32\SET6B2.tmp
2008-11-29 17:48:39 ----A---- C:\WINDOWS\system32\SET69A.tmp
2008-11-29 17:48:38 ----A---- C:\WINDOWS\system32\SET68A.tmp
2008-11-29 17:48:38 ----A---- C:\WINDOWS\system32\SET680.tmp
2008-11-29 17:48:36 ----A---- C:\WINDOWS\system32\SET64A.tmp
2008-11-29 17:48:34 ----A---- C:\WINDOWS\system32\SET633.tmp
2008-11-29 17:48:34 ----A---- C:\WINDOWS\system32\SET627.tmp
2008-11-29 17:48:33 ----A---- C:\WINDOWS\system32\SET600.tmp
2008-11-29 17:48:32 ----A---- C:\WINDOWS\system32\SET5D9.tmp
2008-11-29 17:48:30 ----A---- C:\WINDOWS\system32\SET5AC.tmp
2008-11-29 17:48:29 ----A---- C:\WINDOWS\system32\SET58E.tmp
2008-11-29 17:48:28 ----A---- C:\WINDOWS\system32\SET589.tmp
2008-11-29 17:48:28 ----A---- C:\WINDOWS\system32\SET588.tmp
2008-11-29 17:48:27 ----A---- C:\WINDOWS\system32\SET558.tmp
2008-11-29 17:48:26 ----A---- C:\WINDOWS\system32\SET555.tmp
2008-11-29 17:48:26 ----A---- C:\WINDOWS\system32\SET551.tmp
2008-11-29 17:48:24 ----A---- C:\WINDOWS\system32\SET52B.tmp
2008-11-29 17:48:17 ----A---- C:\WINDOWS\system32\SET462.tmp
2008-11-29 17:48:15 ----A---- C:\WINDOWS\system32\SET437.tmp
2008-11-29 17:48:15 ----A---- C:\WINDOWS\system32\SET432.tmp
2008-11-29 17:48:15 ----A---- C:\WINDOWS\system32\SET42B.tmp
2008-11-29 17:48:14 ----A---- C:\WINDOWS\system32\SET420.tmp
2008-11-29 17:48:13 ----A---- C:\WINDOWS\system32\SET3F3.tmp
2008-11-29 17:48:12 ----A---- C:\WINDOWS\system32\SET3E2.tmp
2008-11-29 17:48:05 ----A---- C:\WINDOWS\system32\SET325.tmp
2008-11-29 17:48:03 ----A---- C:\WINDOWS\system32\SET2E0.tmp
2008-11-29 17:48:01 ----A---- C:\WINDOWS\system32\SET2A6.tmp
2008-11-29 17:47:57 ----A---- C:\WINDOWS\system32\SET236.tmp
2008-11-29 17:47:56 ----A---- C:\WINDOWS\system32\SET233.tmp
2008-11-29 17:47:55 ----A---- C:\WINDOWS\system32\SET21F.tmp
2008-11-29 17:47:55 ----A---- C:\WINDOWS\system32\SET207.tmp
2008-11-29 17:47:52 ----A---- C:\WINDOWS\system32\SET1E8.tmp
2008-11-29 17:47:51 ----A---- C:\WINDOWS\system32\SET1D0.tmp
2008-11-29 17:47:51 ----A---- C:\WINDOWS\system32\SET1CE.tmp
2008-11-29 17:47:50 ----A---- C:\WINDOWS\system32\SET1B6.tmp
2008-11-29 17:47:49 ----A---- C:\WINDOWS\system32\SET1AD.tmp
2008-11-29 17:47:49 ----A---- C:\WINDOWS\system32\SET1A5.tmp
2008-11-29 17:47:47 ----A---- C:\WINDOWS\system32\SET182.tmp
2008-11-29 17:47:46 ----A---- C:\WINDOWS\system32\SET178.tmp
2008-11-29 17:47:46 ----A---- C:\WINDOWS\system32\SET16D.tmp
2008-11-29 17:47:44 ----A---- C:\WINDOWS\system32\SET155.tmp
2008-11-29 17:47:44 ----A---- C:\WINDOWS\system32\SET152.tmp
2008-11-29 17:47:43 ----A---- C:\WINDOWS\system32\SET14E.tmp
2008-11-29 17:47:43 ----A---- C:\WINDOWS\system32\SET14C.tmp
2008-11-29 17:47:42 ----A---- C:\WINDOWS\system32\SET14B.tmp
2008-11-29 17:45:47 ----A---- C:\WINDOWS\002731_.tmp
2008-11-29 16:31:22 ----A---- C:\WINDOWS\system32\_003902_.tmp.dll
2008-11-29 16:30:24 ----A---- C:\WINDOWS\system32\_003900_.tmp.dll
2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003895_.tmp.dll
2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003894_.tmp.dll
2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003893_.tmp.dll
2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003892_.tmp.dll
2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003891_.tmp.dll
2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003888_.tmp.dll
2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003887_.tmp.dll
2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003886_.tmp.dll
2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003885_.tmp.dll
2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003883_.tmp.dll
2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003880_.tmp.dll
2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003878_.tmp.dll
2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003877_.tmp.dll
2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003873_.tmp.dll
2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003872_.tmp.dll
2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003868_.tmp.dll
2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003866_.tmp.dll
2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003865_.tmp.dll
2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003859_.tmp.dll
2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003853_.tmp.dll
2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003851_.tmp.dll
2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003845_.tmp.dll
2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003844_.tmp.dll
2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003840_.tmp.dll
2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003838_.tmp.dll
2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003835_.tmp.dll
2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003784_.tmp.dll
2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003779_.tmp.dll
2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003762_.tmp.dll
2008-11-29 16:30:19 ----A---- C:\WINDOWS\system32\_003754_.tmp.dll
2008-11-28 23:36:35 ----D---- C:\Documents and Settings\moi\Application Data\Desktopicon
2008-11-28 23:36:34 ----D---- C:\Program Files\Unlocker
2008-11-12 03:00:42 ----D---- C:\Program Files\MSXML 4.0
2008-10-25 21:25:53 ----A---- C:\WINDOWS\system32\_003869_.tmp.dll
2008-10-25 21:25:53 ----A---- C:\WINDOWS\system32\_003864_.tmp.dll
2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003863_.tmp.dll
2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003862_.tmp.dll
2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003861_.tmp.dll
2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003860_.tmp.dll
2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003857_.tmp.dll
2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003856_.tmp.dll
2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003855_.tmp.dll
2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003854_.tmp.dll
2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003852_.tmp.dll
2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003849_.tmp.dll
2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003847_.tmp.dll
2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003846_.tmp.dll
2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003842_.tmp.dll
2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003841_.tmp.dll
2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003836_.tmp.dll
2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003834_.tmp.dll
2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003833_.tmp.dll
2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003827_.tmp.dll
2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003821_.tmp.dll
2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003819_.tmp.dll
2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003813_.tmp.dll
2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003812_.tmp.dll
2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003808_.tmp.dll
2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003806_.tmp.dll
2008-10-25 21:25:49 ----A---- C:\WINDOWS\system32\_003803_.tmp.dll
2008-10-25 21:25:49 ----A---- C:\WINDOWS\system32\_003752_.tmp.dll
2008-10-25 21:25:49 ----A---- C:\WINDOWS\system32\_003747_.tmp.dll
2008-10-25 21:25:49 ----A---- C:\WINDOWS\system32\_003730_.tmp.dll
2008-10-25 21:25:49 ----A---- C:\WINDOWS\system32\_003722_.tmp.dll
2008-10-25 20:10:54 ----D---- C:\Program Files\Windows Resource Kits
2008-10-25 10:57:28 ----A---- C:\WINDOWS\system32\_003839_.tmp.dll
2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003837_.tmp.dll
2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003832_.tmp.dll
2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003831_.tmp.dll
2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003830_.tmp.dll
2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003829_.tmp.dll
2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003828_.tmp.dll
2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003825_.tmp.dll
2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003824_.tmp.dll
2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003823_.tmp.dll
2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003822_.tmp.dll
2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003820_.tmp.dll
2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003817_.tmp.dll
2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003815_.tmp.dll
2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003814_.tmp.dll
2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003810_.tmp.dll
2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003809_.tmp.dll
2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003804_.tmp.dll
2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003802_.tmp.dll
2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003801_.tmp.dll
2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003795_.tmp.dll
2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003789_.tmp.dll
2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003787_.tmp.dll
2008-10-25 10:56:24 ----A---- C:\WINDOWS\system32\_003781_.tmp.dll
2008-10-25 10:56:24 ----A---- C:\WINDOWS\system32\_003780_.tmp.dll
2008-10-25 10:56:24 ----A---- C:\WINDOWS\system32\_003776_.tmp.dll
2008-10-25 10:56:24 ----A---- C:\WINDOWS\system32\_003774_.tmp.dll
2008-10-25 10:56:24 ----A---- C:\WINDOWS\system32\_003771_.tmp.dll
2008-10-25 10:56:23 ----A---- C:\WINDOWS\system32\_003720_.tmp.dll
2008-10-25 10:56:23 ----A---- C:\WINDOWS\system32\_003715_.tmp.dll
2008-10-25 10:56:23 ----A---- C:\WINDOWS\system32\_003699_.tmp.dll
2008-10-25 10:56:23 ----A---- C:\WINDOWS\system32\_003691_.tmp.dll
2008-10-17 01:17:16 ----D---- C:\WINDOWS\NV10841364.TMP
2008-10-15 23:14:31 ----D---- C:\Documents and Settings\All Users\Application Data\KONAMI
2008-10-15 10:34:52 ----D---- C:\Documents and Settings\moi\Application Data\InstallShield
2008-10-11 09:04:21 ----A---- C:\WINDOWS\system32\thawbrkr.dll
2008-10-11 09:04:19 ----A---- C:\WINDOWS\system32\c_iscii.dll
2008-10-11 09:04:17 ----A---- C:\WINDOWS\system32\kbdusa.dll
2008-10-11 09:04:08 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2008-10-06 08:07:41 ----A---- C:\WINDOWS\system32\_003807_.tmp.dll
2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003805_.tmp.dll
2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003800_.tmp.dll
2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003799_.tmp.dll
2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003798_.tmp.dll
2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003797_.tmp.dll
2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003796_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003793_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003792_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003791_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003790_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003788_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003785_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003783_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003782_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003778_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003777_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003772_.tmp.dll
2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003770_.tmp.dll
2008-10-06 08:07:04 -

Répondre à corsy
Destrio5   19-08-2009 à 23:20:44
- 0 +

Tu as une belle infection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.


Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Répondre à Destrio5
corsy   20-08-2009 à 00:04:02
- 0 +

j'ai fais ce que tu ma demander,mais ca ma redemarrer le pc et ensuite j'ai pu entrer dans ma session mais en une minute meme pas je ne pouvais plus ouvrir aucun probleme

peut etre qu'au moment ou le logiciel redemarre mon pc je dois entrer dans ma session en mode sans echec non ?

je suis dsl de vous embeter mais c'est tres important pour moi

merci

Répondre à corsy
corsy   20-08-2009 à 00:27:08
- 0 +

voila voici le log j'ai redemarrer en mode sans echec

le log :
ComboFix 09-08-18.04 - moi 11/01/2005 17:42.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2222 [GMT 1:00]
Running from: c:\documents and settings\moi\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\husycunak.ban
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\nolej.db
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\wituvoz.com
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\yruqi._sy
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\moi\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\program files\PC_Antispyware2010\wscui.cpl
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\wisdstr.exe
.
---- Previous Run -------
.
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\edigyraw.ban
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\izyhuxat.ban
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\oriqamim.dat
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\rolomajape.scr
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\moi\Application Data\inst.exe
c:\documents and settings\moi\Application Data\wiaserva.log
c:\documents and settings\moi\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\wscui.cpl
C:\test.txt
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\acdddl.dll
c:\windows\braviax.exe
c:\windows\Installer\ecb8c.msi
c:\windows\ld12.exe
c:\windows\prxid93ps.dat
c:\windows\system32\_003584_.tmp.dll
c:\windows\system32\_003585_.tmp.dll
c:\windows\system32\_003586_.tmp.dll
c:\windows\system32\_003587_.tmp.dll
c:\windows\system32\_003592_.tmp.dll
c:\windows\system32\_003593_.tmp.dll
c:\windows\system32\_003594_.tmp.dll
c:\windows\system32\_003595_.tmp.dll
c:\windows\system32\_003596_.tmp.dll
c:\windows\system32\_003597_.tmp.dll
c:\windows\system32\_003598_.tmp.dll
c:\windows\system32\_003599_.tmp.dll
c:\windows\system32\_003600_.tmp.dll
c:\windows\system32\_003601_.tmp.dll
c:\windows\system32\_003602_.tmp.dll
c:\windows\system32\_003603_.tmp.dll
c:\windows\system32\_003604_.tmp.dll
c:\windows\system32\_003605_.tmp.dll
c:\windows\system32\_003606_.tmp.dll
c:\windows\system32\_003607_.tmp.dll
c:\windows\system32\_003608_.tmp.dll
c:\windows\system32\_003609_.tmp.dll
c:\windows\system32\_003610_.tmp.dll
c:\windows\system32\_003611_.tmp.dll
c:\windows\system32\_003612_.tmp.dll
c:\windows\system32\_003613_.tmp.dll
c:\windows\system32\_003614_.tmp.dll
c:\windows\system32\_003615_.tmp.dll
c:\windows\system32\_003616_.tmp.dll
c:\windows\system32\_003617_.tmp.dll
c:\windows\system32\_003618_.tmp.dll
c:\windows\system32\_003619_.tmp.dll
c:\windows\system32\_003620_.tmp.dll
c:\windows\system32\_003621_.tmp.dll
c:\windows\system32\_003622_.tmp.dll
c:\windows\system32\_003623_.tmp.dll
c:\windows\system32\_003624_.tmp.dll
c:\windows\system32\_003625_.tmp.dll
c:\windows\system32\_003626_.tmp.dll
c:\windows\system32\_003627_.tmp.dll
c:\windows\system32\_003628_.tmp.dll
c:\windows\system32\_003629_.tmp.dll
c:\windows\system32\_003630_.tmp.dll
c:\windows\system32\_003631_.tmp.dll
c:\windows\system32\_003632_.tmp.dll
c:\windows\system32\_003633_.tmp.dll
c:\windows\system32\_003634_.tmp.dll
c:\windows\system32\_003635_.tmp.dll
c:\windows\system32\_003636_.tmp.dll
c:\windows\system32\_003637_.tmp.dll
c:\windows\system32\_003638_.tmp.dll
c:\windows\system32\_003639_.tmp.dll
c:\windows\system32\_003640_.tmp.dll
c:\windows\system32\_003641_.tmp.dll
c:\windows\system32\_003642_.tmp.dll
c:\windows\system32\_003643_.tmp.dll
c:\windows\system32\_003644_.tmp.dll
c:\windows\system32\_003645_.tmp.dll
c:\windows\system32\_003646_.tmp.dll
c:\windows\system32\_003647_.tmp.dll
c:\windows\system32\_003648_.tmp.dll
c:\windows\system32\_003649_.tmp.dll
c:\windows\system32\_003650_.tmp.dll
c:\windows\system32\_003651_.tmp.dll
c:\windows\system32\_003652_.tmp.dll
c:\windows\system32\_003653_.tmp.dll
c:\windows\system32\_003654_.tmp.dll
c:\windows\system32\_003655_.tmp.dll
c:\windows\system32\_003656_.tmp.dll
c:\windows\system32\_003657_.tmp.dll
c:\windows\system32\_003658_.tmp.dll
c:\windows\system32\_003659_.tmp.dll
c:\windows\system32\_003660_.tmp.dll
c:\windows\system32\_003661_.tmp.dll
c:\windows\system32\_003662_.tmp.dll
c:\windows\system32\_003663_.tmp.dll
c:\windows\system32\_003664_.tmp.dll
c:\windows\system32\_003665_.tmp.dll
c:\windows\system32\_003666_.tmp.dll
c:\windows\system32\_003667_.tmp.dll
c:\windows\system32\_003668_.tmp.dll
c:\windows\system32\_003669_.tmp.dll
c:\windows\system32\_003670_.tmp.dll
c:\windows\system32\_003671_.tmp.dll
c:\windows\system32\_003672_.tmp.dll
c:\windows\system32\_003673_.tmp.dll
c:\windows\system32\_003674_.tmp.dll
c:\windows\system32\_003675_.tmp.dll
c:\windows\system32\_003676_.tmp.dll
c:\windows\system32\_003677_.tmp.dll
c:\windows\system32\_003678_.tmp.dll
c:\windows\system32\_003679_.tmp.dll
c:\windows\system32\_003680_.tmp.dll
c:\windows\system32\_003681_.tmp.dll
c:\windows\system32\_003682_.tmp.dll
c:\windows\system32\_003683_.tmp.dll
c:\windows\system32\_003684_.tmp.dll
c:\windows\system32\_003685_.tmp.dll
c:\windows\system32\_003686_.tmp.dll
c:\windows\system32\_003687_.tmp.dll
c:\windows\system32\_003688_.tmp.dll
c:\windows\system32\_003689_.tmp.dll
c:\windows\system32\_003690_.tmp.dll
c:\windows\system32\_003691_.tmp.dll
c:\windows\system32\_003692_.tmp.dll
c:\windows\system32\_003693_.tmp.dll
c:\windows\system32\_003694_.tmp.dll
c:\windows\system32\_003695_.tmp.dll
c:\windows\system32\_003696_.tmp.dll
c:\windows\system32\_003697_.tmp.dll
c:\windows\system32\_003698_.tmp.dll
c:\windows\system32\_003699_.tmp.dll
c:\windows\system32\_003700_.tmp.dll
c:\windows\system32\_003701_.tmp.dll
c:\windows\system32\_003702_.tmp.dll
c:\windows\system32\_003703_.tmp.dll
c:\windows\system32\_003704_.tmp.dll
c:\windows\system32\_003705_.tmp.dll
c:\windows\system32\_003706_.tmp.dll
c:\windows\system32\_003707_.tmp.dll
c:\windows\system32\_003708_.tmp.dll
c:\windows\system32\_003709_.tmp.dll
c:\windows\system32\_003710_.tmp.dll
c:\windows\system32\_003711_.tmp.dll
c:\windows\system32\_003712_.tmp.dll
c:\windows\system32\_003713_.tmp.dll
c:\windows\system32\_003714_.tmp.dll
c:\windows\system32\_003715_.tmp.dll
c:\windows\system32\_003716_.tmp.dll
c:\windows\system32\_003717_.tmp.dll
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003719_.tmp.dll
c:\windows\system32\_003720_.tmp.dll
c:\windows\system32\_003721_.tmp.dll
c:\windows\system32\_003722_.tmp.dll
c:\windows\system32\_003723_.tmp.dll
c:\windows\system32\_003724_.tmp.dll
c:\windows\system32\_003725_.tmp.dll
c:\windows\system32\_003726_.tmp.dll
c:\windows\system32\_003727_.tmp.dll
c:\windows\system32\_003728_.tmp.dll
c:\windows\system32\_003729_.tmp.dll
c:\windows\system32\_003730_.tmp.dll
c:\windows\system32\_003731_.tmp.dll
c:\windows\system32\_003732_.tmp.dll
c:\windows\system32\_003733_.tmp.dll
c:\windows\system32\_003734_.tmp.dll
c:\windows\system32\_003735_.tmp.dll
c:\windows\system32\_003736_.tmp.dll
c:\windows\system32\_003737_.tmp.dll
c:\windows\system32\_003738_.tmp.dll
c:\windows\system32\_003739_.tmp.dll
c:\windows\system32\_003740_.tmp.dll
c:\windows\system32\_003741_.tmp.dll
c:\windows\system32\_003742_.tmp.dll
c:\windows\system32\_003743_.tmp.dll
c:\windows\system32\_003744_.tmp.dll
c:\windows\system32\_003745_.tmp.dll
c:\windows\system32\_003746_.tmp.dll
c:\windows\system32\_003747_.tmp.dll
c:\windows\system32\_003748_.tmp.dll
c:\windows\system32\_003749_.tmp.dll
c:\windows\system32\_003750_.tmp.dll
c:\windows\system32\_003751_.tmp.dll
c:\windows\system32\_003752_.tmp.dll
c:\windows\system32\_003753_.tmp.dll
c:\windows\system32\_003754_.tmp.dll
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003756_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003758_.tmp.dll
c:\windows\system32\_003759_.tmp.dll
c:\windows\system32\_003760_.tmp.dll
c:\windows\system32\_003761_.tmp.dll
c:\windows\system32\_003762_.tmp.dll
c:\windows\system32\_003763_.tmp.dll
c:\windows\system32\_003764_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003766_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_003768_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003770_.tmp.dll
c:\windows\system32\_003771_.tmp.dll
c:\windows\system32\_003772_.tmp.dll
c:\windows\system32\_003773_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003775_.tmp.dll
c:\windows\system32\_003776_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003778_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003780_.tmp.dll
c:\windows\system32\_003781_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003783_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003788_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003790_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003792_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003795_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003798_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003800_.tmp.dll
c:\windows\system32\_003801_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003803_.tmp.dll
c:\windows\system32\_003804_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003808_.tmp.dll
c:\windows\system32\_003809_.tmp.dll
c:\windows\system32\_003810_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003814_.tmp.dll
c:\windows\system32\_003815_.tmp.dll
c:\windows\system32\_003817_.tmp.dll
c:\windows\system32\_003819_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003823_.tmp.dll
c:\windows\system32\_003824_.tmp.dll
c:\windows\system32\_003825_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003828_.tmp.dll
c:\windows\system32\_003829_.tmp.dll
c:\windows\system32\_003830_.tmp.dll
c:\windows\system32\_003831_.tmp.dll
c:\windows\system32\_003832_.tmp.dll
c:\windows\system32\_003833_.tmp.dll
c:\windows\system32\_003834_.tmp.dll
c:\windows\system32\_003835_.tmp.dll
c:\windows\system32\_003836_.tmp.dll
c:\windows\system32\_003837_.tmp.dll
c:\windows\system32\_003838_.tmp.dll
c:\windows\system32\_003839_.tmp.dll
c:\windows\system32\_003840_.tmp.dll
c:\windows\system32\_003841_.tmp.dll
c:\windows\system32\_003842_.tmp.dll
c:\windows\system32\_003844_.tmp.dll
c:\windows\system32\_003845_.tmp.dll
c:\windows\system32\_003846_.tmp.dll
c:\windows\system32\_003847_.tmp.dll
c:\windows\system32\_003849_.tmp.dll
c:\windows\system32\_003851_.tmp.dll
c:\windows\system32\_003852_.tmp.dll
c:\windows\system32\_003853_.tmp.dll
c:\windows\system32\_003854_.tmp.dll
c:\windows\system32\_003855_.tmp.dll
c:\windows\system32\_003856_.tmp.dll
c:\windows\system32\_003857_.tmp.dll
c:\windows\system32\_003859_.tmp.dll
c:\windows\system32\_003860_.tmp.dll
c:\windows\system32\_003861_.tmp.dll
c:\windows\system32\_003862_.tmp.dll
c:\windows\system32\_003863_.tmp.dll
c:\windows\system32\_003864_.tmp.dll
c:\windows\system32\_003865_.tmp.dll
c:\windows\system32\_003866_.tmp.dll
c:\windows\system32\_003868_.tmp.dll
c:\windows\system32\_003869_.tmp.dll
c:\windows\system32\_003872_.tmp.dll
c:\windows\system32\_003873_.tmp.dll
c:\windows\system32\_003877_.tmp.dll
c:\windows\system32\_003878_.tmp.dll
c:\windows\system32\_003880_.tmp.dll
c:\windows\system32\_003883_.tmp.dll
c:\windows\system32\_003885_.tmp.dll
c:\windows\system32\_003886_.tmp.dll
c:\windows\system32\_003887_.tmp.dll
c:\windows\system32\_003888_.tmp.dll
c:\windows\system32\_003891_.tmp.dll
c:\windows\system32\_003892_.tmp.dll
c:\windows\system32\_003893_.tmp.dll
c:\windows\system32\_003894_.tmp.dll
c:\windows\system32\_003895_.tmp.dll
c:\windows\system32\_003900_.tmp.dll
c:\windows\system32\_003902_.tmp.dll
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\DelSelf.bat
c:\windows\system32\winitn.dll

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\MsPMSNSv.dll

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\i386\BEEP.SYS

Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((( Files Created from 2004-12-11 to 2005-01-11 )))))))))))))))))))))))))))))))
.

2009-08-16 01:50 . 2005-01-10 16:08 136 ----a-w- c:\documents and settings\moi\delself.bat
2009-08-16 01:50 . 2009-08-16 01:50 26686 ----a-w- c:\windows\system32\msword98.exe
2009-08-16 01:50 . 2009-08-16 01:50 26686 ----a-w- c:\documents and settings\moi\msword98.exe
2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS
2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys
2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM
2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive
2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV
2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D
2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2
2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio
2009-07-15 17:12 . 2009-07-19 10:35 230432 ----a-w- C:\SPC230NC.DAT
2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft
2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft
2009-07-15 15:41 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-07-15 15:38 . 2007-09-26 12:28 8576 ----a-w- c:\windows\system32\drivers\PAEAFLT.sys
2009-07-15 15:38 . 2007-12-31 14:19 461056 ----a-w- c:\windows\system32\drivers\SPC230NC.SYS
2009-07-15 15:38 . 2007-11-02 09:07 6656 ----a-w- c:\windows\system32\CoInst.dll
2009-07-15 15:38 . 2009-07-15 15:38 -------- d-----w- c:\windows\Philips
2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live
2009-06-20 19:31 . 2009-06-20 19:31 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\Downloaded Installations
2009-06-12 10:40 . 2009-06-12 10:48 -------- d-----w- c:\documents and settings\moi\Application Data\Download Manager
2009-06-03 14:24 . 2009-06-03 14:24 -------- d-----w- c:\program files\Runtime Software
2009-04-26 23:24 . 2009-04-26 23:24 -------- d-----w- c:\documents and settings\moi\OngameNetwork
2009-04-26 23:21 . 2009-07-05 11:08 -------- d-----w- c:\program files\WinamaxPoker
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-13 21:47 . 2009-04-13 21:47 1190400 ----a-w- c:\documents and settings\moi\Application Data\Dealio\dinstallhelper.ABD4F0A8EE06459FAC3887CF92695D6B.dll
2009-04-13 21:47 . 2009-04-13 21:47 -------- d-----w- c:\documents and settings\moi\Application Data\Dealio
2009-03-31 19:44 . 2009-03-31 19:44 -------- d-----w- c:\windows\system32\athan
2009-03-31 19:44 . 2009-06-03 14:12 -------- d-----w- c:\program files\Athan
2009-03-16 17:11 . 2009-03-16 17:11 -------- d-----w- c:\documents and settings\secours\Application Data\Wippien
2009-03-14 00:53 . 2009-06-23 18:01 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien
2009-03-14 00:53 . 2008-12-30 22:43 23480 ----a-w- c:\windows\system32\drivers\wip0204.sys
2009-03-04 19:36 . 2009-08-01 12:42 -------- d-----w- c:\program files\JPEG Compression
2009-03-02 18:02 . 2009-08-16 10:45 -------- d-----w- c:\program files\Cheat 'O Matic
2009-02-02 16:12 . 2009-02-02 17:02 -------- d-----w- c:\documents and settings\moi\Application Data\Facebook
2009-01-30 17:25 . 2009-01-30 17:25 -------- d-----w- c:\documents and settings\secours\Application Data\MAGIX
2009-01-30 01:56 . 2009-01-30 01:56 -------- d-----w- c:\documents and settings\moi\Application Data\MAGIX
2009-01-30 01:54 . 2001-05-11 12:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2009-01-30 01:51 . 2009-02-12 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2009-01-30 01:51 . 2009-02-12 17:16 -------- d-----w- c:\program files\MAGIX
2009-01-30 01:51 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2009-01-30 01:50 . 2009-02-12 17:16 -------- d-----w- c:\windows\system32\MAGIX
2009-01-30 01:50 . 2008-04-15 14:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2009-01-30 01:48 . 2009-01-30 01:48 2048 ----a-w- c:\documents and settings\moi\Application Data\invibes\gdiplusfont.dll
2009-01-30 01:48 . 2009-01-30 01:48 -------- d-----w- c:\documents and settings\moi\Application Data\invibes
2009-01-30 01:48 . 2009-01-30 01:48 -------- d-----w- c:\program files\Micro Application
2009-01-30 00:04 . 2009-01-30 01:34 -------- d-----w- c:\program files\Qtracker
2009-01-29 23:57 . 2009-07-19 20:44 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi
2009-01-29 23:56 . 2009-03-10 10:50 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-01-26 09:16 . 2009-01-26 09:16 -------- d-----w- c:\program files\Activision
2009-01-26 09:12 . 2009-01-26 09:12 -------- d-sh--w- c:\windows\ftpcache
2009-01-24 14:27 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-01-24 14:27 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-01-24 14:27 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-01-24 14:27 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-01-24 14:27 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-01-24 14:27 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-01-24 14:10 . 2009-01-24 14:14 -------- d-----w- c:\windows\NV28082812.TMP
2009-01-24 14:10 . 2009-01-24 14:10 -------- d-----w- c:\windows\nview
2009-01-24 14:10 . 2008-12-25 23:08 453152 ----a-w- c:\windows\system32\nvudisp.exe
2009-01-24 14:08 . 2008-12-23 20:58 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-01-24 11:42 . 2009-01-24 11:42 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\THQ
2009-01-15 17:05 . 2009-01-15 17:05 -------- d-----w- c:\documents and settings\secours\Application Data\Samsung
2008-12-31 16:48 . 2008-12-31 16:48 -------- d--h--r- c:\documents and settings\secours\Application Data\SecuROM
2008-12-31 13:46 . 2008-12-31 13:46 -------- d-----w- c:\program files\MSXML 6.0
2008-12-31 13:10 . 2008-05-30 13:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2008-12-31 13:10 . 2008-05-30 13:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2008-12-31 13:10 . 2008-05-30 13:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2008-12-31 13:10 . 2008-05-30 13:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2008-12-31 13:10 . 2008-05-30 13:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2008-12-31 13:10 . 2008-05-30 13:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2008-12-31 13:10 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2008-12-31 13:10 . 2008-03-05 15:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2008-12-31 13:09 . 2008-03-05 15:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2008-12-31 13:09 . 2008-03-05 15:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2008-12-31 13:09 . 2007-10-22 02:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2008-12-31 13:09 . 2007-10-12 14:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2008-12-31 13:09 . 2007-10-02 08:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2008-12-31 13:09 . 2007-10-12 14:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2008-12-31 13:07 . 2008-12-31 13:07 -------- d-----w- c:\windows\Logs
2008-12-31 10:24 . 2008-12-31 10:24 -------- d--h--r- c:\documents and settings\moi\Application Data\SecuROM
2008-12-31 01:05 . 2008-12-31 01:05 -------- d-----w- c:\program files\MSBuild
2008-12-31 01:05 . 2009-01-02 18:28 722088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-12-31 01:02 . 2008-12-31 01:07 -------- d-----w- c:\windows\system32\XPSViewer
2008-12-31 01:00 . 2008-12-31 01:00 -------- d-----w- c:\program files\Reference Assemblies
2008-12-31 01:00 . 2006-06-29 12:07 14048 ----a-w- c:\windows\system32\spmsg2.dll
2008-12-31 00:56 . 2008-12-31 00:56 -------- d-----w- c:\documents and settings\moi\Application Data\DAEMON Tools
2008-12-31 00:56 . 2008-12-31 00:56 -------- d-----w- c:\documents and settings\moi\Application Data\DAEMON Tools Pro
2008-12-31 00:55 . 2008-12-31 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-31 00:55 . 2008-12-31 00:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2008-12-31 00:47 . 2008-12-31 00:57 -------- d-----w- c:\documents and settings\moi\Application Data\DAEMON Tools Lite
2008-12-20 17:56 . 2008-12-20 17:57 -------- d-----w- c:\documents and settings\secours\Application Data\DeepBurner
2008-11-29 16:43 . 2004-08-19 19:58 124800 -c--a-w- c:\windows\system32\dllcache\fltmgr.sys
2008-11-29 16:43 . 2004-08-19 19:58 124800 ----a-w- c:\windows\system32\drivers\fltMgr.sys
2008-11-29 16:42 . 2004-08-03 22:10 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2008-11-29 16:42 . 2004-08-03 22:10 85376 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2008-11-29 16:42 . 2004-08-03 21:58 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2008-11-29 16:42 . 2004-08-03 22:10 19328 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2008-11-29 16:42 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2008-11-29 15:30 . 2004-08-05 12:00 71040 ----a-w- c:\windows\system32\drivers\_003640_.tmp.dll
2008-11-28 22:36 . 2008-11-28 22:36 -------- d-----w- c:\documents and settings\moi\Application Data\Desktopicon
2008-11-28 22:36 . 2008-11-29 16:21 -------- d-----w- c:\program files\Unlocker
2008-11-12 02:00 . 2008-11-12 02:00 -------- d-----w- c:\program files\MSXML 4.0
2008-10-25 20:25 . 2004-08-05 12:00 71040 ----a-w- c:\windows\system32\drivers\_003630_.tmp.dll
2008-10-25 19:10 . 2008-10-25 19:11 -------- d-----w- c:\program files\Windows Resource Kits
2008-10-25 09:56 . 2004-08-05 12:00 71040 ----a-w- c:\windows\system32\drivers\_003622_.tmp.dll
2008-10-17 00:17 . 2008-10-17 00:20 -------- d-----w- c:\windows\NV10841364.TMP
2008-10-15 22:14 . 2008-10-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2008-10-15 09:34 . 2008-10-15 09:34 -------- d-----w- c:\documents and settings\moi\Application Data\InstallShield
2008-10-11 08:04 . 2004-08-05 12:00 185344 -c--a-w- c:\windows\system32\dllcache\thawbrkr.dll
2008-10-11 08:04 . 2004-08-05 12:00 185344 ----a-w- c:\windows\system32\thawbrkr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real
2008-06-24 16:12 . 2006-10-18 19:47 295936 ----a-w- c:\windows\system32\wmpeffects.dll
2008-04-14 02:33 . 2008-04-14 02:33 6144 ----a-w- c:\windows\system32\SETACB.tmp
2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET5A2.tmp
2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET333.tmp
2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET263.tmp
2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET227.tmp
2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET1F1.tmp
2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET1D5.tmp
2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET170.tmp
2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET15A.tmp
2008-04-14 02:31 . 2008-04-14 02:31 290816 ----a-w- c:\windows\system32\SET9DD.tmp
2008-04-14 02:31 . 2008-04-14 02:31 290816 ----a-w- c:\windows\system32\SET7BF.tmp
2008-04-14 02:31 . 2008-04-14 02:31 3584 ----a-w- c:\windows\system32\SET639.tmp
2008-04-14 02:31 . 2008-04-14 02:31 3584 ----a-w- c:\windows\system32\SET4F6.tmp
2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SETAF6.tmp
2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET9D0.tmp
2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET8EB.tmp
2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET7EE.tmp
2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET6FD.tmp
2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET5F5.tmp
2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET533.tmp
2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET505.tmp
2008-04-14 02:02 . 2008-04-14 02:02 50688 ----a-w- c:\windows\system32\SETA15.tmp
2008-04-14 02:02 . 2008-04-14 02:02 50688 ----a-w- c:\windows\system32\SET8DA.tmp
2008-04-14 02:02 . 2008-04-14 02:02 50688 ----a-w- c:\windows\system32\SET7FF.tmp
2008-04-14 02:02 . 2008-04-14 02:02 50688 ----a-w- c:\windows\system32\SET616.tmp
2008-04-14 02:00 . 2008-04-14 02:00 572416 ----a-w- c:\windows\system32\SET7EC.tmp
2008-04-14 02:00 . 2008-04-14 02:00 572416 ----a-w- c:\windows\system32\SET66B.tmp
2008-04-14 02:00 . 2008-04-14 02:00 572416 ----a-w- c:\windows\system32\SET5D6.tmp
2008-04-14 02:00 . 2008-04-14 02:00 572416 ----a-w- c:\windows\system32\SET3B6.tmp
2008-04-14 02:00 . 2008-04-14 02:00 572416 ----a-w- c:\windows\system32\SET2F1.tmp
2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SETB06.tmp
2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SET9E0.tmp
2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SET8FB.tmp
2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SET70D.tmp
2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SET543.tmp
2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SET522.tmp
2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET1700.tmp
2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET15DA.tmp
2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET14F5.tmp
2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET13F6.tmp
2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET1305.tmp
2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET11FD.tmp
2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET1154.tmp
2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET113A.tmp
2008-04-13 18:33 . 2008-11-29 16:50 44544 ----a-w- c:\windows\system32\SETBE0.tmp
2008-04-13 18:32 . 2008-11-29 16:47 5632 ----a-w- c:\windows\system32\SET1A5.tmp
2008-04-13 18:31 . 2008-11-29 16:50 16896 ----a-w- c:\windows\system32\SETBB9.tmp
2008-04-13 18:30 . 2008-04-13 18:30 61440 ----a-w- c:\windows\system32\SET630.tmp
2008-04-13 18:30 . 2008-04-13 18:30 61440 ----a-w- c:\windows\system32\SET546.tmp
2008-04-13 18:30 . 2008-04-13 18:30 61440 ----a-w- c:\windows\system32\SET309.tmp
2008-04-13 17:26 . 2008-04-13 17:26 12288 ----a-w- c:\windows\system32\SET987.tmp
2008-04-13 16:26 . 2008-04-13 16:26 1351168 ----a-w- c:\windows\system32\SET973.tmp
2008-04-13 16:26 . 2008-04-13 16:26 1351168 ----a-w- c:\windows\system32\SET57E.tmp
2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET959.tmp
2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET821.tmp
2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET751.tmp
2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET640.tmp
2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET563.tmp
2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET3FC.tmp
2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET3BC.tmp
2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET31E.tmp
2008-04-13 15:42 . 2008-04-13 15:42 16896 ----a-w- c:\windows\system32\SET767.tmp
2008-04-13 15:42 . 2008-04-13 15:42 16896 ----a-w- c:\windows\system32\SET5A3.tmp
2008-04-13 15:42 . 2008-04-13 15:42 16896 ----a-w- c:\windows\system32\SET53A.tmp
2008-04-13 15:42 . 2008-04-13 15:42 16896 ----a-w- c:\windows\system32\SET30F.tmp
2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET966.tmp
2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET82E.tmp
2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET75D.tmp
2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET651.tmp
2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET573.tmp
2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET40C.tmp
2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET3C7.tmp
2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET32A.tmp
2008-04-13 10:36 . 2008-11-29 16:54 2986496 ----a-w- c:\windows\system32\SET17C3.tmp
2008-04-13 10:30 . 2008-11-29 16:49 61440 ----a-w- c:\windows\system32\SET9EB.tmp
2008-04-13 09:37 . 2008-11-29 16:50 138752 ----a-w- c:\windows\system32\SETB3E.tmp
2008-04-13 09:37 . 2008-11-29 16:49 208384 ----a-w- c:\windows\system32\SET87D.tmp
2008-04-13 09:26 . 2008-11-29 16:49 12288 ----a-w- c:\windows\system32\SETA34.tmp
2008-04-13 09:26 . 2008-11-29 16:49 12288 ----a-w- c:\windows\system32\SET953.tmp
2008-04-13 08:23 . 2008-11-29 16:49 48128 ----a-w- c:\windows\system32\SETA02.tmp
2008-04-13 07:39 . 2008-11-29 16:49 884736 ----a-w- c:\windows\system32\SETA11.tmp
2007-09-16 13:42 . 2005-03-23 17:50 -------- d-----w- c:\program files\Java
2007-06-17 12:51 . 2005-03-23 17:51 -------- d-----w- c:\program files\Sonic
2007-04-29 16:07 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\AOL
2007-04-29 16:07 . 2005-03-23 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2007-04-18 21:07 . 2009-01-30 01:52 53248 ----a-w- c:\windows\system32\mgxasio2.dll
2007-03-28 04:56 . 2008-11-29 16:49 98304 ----a-w- c:\windows\system32\SET957.tmp
2007-03-28 04:56 . 2008-11-29 16:49 24576 ----a-w- c:\windows\system32\SETA06.tmp
2007-02-09 08:20 . 2008-04-08 18:10 25548 ----a-w- c:\windows\Fonts\Pokemon Solid.ttf
2007-02-09 08:20 . 2008-04-08 18:10 42828 ----a-w- c:\windows\Fonts\Pokemon Hollow.ttf
2007-01-12 01:18 . 2004-09-28 05:38 114688 -c--a-w- c:\windows\system32\wmatimer.dll
2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SETB5A.tmp
2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SETA34.tmp
2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SET94F.tmp
2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SET852.tmp
2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SET761.tmp
2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SET659.tmp
2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SET597.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msword98"="c:\documents and settings\moi\msword98.exe" [2009-08-16 26686]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"msword98"="c:\windows\system32\msword98.exe" [2009-08-16 26686]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-12-25 1657376]
"SRFirstRun"="srclient.dll" - c:\windows\SYSTEM32\srclient.dll [2004-08-19 67584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

c:\documents and settings\moi\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2004-8-5 24064]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
backup=c:\windows\pss\Sipru.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
backup=c:\windows\pss\SkyMessager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"26180:TCP"= 26180:TCP:neuf telecom
"26181:TCP"= 26181:TCP:neuf telecom
"9876:TCP"= 9876:TCP:neuf telecom
"26190:UDP"= 26190:UDP:*:Disabled:SesamTV PVR
"31336:TCP"= 31336:TCP:*:Disabled:adsl tv
"31336:UDP"= 31336:UDP:*:Disabled:adsl tv
"10625:TCP"= 10625:TCP:*:Disabled:SHAREAZA
"10625:UDP"= 10625:UDP:*:Disabled:SHAREAZA
"3128:TCP"= 3128:TCP:*:Disabled:ffff
"3128:UDP"= 3128:UDP:*:Disabled:ffff
"7080:TCP"= 7080:TCP:*:Disabled:max tv
"21:UDP"= 21:UDP:*:Disabled:ultras
"3900:TCP"= 3900:TCP:*:Disabled:Sopcast
"3920:TCP"= 3920:TCP:*:Disabled:Sopcast
"28464:TCP"= 28464:TCP:emule tcp
"25140:UDP"= 25140:UDP:emule udp
"16800:TCP"= 16800:TCP:*:Disabled:tvants
"16800:UDP"= 16800:UDP:*:Disabled:tvants
"5739:UDP"= 5739:UDP:pes2009
"5730:UDP"= 5730:UDP:pes2009
"5729:UDP"= 5729:UDP:pes2009
"27588:TCP"= 27588:TCP:BitComet 27588 TCP
"27588:UDP"= 27588:UDP:BitComet 27588 UDP
"20085:TCP"= 20085:TCP:pes2009
"20030:TCP"= 20030:TCP:pes2009
"20020:TCP"= 20020:TCP:pes2009
"20010:TCP"= 20010:TCP:pes2009
"443:TCP"= 443:TCP:pes2009
"8800:TCP"= 8800:TCP:pes2009
"8899:TCP"= 8899:TCP:pes2009
"14020:TCP"= 14020:TCP:pes2009

S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 16:35 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 16:35 20560]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 10:39 515803]
S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 20:40 6852]
S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 22:26 827008]
S3 gAGP440p;gAGP440p;\??\c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys [?]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 14:55 472644]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 16:38 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 16:38 461056]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 10:39 10986]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 01:53 23480]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe
HKLM-Run-braviax - (no file)
HKU-Default-Run-braviax - (no file)
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://www.google.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-01-11 17:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wisdstr.exe 190539 bytes executable
c:\windows\system32\braviax.exe 11264 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]
"datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,
85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\
"rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,
29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,
33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,
fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,
57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,
72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,
3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,
fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,
27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,
4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,
85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,
e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,
ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\braviax.exe
.
**************************************************************************
.
Completion time: 2005-01-11 18:01 - machine was rebooted
ComboFix-quarantined-files.txt 2005-01-11 17:00

Pre-Run: 37 925 355 520 octets libres
Post-Run: 37 917 396 992 octets libres

841 --- E O F --- 2009-07-31 15:31

Répondre à corsy
Destrio5   20-08-2009 à 01:39:37
- 0 +

L'infection se régénère.

Il faut installer la console de récupération car ton infection Braviax infecte deux fichiers systèmes.

Déplace le fichier suivant sur ComboFix :
http://www.microsoft.com/downloads [...] laylang=fr

Répondre à Destrio5
corsy   20-08-2009 à 11:48:28
- 0 +

sayé je viens de telecharger sur le lien que tu ma donner,quand tu me dit que je dois deplacer ce fichier sur combofix ca ve dire que je dois le deplacer dans c:/combofix ?


MERCI

Répondre à corsy
corsy   20-08-2009 à 12:52:34
- 0 +

pour info je n'ai pa de lecteur de disquette

de plus,quand je vais dans c : je ne trouve plus combofix ! je ne trouve qu'un fichier combofix.txt

de meme quands je vais sur c : programmes files je ne trouve meme plus combofix

croyez moi je suis vraiment desoler d'etre aussi chiant pour mon pc mais j'en ai absolument besoin

merci bcp


Message édité par corsy le 20-08-2009 à 13:00:34
Répondre à corsy
Destrio5   20-08-2009 à 15:32:19
- 0 +

Citation :

c:\documents and settings\moi\Bureau\ComboFix.exe


--> ComboFix est sur ton Bureau.

Citation :

quand tu me dit que je dois deplacer ce fichier sur combofix ca ve dire que je dois le deplacer dans c:/combofix ?


--> Le déplacer comme ceci :

http://img.bleepingcomputer.com/combofix/usage/rc.gif

Répondre à Destrio5
corsy   20-08-2009 à 16:54:38
- 0 +

sayé je vien de le deplacer

j'ai un message warning voici le screen :
[img=http://img208.imageshack.us/img208/5412/combm.jpg]


Message édité par corsy le 20-08-2009 à 16:55:38
Répondre à corsy
Destrio5   20-08-2009 à 17:00:16
- 0 +

Il a détecté qu'Avast était en route.

Répondre à Destrio5
corsy   20-08-2009 à 17:31:44
- 0 +

pourtant je suis en mode sans echec avec prise en charge du reseau et avast n'est pas activer

Répondre à corsy
Destrio5   20-08-2009 à 17:33:12
- 0 +

Continue quand même.

Répondre à Destrio5
corsy   20-08-2009 à 17:38:45
- 0 +

donc je fais quoi maintenant lol,je continue au moment ou j'ai le message warning c'est ca ??

je vous jure je suis vraiment dsl d'etre aussi chiant !

Répondre à corsy
corsy   20-08-2009 à 18:17:08
- 0 +

voici le log :
ComboFix 09-08-19.0C - moi 20/08/2009 17:55.3.1 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2253 [GMT 2:00]
Running from: c:\documents and settings\moi\Bureau\65604-CF.exe
AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\agyg._sy
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\arymuj.dat
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\cuhig.bat
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ilecazilu.com
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\okek.scr
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\opajan.db
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\opilijuv.ban
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\tubodixoj.dat
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ureqa.pif
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\vaze.bin
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\wiguhozojy._sy
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\wymejuqemy._sy
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ybamijisez.reg
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ybihyjod.dll
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ynohyb.db
c:\documents and settings\moi\Application Data\wiaserva.log
c:\documents and settings\moi\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\program files\PC_Antispyware2010\wscui.cpl
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\system32\_scui.cpl
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\i386\BEEP.SYS

.
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-16 01:50 . 2005-01-12 08:17 26686 ----a-w- c:\documents and settings\moi\msword98.exe
2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS
2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys
2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM
2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive
2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV
2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D
2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2
2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 16:08 . 2009-08-20 16:08 190539 ----a-w- c:\windows\system32\wisdstr.exe
2009-08-20 16:08 . 2009-08-20 16:08 11264 ----a-w- c:\windows\system32\braviax.exe
2009-08-20 16:08 . 2005-01-12 08:22 29184 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-16 10:45 . 2009-03-02 18:02 -------- d-----w- c:\program files\Cheat 'O Matic
2009-08-15 16:19 . 2007-08-28 19:29 -------- d-----w- c:\program files\eMule
2009-08-15 12:18 . 2006-01-07 16:23 -------- d-----w- c:\documents and settings\moi\Application Data\OpenOffice.org2
2009-08-14 09:48 . 2007-02-27 12:47 -------- d-----w- c:\program files\SopCast
2009-08-14 09:48 . 2007-02-01 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real
2009-08-14 09:40 . 2008-03-06 09:07 -------- d-----w- c:\program files\mIRC
2009-08-03 12:36 . 2005-01-12 06:04 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2005-01-12 06:04 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 12:44 . 2007-08-03 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-01 12:42 . 2009-03-04 19:36 -------- d-----w- c:\program files\JPEG Compression
2009-07-19 20:44 . 2009-01-29 23:57 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi
2009-07-19 10:35 . 2009-07-15 17:12 230432 ----a-w- C:\SPC230NC.DAT
2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft
2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft
2009-07-14 13:39 . 2008-05-25 12:10 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 13:39 . 2007-04-30 09:13 -------- d-----w- c:\program files\MSN Messenger
2009-07-14 11:42 . 2005-11-08 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-05 11:08 . 2009-04-26 23:21 -------- d-----w- c:\program files\WinamaxPoker
2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live
2009-06-23 18:01 . 2009-03-14 00:53 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien
2005-01-12 08:28 . 2005-01-12 08:28 18873 ----a-w- c:\program files\Fichiers communs\ehepexe.dl
2005-01-12 08:28 . 2005-01-12 08:28 13574 ----a-w- c:\program files\Fichiers communs\qyqa._sy
2005-01-12 08:28 . 2005-01-12 08:28 13125 ----a-w- c:\program files\Fichiers communs\xycak.ban
2005-01-12 07:08 . 2005-01-12 07:08 19071 ----a-w- c:\program files\Fichiers communs\xice.dat
2005-01-12 07:08 . 2005-01-12 07:08 18217 ----a-w- c:\program files\Fichiers communs\ijad.pif
2005-01-12 07:08 . 2005-01-12 07:08 17575 ----a-w- c:\program files\Fichiers communs\ecykow.inf
2005-01-12 07:08 . 2005-01-12 07:08 11794 ----a-w- c:\program files\Fichiers communs\yrihak.db
2005-01-11 17:02 . 2005-01-11 17:02 15747 ----a-w- c:\program files\Fichiers communs\ejufijafa._sy
2005-01-11 17:02 . 2005-01-11 17:02 14540 ----a-w- c:\program files\Fichiers communs\loherif._sy
2005-01-11 17:02 . 2005-01-11 17:02 10981 ----a-w- c:\program files\Fichiers communs\cahypihig.exe
2005-01-11 16:41 . 2005-01-11 16:41 13114 ----a-w- c:\program files\Fichiers communs\ihytavo.bat
2005-01-11 16:41 . 2005-01-11 16:41 10572 ----a-w- c:\program files\Fichiers communs\ykilumyc.bat
2005-01-10 16:33 . 2005-01-10 16:33 19327 ----a-w- c:\program files\Fichiers communs\adogiz.db
2005-01-10 16:33 . 2005-01-10 16:33 19049 ----a-w- c:\program files\Fichiers communs\owijer.vbs
2005-01-10 16:33 . 2005-01-10 16:33 19042 ----a-w- c:\program files\Fichiers communs\sygigibihe.bat
2005-01-10 16:33 . 2005-01-10 16:33 18729 ----a-w- c:\program files\Fichiers communs\ynaho.ban
2005-01-10 16:33 . 2005-01-10 16:33 17714 ----a-w- c:\program files\Fichiers communs\venuba.bin
2005-01-10 16:33 . 2005-01-10 16:33 14201 ----a-w- c:\program files\Fichiers communs\okafid._sy
2006-06-17 07:05 . 2006-06-16 16:33 88 -csha-r- c:\windows\SYSTEM32\D0D0DC084F.sys
.

------- Sigcheck -------

[-] 2009-08-20 16:08 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DLLCACHE\beep.sys
[-] 2009-08-20 16:08 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DRIVERS\beep.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys
[7] 2004-08-19 20:03 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
[-] 2005-01-11 16:23 619200 5D407322AA69AC6E7B17C81B48DEB327 c:\windows\SYSTEM32\DRIVERS\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

c:\documents and settings\moi\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2004-8-5 24064]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
backup=c:\windows\pss\Sipru.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
backup=c:\windows\pss\SkyMessager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^ikowin32.exe]
path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
backup=c:\windows\pss\ikowin32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"26180:TCP"= 26180:TCP:neuf telecom
"26181:TCP"= 26181:TCP:neuf telecom
"9876:TCP"= 9876:TCP:neuf telecom
"26190:UDP"= 26190:UDP:*:Disabled:SesamTV PVR
"31336:TCP"= 31336:TCP:*:Disabled:adsl tv
"31336:UDP"= 31336:UDP:*:Disabled:adsl tv
"10625:TCP"= 10625:TCP:*:Disabled:SHAREAZA
"10625:UDP"= 10625:UDP:*:Disabled:SHAREAZA
"3128:TCP"= 3128:TCP:*:Disabled:ffff
"3128:UDP"= 3128:UDP:*:Disabled:ffff
"7080:TCP"= 7080:TCP:*:Disabled:max tv
"21:UDP"= 21:UDP:*:Disabled:ultras
"3900:TCP"= 3900:TCP:*:Disabled:Sopcast
"3920:TCP"= 3920:TCP:*:Disabled:Sopcast
"28464:TCP"= 28464:TCP:emule tcp
"25140:UDP"= 25140:UDP:emule udp
"16800:TCP"= 16800:TCP:*:Disabled:tvants
"16800:UDP"= 16800:UDP:*:Disabled:tvants
"5739:UDP"= 5739:UDP:pes2009
"5730:UDP"= 5730:UDP:pes2009
"5729:UDP"= 5729:UDP:pes2009
"27588:TCP"= 27588:TCP:BitComet 27588 TCP
"27588:UDP"= 27588:UDP:BitComet 27588 UDP
"20085:TCP"= 20085:TCP:pes2009
"20030:TCP"= 20030:TCP:pes2009
"20020:TCP"= 20020:TCP:pes2009
"20010:TCP"= 20010:TCP:pes2009
"443:TCP"= 443:TCP:pes2009
"8800:TCP"= 8800:TCP:pes2009
"8899:TCP"= 8899:TCP:pes2009
"14020:TCP"= 14020:TCP:pes2009

S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35 20560]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39 515803]
S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40 6852]
S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26 827008]
S3 gAGP440p;gAGP440p;\??\c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys [?]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55 472644]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38 461056]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39 10986]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53 23480]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe
HKLM-Run-braviax - (no file)
HKU-Default-Run-braviax - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://www.google.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 18:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wisdstr.exe 190539 bytes executable
c:\windows\system32\braviax.exe 11264 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]
"datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,
85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\
"rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,
29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,
33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,
fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,
57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,
72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,
3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,
fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,
27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,
4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,
85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,
e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,
ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\braviax.exe
.
**************************************************************************
.
Completion time: 2009-08-20 18:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 16:13
ComboFix2.txt 2005-01-11 17:01

Pre-Run: 38 203 994 112 octets libres
Post-Run: 38 207 787 008 octets libres

377 --- E O F --- 2009-07-31 15:31

Répondre à corsy
Destrio5   20-08-2009 à 18:24:03
- 0 +

La console de récupération n'est pas installée, l'infection est toujours là.

Répondre à Destrio5
corsy   20-08-2009 à 18:27:54
- 0 +

je dois faire quoi alors ??

Répondre à corsy
Destrio5   20-08-2009 à 18:34:49
- 0 +

Tu as bien déplacé le fichier WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe sur ComboFix ?

Répondre à Destrio5
corsy   20-08-2009 à 18:44:10
- 0 +

je le refais pour en etre sure donc je vais fair une nouvelle analyse c'est ca ?

Répondre à corsy
Destrio5   20-08-2009 à 18:46:59
- 0 +

Que se passe-t-il quand tu déposes le fichier sur ComboFix ?

Répondre à Destrio5
corsy   20-08-2009 à 18:59:08
- 0 +

ben j'ai un message qui me demande si je veux executer combofix,je met executer ensuite j'ai une barre avec ecris combofix qui se remplis,et juste apres ca j'ai ce message d'erreur : [img=http://img208.imageshack.us/img208/5412/combm.jpg]

Répondre à corsy
Destrio5   20-08-2009 à 19:04:53
- 0 +

Et quand tu double-cliques directement sur ComboFix, il ne te propose pas d'installer la console de récupération ?

Répondre à Destrio5
corsy   20-08-2009 à 19:10:48
- 0 +

non meme pas,j'ai toujours la meme fenetre warning,il me la proposer qu'une seul fois quand tu ma demander de l'installer hier soir

Répondre à corsy
Destrio5   20-08-2009 à 19:12:09
- 0 +

Ok, je vais en parler avec quelqu'un.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.


  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Répondre à Destrio5
corsy   20-08-2009 à 19:41:06
- 0 +

j'ai fais ce que tu ma dit et voici le message que j'ai eu : http://img13.imageshack.us/img13/8320/49289525.jpg

je ne sais donc pas si je dois redemarrer ou pas




sinon voici le rapport de mbam :

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2665
Windows 5.1.2600 Service Pack 2 (Safe Mode)

20/08/2009 19:32:42
mbam-log-2009-08-20 (19-32-42).txt

Type de recherche: Examen rapide
Eléments examinés: 119647
Temps écoulé: 8 minute(s), 24 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 25

Processus mémoire infecté(s):
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\meta4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DLLCACHE\figaro.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\izyzuzef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\msword98.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\msword98.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Message édité par corsy le 20-08-2009 à 19:42:22
Répondre à corsy
Destrio5   20-08-2009 à 19:47:37
- 0 +

Oui, redémarre.

  • Relance MBAM, va dans Quarantaine et supprime tout.


  • Refais un scan avec ComboFix.

Répondre à Destrio5
corsy   21-08-2009 à 02:58:00
- 0 +

je suis dsl de ne repondre que maintenant,j'ai eu un gros soucis privé qui m'a empeché d'etre present sur le pc

donc j'ai fait comme demandé,j'ai suprimer les quarantaine dans MBAM et j'ai refais un scan avec combofix

voici le rapport log :

ComboFix 09-08-19.08 - moi 21/08/2009 2:36.4.1 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2139 [GMT 2:00]
Running from: c:\documents and settings\moi\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\jesi.bin
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 00:15 . 2009-08-21 00:15 19869 ----a-w- c:\windows\osahyw.dll
2009-08-21 00:15 . 2009-08-21 00:15 19817 ----a-w- c:\windows\ucecuty.bat
2009-08-21 00:15 . 2009-08-21 00:15 17531 ----a-w- c:\windows\system32\toduj.pif
2009-08-21 00:15 . 2009-08-21 00:15 16215 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\zahem.reg
2009-08-21 00:15 . 2009-08-21 00:15 14685 ----a-w- c:\windows\system32\milydu.pif
2009-08-21 00:15 . 2009-08-21 00:15 12727 ----a-w- c:\documents and settings\LocalService\Application Data\ibuco.bat
2009-08-21 00:15 . 2009-08-21 00:15 11984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\tokola.com
2009-08-21 00:15 . 2009-08-21 00:15 10504 ----a-w- c:\windows\system32\uwaryx.pif
2009-08-20 17:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 17:17 . 2009-08-20 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 17:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 17:07 . 2009-08-20 17:07 -------- d-s---w- C:\65604-CF
2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS
2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys
2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM
2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive
2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV
2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D
2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2
2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 00:15 . 2009-08-21 00:15 19353 ----a-w- c:\documents and settings\LocalService\Application Data\nekepepade.bin
2009-08-21 00:15 . 2009-08-21 00:15 12015 ----a-w- c:\documents and settings\LocalService\Application Data\ehog.dat
2009-08-20 16:11 . 2005-03-23 17:42 86774 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-20 16:11 . 2005-03-23 17:42 514278 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-16 10:45 . 2009-03-02 18:02 -------- d-----w- c:\program files\Cheat 'O Matic
2009-08-15 16:19 . 2007-08-28 19:29 -------- d-----w- c:\program files\eMule
2009-08-15 12:18 . 2006-01-07 16:23 -------- d-----w- c:\documents and settings\moi\Application Data\OpenOffice.org2
2009-08-14 09:48 . 2007-02-27 12:47 -------- d-----w- c:\program files\SopCast
2009-08-14 09:48 . 2007-02-01 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real
2009-08-14 09:40 . 2008-03-06 09:07 -------- d-----w- c:\program files\mIRC
2009-08-01 12:44 . 2007-08-03 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-01 12:42 . 2009-03-04 19:36 -------- d-----w- c:\program files\JPEG Compression
2009-07-19 20:44 . 2009-01-29 23:57 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi
2009-07-19 10:35 . 2009-07-15 17:12 230432 ----a-w- C:\SPC230NC.DAT
2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft
2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft
2009-07-14 13:39 . 2008-05-25 12:10 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 13:39 . 2007-04-30 09:13 -------- d-----w- c:\program files\MSN Messenger
2009-07-14 11:42 . 2005-11-08 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-05 11:08 . 2009-04-26 23:21 -------- d-----w- c:\program files\WinamaxPoker
2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live
2009-06-23 18:01 . 2009-03-14 00:53 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien
2005-01-12 08:28 . 2005-01-12 08:28 18873 ----a-w- c:\program files\Fichiers communs\ehepexe.dl
2005-01-12 08:28 . 2005-01-12 08:28 13574 ----a-w- c:\program files\Fichiers communs\qyqa._sy
2005-01-12 08:28 . 2005-01-12 08:28 13125 ----a-w- c:\program files\Fichiers communs\xycak.ban
2005-01-12 07:08 . 2005-01-12 07:08 19071 ----a-w- c:\program files\Fichiers communs\xice.dat
2005-01-12 07:08 . 2005-01-12 07:08 18217 ----a-w- c:\program files\Fichiers communs\ijad.pif
2005-01-12 07:08 . 2005-01-12 07:08 17575 ----a-w- c:\program files\Fichiers communs\ecykow.inf
2005-01-12 07:08 . 2005-01-12 07:08 11794 ----a-w- c:\program files\Fichiers communs\yrihak.db
2005-01-11 17:02 . 2005-01-11 17:02 15747 ----a-w- c:\program files\Fichiers communs\ejufijafa._sy
2005-01-11 17:02 . 2005-01-11 17:02 14540 ----a-w- c:\program files\Fichiers communs\loherif._sy
2005-01-11 17:02 . 2005-01-11 17:02 10981 ----a-w- c:\program files\Fichiers communs\cahypihig.exe
2005-01-11 16:41 . 2005-01-11 16:41 13114 ----a-w- c:\program files\Fichiers communs\ihytavo.bat
2005-01-11 16:41 . 2005-01-11 16:41 10572 ----a-w- c:\program files\Fichiers communs\ykilumyc.bat
2005-01-10 16:33 . 2005-01-10 16:33 19327 ----a-w- c:\program files\Fichiers communs\adogiz.db
2005-01-10 16:33 . 2005-01-10 16:33 19049 ----a-w- c:\program files\Fichiers communs\owijer.vbs
2005-01-10 16:33 . 2005-01-10 16:33 19042 ----a-w- c:\program files\Fichiers communs\sygigibihe.bat
2005-01-10 16:33 . 2005-01-10 16:33 18729 ----a-w- c:\program files\Fichiers communs\ynaho.ban
2005-01-10 16:33 . 2005-01-10 16:33 17714 ----a-w- c:\program files\Fichiers communs\venuba.bin
2005-01-10 16:33 . 2005-01-10 16:33 14201 ----a-w- c:\program files\Fichiers communs\okafid._sy
2006-06-17 07:05 . 2006-06-16 16:33 88 -csha-r- c:\windows\SYSTEM32\D0D0DC084F.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-20_16.07.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-20 16:14 . 2009-08-20 16:14 13794 c:\windows\yjyw.vbs
+ 2009-08-20 16:14 . 2009-08-20 16:14 16118 c:\windows\SYSTEM32\qibaze.dat
+ 2009-08-20 16:14 . 2009-08-20 16:14 13490 c:\windows\SYSTEM32\qeweluveho.exe
+ 2005-03-23 17:42 . 2009-08-20 16:11 72936 c:\windows\SYSTEM32\PERFC009.DAT
- 2005-03-23 17:42 . 2005-01-12 05:45 72936 c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-08-20 16:14 . 2009-08-20 16:14 10247 c:\windows\naxityduge.bat
+ 2009-08-20 16:14 . 2009-08-20 16:14 10769 c:\windows\kivo.exe
+ 2009-08-20 16:14 . 2009-08-20 16:14 10771 c:\windows\ireqedyta.dll
+ 2009-08-20 16:14 . 2009-08-20 16:14 12131 c:\windows\cepy.vbs
+ 2009-08-20 16:14 . 2009-08-20 16:14 16438 c:\windows\bosip.bat
- 2005-03-23 17:42 . 2005-01-12 05:45 444708 c:\windows\SYSTEM32\PERFH009.DAT
+ 2005-03-23 17:42 . 2009-08-20 16:11 444708 c:\windows\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
backup=c:\windows\pss\Sipru.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
backup=c:\windows\pss\SkyMessager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^ikowin32.exe]
path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
backup=c:\windows\pss\ikowin32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"26180:TCP"= 26180:TCP:neuf telecom
"26181:TCP"= 26181:TCP:neuf telecom
"9876:TCP"= 9876:TCP:neuf telecom
"26190:UDP"= 26190:UDP:*:Disabled:SesamTV PVR
"31336:TCP"= 31336:TCP:*:Disabled:adsl tv
"31336:UDP"= 31336:UDP:*:Disabled:adsl tv
"10625:TCP"= 10625:TCP:*:Disabled:SHAREAZA
"10625:UDP"= 10625:UDP:*:Disabled:SHAREAZA
"3128:TCP"= 3128:TCP:*:Disabled:ffff
"3128:UDP"= 3128:UDP:*:Disabled:ffff
"7080:TCP"= 7080:TCP:*:Disabled:max tv
"21:UDP"= 21:UDP:*:Disabled:ultras
"3900:TCP"= 3900:TCP:*:Disabled:Sopcast
"3920:TCP"= 3920:TCP:*:Disabled:Sopcast
"28464:TCP"= 28464:TCP:emule tcp
"25140:UDP"= 25140:UDP:emule udp
"16800:TCP"= 16800:TCP:*:Disabled:tvants
"16800:UDP"= 16800:UDP:*:Disabled:tvants
"5739:UDP"= 5739:UDP:pes2009
"5730:UDP"= 5730:UDP:pes2009
"5729:UDP"= 5729:UDP:pes2009
"27588:TCP"= 27588:TCP:BitComet 27588 TCP
"27588:UDP"= 27588:UDP:BitComet 27588 UDP
"20085:TCP"= 20085:TCP:pes2009
"20030:TCP"= 20030:TCP:pes2009
"20020:TCP"= 20020:TCP:pes2009
"20010:TCP"= 20010:TCP:pes2009
"443:TCP"= 443:TCP:pes2009
"8800:TCP"= 8800:TCP:pes2009
"8899:TCP"= 8899:TCP:pes2009
"14020:TCP"= 14020:TCP:pes2009

S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35 20560]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39 515803]
S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40 6852]
S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26 827008]
S3 gAGP440p;gAGP440p;\??\c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys [?]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55 472644]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38 461056]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39 10986]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53 23480]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 02:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]
"datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,
85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\
"rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,
29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,
33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,
fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,
57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,
72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,
3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,
fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,
27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,
4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,
85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,
e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,
ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-08-21 2:47
ComboFix-quarantined-files.txt 2009-08-21 00:46
ComboFix2.txt 2009-08-20 16:13
ComboFix3.txt 2005-01-11 17:01

Pre-Run: 38 159 691 776 octets libres
Post-Run: 38 188 920 832 octets libres

329 --- E O F --- 2009-07-31 15:31

Répondre à corsy
Destrio5   21-08-2009 à 03:06:33
- 0 +

L'infection n'a plus l'air de se relancer.


/!\ Seul corsy peut suivre cette procédure /!\

Désactive toute protection résidente (Antivirus...) !

---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

KillAll::

Driver::
gAGP440p

File::
c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
c:\windows\yjyw.vbs
c:\windows\SYSTEM32\qibaze.dat
c:\windows\SYSTEM32\qeweluveho.exe
c:\windows\naxityduge.bat
c:\windows\kivo.exe
c:\windows\ireqedyta.dll
c:\windows\cepy.vbs
c:\windows\bosip.bat
c:\program files\Fichiers communs\ehepexe.dl
c:\program files\Fichiers communs\qyqa._sy
c:\program files\Fichiers communs\xycak.ban
c:\program files\Fichiers communs\xice.dat
c:\program files\Fichiers communs\ijad.pif
c:\program files\Fichiers communs\ecykow.inf
c:\program files\Fichiers communs\yrihak.db
c:\program files\Fichiers communs\ejufijafa._sy
c:\program files\Fichiers communs\loherif._sy
c:\program files\Fichiers communs\cahypihig.exe
c:\program files\Fichiers communs\ihytavo.bat
c:\program files\Fichiers communs\ykilumyc.bat
c:\program files\Fichiers communs\adogiz.db
c:\program files\Fichiers communs\owijer.vbs
c:\program files\Fichiers communs\sygigibihe.bat
c:\program files\Fichiers communs\ynaho.ban
c:\program files\Fichiers communs\venuba.bin
c:\program files\Fichiers communs\okafid._sy
c:\documents and settings\LocalService\Application Data\nekepepade.bin
c:\documents and settings\LocalService\Application Data\ehog.dat
c:\windows\osahyw.dll
c:\windows\ucecuty.bat
c:\windows\system32\toduj.pif
c:\documents and settings\LocalService\Local Settings\Application Data\zahem.reg
c:\windows\system32\milydu.pif
c:\documents and settings\LocalService\Application Data\ibuco.bat
c:\documents and settings\LocalService\Local Settings\Application Data\tokola.com
c:\windows\system32\uwaryx.pif

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^ikowin32.exe]


---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.

---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

http://membres.lycos.fr/wawaseb8/images/help/cfscript.gif

  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt


;)

Répondre à Destrio5
corsy   21-08-2009 à 03:36:29
- 0 +

merci !!

voila j'ai fais ce que tu ma demandé,voici le resultat du log :

ComboFix 09-08-19.08 - moi 21/08/2009 3:16.5.1 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2260 [GMT 2:00]
Running from: c:\documents and settings\moi\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\moi\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\LocalService\Application Data\ehog.dat"
"c:\documents and settings\LocalService\Application Data\ibuco.bat"
"c:\documents and settings\LocalService\Application Data\nekepepade.bin"
"c:\documents and settings\LocalService\Local Settings\Application Data\tokola.com"
"c:\documents and settings\LocalService\Local Settings\Application Data\zahem.reg"
"c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe"
"c:\program files\Fichiers communs\adogiz.db"
"c:\program files\Fichiers communs\cahypihig.exe"
"c:\program files\Fichiers communs\ecykow.inf"
"c:\program files\Fichiers communs\ehepexe.dl"
"c:\program files\Fichiers communs\ejufijafa._sy"
"c:\program files\Fichiers communs\ihytavo.bat"
"c:\program files\Fichiers communs\ijad.pif"
"c:\program files\Fichiers communs\loherif._sy"
"c:\program files\Fichiers communs\okafid._sy"
"c:\program files\Fichiers communs\owijer.vbs"
"c:\program files\Fichiers communs\qyqa._sy"
"c:\program files\Fichiers communs\sygigibihe.bat"
"c:\program files\Fichiers communs\venuba.bin"
"c:\program files\Fichiers communs\xice.dat"
"c:\program files\Fichiers communs\xycak.ban"
"c:\program files\Fichiers communs\ykilumyc.bat"
"c:\program files\Fichiers communs\ynaho.ban"
"c:\program files\Fichiers communs\yrihak.db"
"c:\windows\bosip.bat"
"c:\windows\cepy.vbs"
"c:\windows\ireqedyta.dll"
"c:\windows\kivo.exe"
"c:\windows\naxityduge.bat"
"c:\windows\osahyw.dll"
"c:\windows\system32\milydu.pif"
"c:\windows\SYSTEM32\qeweluveho.exe"
"c:\windows\SYSTEM32\qibaze.dat"
"c:\windows\system32\toduj.pif"
"c:\windows\system32\uwaryx.pif"
"c:\windows\ucecuty.bat"
"c:\windows\yjyw.vbs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\ehog.dat
c:\documents and settings\LocalService\Application Data\ibuco.bat
c:\documents and settings\LocalService\Application Data\nekepepade.bin
c:\documents and settings\LocalService\Local Settings\Application Data\tokola.com
c:\documents and settings\LocalService\Local Settings\Application Data\zahem.reg
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ikidok._dl
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\oxek._dl
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\Fichiers communs\adogiz.db
c:\program files\Fichiers communs\cahypihig.exe
c:\program files\Fichiers communs\ecykow.inf
c:\program files\Fichiers communs\ehepexe.dl
c:\program files\Fichiers communs\ejufijafa._sy
c:\program files\Fichiers communs\ihytavo.bat
c:\program files\Fichiers communs\ijad.pif
c:\program files\Fichiers communs\loherif._sy
c:\program files\Fichiers communs\okafid._sy
c:\program files\Fichiers communs\owijer.vbs
c:\program files\Fichiers communs\qyqa._sy
c:\program files\Fichiers communs\sygigibihe.bat
c:\program files\Fichiers communs\venuba.bin
c:\program files\Fichiers communs\xice.dat
c:\program files\Fichiers communs\xycak.ban
c:\program files\Fichiers communs\ykilumyc.bat
c:\program files\Fichiers communs\ynaho.ban
c:\program files\Fichiers communs\yrihak.db
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\program files\PC_Antispyware2010\wscui.cpl
c:\windows\bosip.bat
c:\windows\cepy.vbs
c:\windows\ireqedyta.dll
c:\windows\kivo.exe
c:\windows\naxityduge.bat
c:\windows\osahyw.dll
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\milydu.pif
c:\windows\SYSTEM32\qeweluveho.exe
c:\windows\SYSTEM32\qibaze.dat
c:\windows\system32\toduj.pif
c:\windows\system32\uwaryx.pif
c:\windows\system32\wisdstr.exe
c:\windows\ucecuty.bat
c:\windows\yjyw.vbs

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\i386\BEEP.SYS

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GAGP440P
-------\Service_gAGP440p


((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 01:00 . 2009-08-21 01:00 19938 ----a-w- c:\windows\system32\tivelebo.com
2009-08-21 01:00 . 2009-08-21 01:00 16844 ----a-w- c:\windows\atazaqiwum.reg
2009-08-21 01:00 . 2009-08-21 01:00 14678 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\omap.bat
2009-08-21 01:00 . 2009-08-21 01:00 14405 ----a-w- c:\windows\ehyf.sys
2009-08-21 01:00 . 2009-08-21 01:00 13685 ----a-w- c:\documents and settings\LocalService\Application Data\yvurov.exe
2009-08-21 01:00 . 2009-08-21 01:00 12641 ----a-w- c:\documents and settings\All Users\Application Data\hoqivu.sys
2009-08-21 01:00 . 2009-08-21 01:00 12592 ----a-w- c:\windows\system32\ogez.dat
2009-08-21 01:00 . 2009-08-21 01:00 10852 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\bixeru.bin
2009-08-21 01:00 . 2009-08-21 01:00 17615 ----a-w- c:\program files\Fichiers communs\baciwum.sys
2009-08-21 01:00 . 2009-08-21 01:00 11469 ----a-w- c:\windows\ikanyxyv.com
2009-08-21 00:55 . 2009-08-21 00:55 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-21 00:55 . 2004-08-05 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-20 17:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 17:17 . 2009-08-20 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 17:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 17:07 . 2009-08-20 17:07 -------- d-s---w- C:\65604-CF
2009-08-20 16:14 . 2009-08-20 16:14 18903 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\asamelabi.bin
2009-08-20 16:14 . 2009-08-20 16:14 17488 ----a-w- c:\program files\Fichiers communs\musyr.pif
2009-08-20 16:14 . 2009-08-20 16:14 15424 ----a-w- c:\program files\Fichiers communs\exonejuju.dll
2009-08-20 16:14 . 2009-08-20 16:14 14067 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ynacigifa.sys
2009-08-20 16:14 . 2009-08-20 16:14 13170 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\gihoki.bat
2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS
2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys
2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM
2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive
2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV
2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D
2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2
2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 01:28 . 2009-08-21 01:28 189791 ----a-w- c:\windows\system32\wisdstr.exe
2009-08-21 01:28 . 2009-08-21 01:28 11264 ----a-w- c:\windows\system32\braviax.exe
2009-08-21 01:00 . 2009-08-21 01:00 19176 ----a-w- c:\program files\Fichiers communs\rifelarary._dl
2009-08-21 01:00 . 2009-08-21 01:00 16502 ----a-w- c:\program files\Fichiers communs\ifugeg._sy
2009-08-20 16:14 . 2009-08-20 16:14 15471 ----a-w- c:\program files\Fichiers communs\hatuzaxupy.inf
2009-08-20 16:14 . 2009-08-20 16:14 14954 ----a-w- c:\documents and settings\All Users\Application Data\sijyz.dat
2009-08-20 16:14 . 2009-08-20 16:14 11886 ----a-w- c:\documents and settings\LocalService\Application Data\byzod.dat
2009-08-20 16:14 . 2009-08-20 16:14 11294 ----a-w- c:\program files\Fichiers communs\jyjoxi.db
2009-08-20 16:11 . 2005-03-23 17:42 86774 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-20 16:11 . 2005-03-23 17:42 514278 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-16 10:45 . 2009-03-02 18:02 -------- d-----w- c:\program files\Cheat 'O Matic
2009-08-15 16:19 . 2007-08-28 19:29 -------- d-----w- c:\program files\eMule
2009-08-15 12:18 . 2006-01-07 16:23 -------- d-----w- c:\documents and settings\moi\Application Data\OpenOffice.org2
2009-08-14 09:48 . 2007-02-27 12:47 -------- d-----w- c:\program files\SopCast
2009-08-14 09:48 . 2007-02-01 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real
2009-08-14 09:40 . 2008-03-06 09:07 -------- d-----w- c:\program files\mIRC
2009-08-01 12:44 . 2007-08-03 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-01 12:42 . 2009-03-04 19:36 -------- d-----w- c:\program files\JPEG Compression
2009-07-19 20:44 . 2009-01-29 23:57 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi
2009-07-19 10:35 . 2009-07-15 17:12 230432 ----a-w- C:\SPC230NC.DAT
2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft
2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft
2009-07-14 13:39 . 2008-05-25 12:10 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 13:39 . 2007-04-30 09:13 -------- d-----w- c:\program files\MSN Messenger
2009-07-14 11:42 . 2005-11-08 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-05 11:08 . 2009-04-26 23:21 -------- d-----w- c:\program files\WinamaxPoker
2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live
2009-06-23 18:01 . 2009-03-14 00:53 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien
2006-06-17 07:05 . 2006-06-16 16:33 88 -csha-r- c:\windows\SYSTEM32\D0D0DC084F.sys
.

------- Sigcheck -------

[-] 2009-08-21 01:28 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DLLCACHE\beep.sys
[-] 2009-08-21 01:28 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DRIVERS\beep.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys
[7] 2004-08-19 20:03 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
[-] 2005-01-11 16:23 619200 5D407322AA69AC6E7B17C81B48DEB327 c:\windows\SYSTEM32\DRIVERS\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-20_16.07.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-03-23 17:42 . 2005-01-12 05:45 72936 c:\windows\SYSTEM32\PERFC009.DAT
+ 2005-03-23 17:42 . 2009-08-20 16:11 72936 c:\windows\SYSTEM32\PERFC009.DAT
+ 2005-03-23 17:42 . 2009-08-20 16:11 444708 c:\windows\SYSTEM32\PERFH009.DAT
- 2005-03-23 17:42 . 2005-01-12 05:45 444708 c:\windows\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 160768]
"Regedit32"="c:\windows\system32\regedit.exe" [BU]
"braviax"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"braviax"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
backup=c:\windows\pss\Sipru.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
backup=c:\windows\pss\SkyMessager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"26180:TCP"= 26180:TCP:neuf telecom
"26181:TCP"= 26181:TCP:neuf telecom
"9876:TCP"= 9876:TCP:neuf telecom
"26190:UDP"= 26190:UDP:*:Disabled:SesamTV PVR
"31336:TCP"= 31336:TCP:*:Disabled:adsl tv
"31336:UDP"= 31336:UDP:*:Disabled:adsl tv
"10625:TCP"= 10625:TCP:*:Disabled:SHAREAZA
"10625:UDP"= 10625:UDP:*:Disabled:SHAREAZA
"3128:TCP"= 3128:TCP:*:Disabled:ffff
"3128:UDP"= 3128:UDP:*:Disabled:ffff
"7080:TCP"= 7080:TCP:*:Disabled:max tv
"21:UDP"= 21:UDP:*:Disabled:ultras
"3900:TCP"= 3900:TCP:*:Disabled:Sopcast
"3920:TCP"= 3920:TCP:*:Disabled:Sopcast
"28464:TCP"= 28464:TCP:emule tcp
"25140:UDP"= 25140:UDP:emule udp
"16800:TCP"= 16800:TCP:*:Disabled:tvants
"16800:UDP"= 16800:UDP:*:Disabled:tvants
"5739:UDP"= 5739:UDP:pes2009
"5730:UDP"= 5730:UDP:pes2009
"5729:UDP"= 5729:UDP:pes2009
"27588:TCP"= 27588:TCP:BitComet 27588 TCP
"27588:UDP"= 27588:UDP:BitComet 27588 UDP
"20085:TCP"= 20085:TCP:pes2009
"20030:TCP"= 20030:TCP:pes2009
"20020:TCP"= 20020:TCP:pes2009
"20010:TCP"= 20010:TCP:pes2009
"443:TCP"= 443:TCP:pes2009
"8800:TCP"= 8800:TCP:pes2009
"8899:TCP"= 8899:TCP:pes2009
"14020:TCP"= 14020:TCP:pes2009

S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35 20560]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39 515803]
S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40 6852]
S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26 827008]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55 472644]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38 461056]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39 10986]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53 23480]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://www.google.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 03:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\braviax.exe 11264 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]
"datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,
85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\
"rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,
29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,
33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,
fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,
57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,
72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,
3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,
fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,
27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,
4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,
85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,
e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,
ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(592)
c:\windows\system32\browselc.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\braviax.exe
c:\windows\SYSTEM32\notepad.exe
.
**************************************************************************
.
Completion time: 2009-08-21 3:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 01:32
ComboFix2.txt 2009-08-21 00:47
ComboFix3.txt 2009-08-20 16:13
ComboFix4.txt 2005-01-11 17:01

Pre-Run: 38 194 036 736 octets libres
Post-Run: 38 086 213 632 octets libres

445 --- E O F --- 2009-07-31 15:31

Répondre à corsy
Destrio5   21-08-2009 à 03:40:06
- 0 +

Mauvaise nouvelle, c'est revenu, je vais te faire une autre manip' pour remplacer les deux fichiers systèmes infectés.

Tu restes là ou tu vas dormir ?

Répondre à Destrio5
Destrio5   21-08-2009 à 03:52:45
- 0 +

/!\ Seul corsy peut suivre cette procédure /!\


Désactive toute protection résidente (Antivirus...) !

---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

KillAll::

FCOPY::
c:\documents and settings\moi\Bureau\beep.sys|c:\windows\SYSTEM32\DLLCACHE\beep.sys
c:\documents and settings\moi\Bureau\beep.sys|c:\windows\SYSTEM32\DRIVERS\beep.sys
c:\documents and settings\moi\Bureau\ntfs.sys|c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
c:\documents and settings\moi\Bureau\ntfs.sys|c:\windows\SYSTEM32\DRIVERS\ntfs.sys

File::
c:\windows\system32\tivelebo.com
c:\windows\atazaqiwum.reg
c:\documents and settings\LocalService\Local Settings\Application Data\omap.bat
c:\windows\ehyf.sys
c:\documents and settings\LocalService\Application Data\yvurov.exe
c:\documents and settings\All Users\Application Data\hoqivu.sys
c:\windows\system32\ogez.dat
c:\documents and settings\LocalService\Local Settings\Application Data\bixeru.bin
c:\program files\Fichiers communs\baciwum.sys
c:\windows\ikanyxyv.com
c:\documents and settings\LocalService\Local Settings\Application Data\asamelabi.bin
c:\program files\Fichiers communs\musyr.pif
c:\program files\Fichiers communs\exonejuju.dll
c:\documents and settings\LocalService\Local Settings\Application Data\ynacigifa.sys
c:\documents and settings\LocalService\Local Settings\Application Data\gihoki.bat
c:\windows\system32\wisdstr.exe
c:\windows\system32\braviax.exe
c:\program files\Fichiers communs\rifelarary._dl
c:\program files\Fichiers communs\ifugeg._sy
c:\program files\Fichiers communs\hatuzaxupy.inf
c:\documents and settings\All Users\Application Data\sijyz.dat
c:\documents and settings\LocalService\Application Data\byzod.dat
c:\program files\Fichiers communs\jyjoxi.db


---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.

---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

http://membres.lycos.fr/wawaseb8/images/help/cfscript.gif

  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt


;)

Répondre à Destrio5
corsy   21-08-2009 à 04:27:22
- 0 +

voila le scan mon ami ;)

ComboFix 09-08-19.08 - moi 21/08/2009 4:08:08.6.1 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2210 [GMT 2:00]
Running from: C:\Documents and Settings\moi\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\moi\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\All Users\Application Data\hoqivu.sys"
"c:\documents and settings\All Users\Application Data\sijyz.dat"
"c:\documents and settings\LocalService\Application Data\byzod.dat"
"c:\documents and settings\LocalService\Application Data\yvurov.exe"
"c:\documents and settings\LocalService\Local Settings\Application Data\asamelabi.bin"
"c:\documents and settings\LocalService\Local Settings\Application Data\bixeru.bin"
"c:\documents and settings\LocalService\Local Settings\Application Data\gihoki.bat"
"c:\documents and settings\LocalService\Local Settings\Application Data\omap.bat"
"c:\documents and settings\LocalService\Local Settings\Application Data\ynacigifa.sys"
"c:\program files\Fichiers communs\baciwum.sys"
"c:\program files\Fichiers communs\exonejuju.dll"
"c:\program files\Fichiers communs\hatuzaxupy.inf"
"c:\program files\Fichiers communs\ifugeg._sy"
"c:\program files\Fichiers communs\jyjoxi.db"
"c:\program files\Fichiers communs\musyr.pif"
"c:\program files\Fichiers communs\rifelarary._dl"
"c:\windows\atazaqiwum.reg"
"c:\windows\ehyf.sys"
"c:\windows\ikanyxyv.com"
"c:\windows\system32\braviax.exe"
"c:\windows\system32\ogez.dat"
"c:\windows\system32\tivelebo.com"
"c:\windows\system32\wisdstr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hoqivu.sys
c:\documents and settings\All Users\Application Data\sijyz.dat
c:\documents and settings\LocalService\Application Data\byzod.dat
c:\documents and settings\LocalService\Application Data\yvurov.exe
c:\documents and settings\LocalService\Local Settings\Application Data\asamelabi.bin
c:\documents and settings\LocalService\Local Settings\Application Data\bixeru.bin
c:\documents and settings\LocalService\Local Settings\Application Data\gihoki.bat
c:\documents and settings\LocalService\Local Settings\Application Data\omap.bat
c:\documents and settings\LocalService\Local Settings\Application Data\ynacigifa.sys
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\anawyz._sy
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\esil.lib
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\ojoluhore.dll
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\Fichiers communs\baciwum.sys
c:\program files\Fichiers communs\exonejuju.dll
c:\program files\Fichiers communs\hatuzaxupy.inf
c:\program files\Fichiers communs\ifugeg._sy
c:\program files\Fichiers communs\jyjoxi.db
c:\program files\Fichiers communs\musyr.pif
c:\program files\Fichiers communs\rifelarary._dl
C:\Program Files\PC_Antispyware2010
C:\Program Files\PC_Antispyware2010\AVEngn.dll
C:\Program Files\PC_Antispyware2010\data\daily.cvd
C:\Program Files\PC_Antispyware2010\htmlayout.dll
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll
C:\Program Files\PC_Antispyware2010\Uninstall.exe
C:\Program Files\PC_Antispyware2010\wscui.cpl
c:\windows\atazaqiwum.reg
c:\windows\ehyf.sys
c:\windows\ikanyxyv.com
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\dllcache\figaro.sys
c:\windows\system32\ogez.dat
c:\windows\system32\tivelebo.com
c:\windows\system32\wisdstr.exe

.
--------------- FCopy ---------------

c:\documents and settings\moi\Bureau\beep.sys --> c:\windows\SYSTEM32\DLLCACHE\beep.sys
c:\documents and settings\moi\Bureau\beep.sys --> c:\windows\SYSTEM32\DRIVERS\beep.sys
c:\documents and settings\moi\Bureau\ntfs.sys --> c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
c:\documents and settings\moi\Bureau\ntfs.sys --> c:\windows\SYSTEM32\DRIVERS\ntfs.sys
.
((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 01:34:28 . 2009-08-21 01:34:28 19997 ----a-w- C:\Program Files\Fichiers communs\ocasuveja.exe
2009-08-21 01:34:28 . 2009-08-21 01:34:28 19497 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\zininyxo.dat
2009-08-21 01:34:28 . 2009-08-21 01:34:28 17895 ----a-w- C:\Program Files\Fichiers communs\anupuwopam.dat
2009-08-21 01:34:28 . 2009-08-21 01:34:28 16958 ----a-w- C:\Documents and Settings\All Users\Application Data\uhorowax.com
2009-08-21 01:34:28 . 2009-08-21 01:34:28 14602 ----a-w- C:\WINDOWS\system32\aqyra.dat
2009-08-21 01:34:28 . 2009-08-21 01:34:28 12926 ----a-w- C:\WINDOWS\ribevasev.scr
2009-08-21 01:34:28 . 2009-08-21 01:34:28 12739 ----a-w- C:\WINDOWS\byrot.bin
2009-08-21 01:34:28 . 2009-08-21 01:34:28 10700 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\ucaru.bin
2009-08-21 01:34:28 . 2009-08-21 01:34:28 10444 ----a-w- C:\Documents and Settings\LocalService\Application Data\tiqofuzow.exe
2009-08-21 00:55:08 . 2009-08-21 02:04:56 4224 -c--a-w- C:\WINDOWS\system32\dllcache\beep.sys
2009-08-21 00:55:08 . 2009-08-21 02:04:56 4224 ----a-w- C:\WINDOWS\system32\drivers\beep.sys
2009-08-20 17:17:42 . 2009-08-03 11:36:28 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-08-20 17:17:41 . 2009-08-20 17:17:45 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-20 17:17:41 . 2009-08-03 11:36:06 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-08-20 17:07:37 . 2009-08-20 17:07:38 0 d-s---w- C:\65604-CF
2009-08-14 09:39:57 . 2002-10-21 10:37:16 515803 ----a-w- C:\WINDOWS\system32\drivers\CA533AV.SYS
2009-08-14 09:39:57 . 2002-07-25 10:19:48 10986 ----a-w- C:\WINDOWS\system32\drivers\Bulk533.sys
2009-08-13 20:58:12 . 2009-08-13 20:58:12 0 d-----w- C:\Documents and Settings\moi\Local Settings\Application Data\CAPCOM
2009-08-13 20:10:14 . 2008-03-05 14:56:58 1420824 ----a-w- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-08-13 20:10:14 . 2008-02-05 22:07:36 462864 ----a-w- C:\WINDOWS\system32\d3dx10_37.dll
2009-08-13 20:10:13 . 2008-03-05 14:56:58 3786760 ----a-w- C:\WINDOWS\system32\D3DX9_37.dll
2009-08-13 20:09:56 . 2009-08-13 20:09:56 0 d-----w- C:\WINDOWS\system32\xlive
2009-08-13 20:09:55 . 2009-08-13 20:10:17 0 d-----w- C:\Program Files\Microsoft Games for Windows - LIVE
2009-08-13 20:09:15 . 2009-03-09 13:27:22 453456 ----a-w- C:\WINDOWS\system32\d3dx10_41.dll
2009-08-13 20:09:15 . 2009-03-09 13:27:22 1846632 ----a-w- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-08-13 20:09:14 . 2009-03-09 13:27:22 4178264 ----a-w- C:\WINDOWS\system32\D3DX9_41.dll
2009-08-13 20:09:10 . 2009-03-16 12:18:32 69448 ----a-w- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-08-13 20:09:10 . 2009-03-16 12:18:32 517448 ----a-w- C:\WINDOWS\system32\XAudio2_4.dll
2009-08-13 20:09:06 . 2009-03-16 12:18:32 235352 ----a-w- C:\WINDOWS\system32\xactengine3_4.dll
2009-08-13 20:09:03 . 2007-04-04 17:53:42 81768 ----a-w- C:\WINDOWS\system32\xinput1_3.dll
2009-08-13 19:07:47 . 2009-08-13 20:08:20 0 d-----w- C:\Program Files\Street Fighter IV
2009-08-13 09:55:49 . 2009-08-15 14:02:18 0 d-----w- C:\Program Files\Simulateur de conduite 3D
2009-08-10 14:06:55 . 2009-08-10 14:07:01 0 d-----w- C:\Documents and Settings\secours\Application Data\OpenOffice.org2
2009-07-23 12:53:57 . 2009-08-14 09:39:18 0 d-----w- C:\Program Files\DkZ Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 02:04:44 . 2004-08-19 20:03:11 574976 ----a-w- C:\WINDOWS\system32\drivers\ntfs.sys
2009-08-21 01:34:28 . 2009-08-21 01:34:28 16175 ----a-w- C:\Program Files\Fichiers communs\meso._dl
2009-08-20 16:11:24 . 2005-03-23 17:42:26 86774 ----a-w- C:\WINDOWS\system32\perfc00C.dat
2009-08-20 16:11:24 . 2005-03-23 17:42:26 514278 ----a-w- C:\WINDOWS\system32\perfh00C.dat
2009-08-16 10:45:08 . 2009-03-02 18:02:03 0 d-----w- C:\Program Files\Cheat 'O Matic
2009-08-15 16:19:25 . 2007-08-28 19:29:25 0 d-----w- C:\Program Files\eMule
2009-08-15 12:18:59 . 2006-01-07 16:23:39 0 d-----w- C:\Documents and Settings\moi\Application Data\OpenOffice.org2
2009-08-14 09:48:33 . 2007-02-27 12:47:50 0 d-----w- C:\Program Files\SopCast
2009-08-14 09:48:02 . 2007-02-01 20:13:25 0 d-----w- C:\Documents and Settings\All Users\Application Data\Skype
2009-08-14 09:42:25 . 2005-03-23 17:53:43 0 d-----w- C:\Program Files\Fichiers communs\Real
2009-08-14 09:40:43 . 2008-03-06 09:07:52 0 d-----w- C:\Program Files\mIRC
2009-08-01 12:44:37 . 2007-08-03 20:51:32 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-08-01 12:42:27 . 2009-03-04 19:36:16 0 d-----w- C:\Program Files\JPEG Compression
2009-07-19 20:44:23 . 2009-01-29 23:57:38 0 d-----w- C:\Documents and Settings\moi\Application Data\Hamachi
2009-07-19 10:35:55 . 2009-07-15 17:12:27 230432 ----a-w- C:\SPC230NC.DAT
2009-07-15 16:02:41 . 2009-07-15 16:02:41 0 d-----w- C:\Documents and Settings\moi\Application Data\ArcSoft
2009-07-15 15:58:23 . 2009-07-15 15:58:23 0 d-----w- C:\Documents and Settings\secours\Application Data\ArcSoft
2009-07-14 13:39:13 . 2008-05-25 12:10:22 0 d-----w- C:\Program Files\Messenger Plus! Live
2009-07-14 13:39:12 . 2007-04-30 09:13:10 0 d-----w- C:\Program Files\MSN Messenger
2009-07-14 11:42:39 . 2005-11-08 15:54:23 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-05 11:08:10 . 2009-04-26 23:21:52 0 d-----w- C:\Program Files\WinamaxPoker
2009-06-27 16:51:22 . 2009-06-27 16:51:22 0 d-----w- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2009-06-27 16:49:01 . 2009-06-27 16:49:01 0 d-----w- C:\Program Files\Windows Live
2009-06-23 18:01:17 . 2009-03-14 00:53:36 0 d-----w- C:\Documents and Settings\moi\Application Data\Wippien
2006-06-17 07:05:35 . 2006-06-16 16:33:07 88 -csha-r- C:\WINDOWS\SYSTEM32\D0D0DC084F.sys
.

------- Sigcheck -------

[-] 2007-02-09 11:23:36 574976 05AB81909514BFD69CBB1F2C147CF6B9 C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2008-04-13 19:15:53 574976 78A08DD6A8D65E697C18E1DB01C5CDCA C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys
[-] 2009-08-21 02:04:44 574976 78A08DD6A8D65E697C18E1DB01C5CDCA C:\WINDOWS\SYSTEM32\DLLCACHE\ntfs.sys
[-] 2009-08-21 02:04:44 574976 78A08DD6A8D65E697C18E1DB01C5CDCA C:\WINDOWS\SYSTEM32\DRIVERS\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-20_16.07.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-21 02:15:17 . 2009-08-21 02:15:17 16384 C:\WINDOWS\temp\Perflib_Perfdata_788.dat
+ 2005-03-23 17:42:26 . 2009-08-20 16:11:23 72936 C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2005-03-23 17:42:26 . 2005-01-12 05:45:13 72936 C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2005-03-23 17:42:26 . 2009-08-20 16:11:24 444708 C:\WINDOWS\SYSTEM32\PERFH009.DAT
- 2005-03-23 17:42:26 . 2005-01-12 05:45:13 444708 C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 20:01:11 160768]
"PC Antispyware 2010"="C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 19:57:14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 20:08:47 44544]

C:\Documents and Settings\secours\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
backup=C:\WINDOWS\pss\AOL Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
backup=C:\WINDOWS\pss\Sipru.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
backup=C:\WINDOWS\pss\SkyMessager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"C:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe"= C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"26180:TCP"= 26180:TCP:neuf telecom
"26181:TCP"= 26181:TCP:neuf telecom
"9876:TCP"= 9876:TCP:neuf telecom
"26190:UDP"= 26190:UDP:*:Disabled:SesamTV PVR
"31336:TCP"= 31336:TCP:*:Disabled:adsl tv
"31336:UDP"= 31336:UDP:*:Disabled:adsl tv
"10625:TCP"= 10625:TCP:*:Disabled:SHAREAZA
"10625:UDP"= 10625:UDP:*:Disabled:SHAREAZA
"3128:TCP"= 3128:TCP:*:Disabled:ffff
"3128:UDP"= 3128:UDP:*:Disabled:ffff
"7080:TCP"= 7080:TCP:*:Disabled:max tv
"21:UDP"= 21:UDP:*:Disabled:ultras
"3900:TCP"= 3900:TCP:*:Disabled:Sopcast
"3920:TCP"= 3920:TCP:*:Disabled:Sopcast
"28464:TCP"= 28464:TCP:emule tcp
"25140:UDP"= 25140:UDP:emule udp
"16800:TCP"= 16800:TCP:*:Disabled:tvants
"16800:UDP"= 16800:UDP:*:Disabled:tvants
"5739:UDP"= 5739:UDP:pes2009
"5730:UDP"= 5730:UDP:pes2009
"5729:UDP"= 5729:UDP:pes2009
"27588:TCP"= 27588:TCP:BitComet 27588 TCP
"27588:UDP"= 27588:UDP:BitComet 27588 UDP
"20085:TCP"= 20085:TCP:pes2009
"20030:TCP"= 20030:TCP:pes2009
"20020:TCP"= 20020:TCP:pes2009
"20010:TCP"= 20010:TCP:pes2009
"443:TCP"= 443:TCP:pes2009
"8800:TCP"= 8800:TCP:pes2009
"8899:TCP"= 8899:TCP:pes2009
"14020:TCP"= 14020:TCP:pes2009

S1 aswSP;avast! Self Protection;C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35:07 114768]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35:07 20560]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39:57 515803]
S2 Vcs;Vcs support;C:\WINDOWS\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40:30 6852]
S3 3xHybrid;Pinnacle PCTV 110i service;C:\WINDOWS\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26:44 827008]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55:40 472644]
S3 PAEAFLT.sys;USB Composite Device;C:\WINDOWS\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38:52 8576]
S3 SPC230NC;Philips SPC230NC Webcam;C:\WINDOWS\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38:51 461056]
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39:57 10986]
S3 wip0204;Wippien Network Adapter 2.4;C:\WINDOWS\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53:35 23480]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download with Rapget - C:\Documents and Settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

Répondre à corsy
Destrio5   21-08-2009 à 04:34:18
- 0 +

Ça a l'air pas mal.


/!\ Seul corsy peut suivre cette procédure /!\

Désactive toute protection résidente (Antivirus...) !

---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

KillAll::

File::
C:\Program Files\Fichiers communs\ocasuveja.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\zininyxo.dat
C:\Program Files\Fichiers communs\anupuwopam.dat
C:\Documents and Settings\All Users\Application Data\uhorowax.com
C:\WINDOWS\system32\aqyra.dat
C:\WINDOWS\ribevasev.scr
C:\WINDOWS\byrot.bin
C:\Documents and Settings\LocalService\Local Settings\Application Data\ucaru.bin
C:\Documents and Settings\LocalService\Application Data\tiqofuzow.exe
C:\Program Files\Fichiers communs\meso._dl

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Antispyware 2010"=-


---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.

---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

http://membres.lycos.fr/wawaseb8/images/help/cfscript.gif

  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt


;)

Répondre à Destrio5
corsy   21-08-2009 à 04:53:14
- 0 +

merci pour ton aide

voici le rapport log :


ComboFix 09-08-19.08 - moi 21/08/2009 4:35.7.1 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2243 [GMT 2:00]
Running from: c:\documents and settings\moi\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\moi\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\All Users\Application Data\uhorowax.com"
"c:\documents and settings\LocalService\Application Data\tiqofuzow.exe"
"c:\documents and settings\LocalService\Local Settings\Application Data\ucaru.bin"
"c:\documents and settings\LocalService\Local Settings\Application Data\zininyxo.dat"
"c:\program files\Fichiers communs\anupuwopam.dat"
"c:\program files\Fichiers communs\meso._dl"
"c:\program files\Fichiers communs\ocasuveja.exe"
"c:\windows\byrot.bin"
"c:\windows\ribevasev.scr"
"c:\windows\system32\aqyra.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\uhorowax.com
c:\documents and settings\LocalService\Application Data\tiqofuzow.exe
c:\documents and settings\LocalService\Local Settings\Application Data\ucaru.bin
c:\documents and settings\LocalService\Local Settings\Application Data\zininyxo.dat
c:\program files\Fichiers communs\anupuwopam.dat
c:\program files\Fichiers communs\meso._dl
c:\program files\Fichiers communs\ocasuveja.exe
c:\windows\byrot.bin
c:\windows\ribevasev.scr
c:\windows\system32\aqyra.dat

.
((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 00:55 . 2009-08-21 02:04 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-21 00:55 . 2009-08-21 02:04 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-20 17:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 17:17 . 2009-08-20 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 17:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 17:07 . 2009-08-20 17:07 -------- d-s---w- C:\65604-CF
2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS
2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys
2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM
2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive
2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV
2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D
2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2
2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 02:04 . 2004-08-19 20:03 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-20 16:11 . 2005-03-23 17:42 86774 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-20 16:11 . 2005-03-23 17:42 514278 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-16 10:45 . 2009-03-02 18:02 -------- d-----w- c:\program files\Cheat 'O Matic
2009-08-15 16:19 . 2007-08-28 19:29 -------- d-----w- c:\program files\eMule
2009-08-15 12:18 . 2006-01-07 16:23 -------- d-----w- c:\documents and settings\moi\Application Data\OpenOffice.org2
2009-08-14 09:48 . 2007-02-27 12:47 -------- d-----w- c:\program files\SopCast
2009-08-14 09:48 . 2007-02-01 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real
2009-08-14 09:40 . 2008-03-06 09:07 -------- d-----w- c:\program files\mIRC
2009-08-01 12:44 . 2007-08-03 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-01 12:42 . 2009-03-04 19:36 -------- d-----w- c:\program files\JPEG Compression
2009-07-19 20:44 . 2009-01-29 23:57 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi
2009-07-19 10:35 . 2009-07-15 17:12 230432 ----a-w- C:\SPC230NC.DAT
2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft
2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft
2009-07-14 13:39 . 2008-05-25 12:10 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 13:39 . 2007-04-30 09:13 -------- d-----w- c:\program files\MSN Messenger
2009-07-14 11:42 . 2005-11-08 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-05 11:08 . 2009-04-26 23:21 -------- d-----w- c:\program files\WinamaxPoker
2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live
2009-06-23 18:01 . 2009-03-14 00:53 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien
2006-06-17 07:05 . 2006-06-16 16:33 88 -csha-r- c:\windows\SYSTEM32\D0D0DC084F.sys
.

------- Sigcheck -------

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys
[-] 2009-08-21 02:04 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
[-] 2009-08-21 02:04 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SYSTEM32\DRIVERS\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-20_16.07.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-21 02:41 . 2009-08-21 02:41 16384 c:\windows\temp\Perflib_Perfdata_784.dat
+ 2005-03-23 17:42 . 2009-08-20 16:11 72936 c:\windows\SYSTEM32\PERFC009.DAT
- 2005-03-23 17:42 . 2005-01-12 05:45 72936 c:\windows\SYSTEM32\PERFC009.DAT
+ 2005-03-23 17:42 . 2009-08-20 16:11 444708 c:\windows\SYSTEM32\PERFH009.DAT
- 2005-03-23 17:42 . 2005-01-12 05:45 444708 c:\windows\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 160768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
backup=c:\windows\pss\Sipru.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
backup=c:\windows\pss\SkyMessager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
"c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:*:Disabled:Shareaza
"6346:UDP"= 6346:UDP:*:Disabled:Shareaza
"26180:TCP"= 26180:TCP:neuf telecom
"26181:TCP"= 26181:TCP:neuf telecom
"9876:TCP"= 9876:TCP:neuf telecom
"26190:UDP"= 26190:UDP:*:Disabled:SesamTV PVR
"31336:TCP"= 31336:TCP:*:Disabled:adsl tv
"31336:UDP"= 31336:UDP:*:Disabled:adsl tv
"10625:TCP"= 10625:TCP:*:Disabled:SHAREAZA
"10625:UDP"= 10625:UDP:*:Disabled:SHAREAZA
"3128:TCP"= 3128:TCP:*:Disabled:ffff
"3128:UDP"= 3128:UDP:*:Disabled:ffff
"7080:TCP"= 7080:TCP:*:Disabled:max tv
"21:UDP"= 21:UDP:*:Disabled:ultras
"3900:TCP"= 3900:TCP:*:Disabled:Sopcast
"3920:TCP"= 3920:TCP:*:Disabled:Sopcast
"28464:TCP"= 28464:TCP:emule tcp
"25140:UDP"= 25140:UDP:emule udp
"16800:TCP"= 16800:TCP:*:Disabled:tvants
"16800:UDP"= 16800:UDP:*:Disabled:tvants
"5739:UDP"= 5739:UDP:pes2009
"5730:UDP"= 5730:UDP:pes2009
"5729:UDP"= 5729:UDP:pes2009
"27588:TCP"= 27588:TCP:BitComet 27588 TCP
"27588:UDP"= 27588:UDP:BitComet 27588 UDP
"20085:TCP"= 20085:TCP:pes2009
"20030:TCP"= 20030:TCP:pes2009
"20020:TCP"= 20020:TCP:pes2009
"20010:TCP"= 20010:TCP:pes2009
"443:TCP"= 443:TCP:pes2009
"8800:TCP"= 8800:TCP:pes2009
"8899:TCP"= 8899:TCP:pes2009
"14020:TCP"= 14020:TCP:pes2009

S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35 20560]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39 515803]
S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40 6852]
S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26 827008]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55 472644]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38 461056]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39 10986]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53 23480]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 04:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]
"datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,
85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\
"rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,
29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,
33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,
fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,
57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,
72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,
3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,
fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,
27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,
4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,
85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,
e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,
ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(520)
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-08-21 4:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 02:50
ComboFix2.txt 2009-08-21 02:23
ComboFix3.txt 2009-08-21 01:32
ComboFix4.txt 2009-08-21 00:47
ComboFix5.txt 2009-08-21 02:35

Pre-Run: 38 064 140 288 octets libres
Post-Run: 38 022 868 992 octets libres

330 --- E O F --- 2009-07-31 15:31

Répondre à corsy
Destrio5   21-08-2009 à 04:56:39
- 0 +

Refais un scan avec Malwarebytes' Anti-Malware.

Répondre à Destrio5
corsy   21-08-2009 à 05:08:57
- 0 +

c'est fait

j'ai eu deux fichiers infecter,dois je les suprimés ?

voici le rapport :

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2665
Windows 5.1.2600 Service Pack 2 (Safe Mode)

21/08/2009 05:06:31
mbam-log-2009-08-21 (05-06-28).txt

Type de recherche: Examen rapide
Eléments examinés: 117760
Temps écoulé: 6 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Répondre à corsy
Destrio5   21-08-2009 à 05:10:41
- 0 +

Oui.

Ton PC démarre en mode normal ?

Répondre à Destrio5
corsy   21-08-2009 à 05:32:04
- 0 +

MERCIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII

oui mon pc demarre en mode normal tout fonctionne comme avant !!

je ne sais pas comment te remercier mais sincerement du fond du coeur merci beacoup pour avoir pris de ton temps et de m'avoir aider a regler ce probleme

je te souhaite pleins de bonne choses dans ta vie

encore merci !

Répondre à corsy
Destrio5   21-08-2009 à 05:33:47
- 0 +

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.


  • Relance MBAM, va dans Quarantaine et supprime tout.


  • Refais un scan RSIT et poste le rapport log.

Répondre à Destrio5
corsy   21-08-2009 à 05:57:12
- 0 +

voicile rapport log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by moi at 2009-08-21 05:53:53
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 34 GB (46%) free of 73 GB
Total RAM: 2558 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:54:01, on 21/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\moi\Bureau\RSIT.exe
C:\Program Files\trend micro\moi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: (no name) - {00000000-5736-4205-0008-781cd0e19f00} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 1643235828
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6354 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}
{00000000-5736-4205-0008-781cd0e19f00}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2004-08-19 160768]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe [2008-11-18 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
C:\Program Files\Athan\Athan.exe [2007-09-06 1003520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
C:\WINDOWS\system32\msword98.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1036 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2004-09-15 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msword98]
C:\WINDOWS\system32\msword98.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetCruiser Proxy]
C:\Program Files\NetCruiser\NCProxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Antispyware 2010]
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe /SILENT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32]
C:\WINDOWS\system32\regedit.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe -tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC_Monitor]
C:\WINDOWS\Philips\SPC230NC\Monitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcs4diamond]
C:\Program Files\AV Vcs 4.0\Vcs4Core.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wippien]
C:\Program Files\Wippien\Wippien.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard]
C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
C:\Program Files\Office Mouse Driver\StartAutorun.exe MouseDrv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
C:\PROGRA~1\AOL9~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
C:\PROGRA~1\Sipru\sipru.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
C:\Program Files\SkyMessager\skymess.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2005-12-14 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:Disabled:Partage de l'application RTC"
"C:\Valve\Steam\SteamApps\kash_e2\counter-strike\hl.exe"="C:\Valve\Steam\SteamApps\kash_e2\counter-strike\hl.exe:*:Disabled:Half-Life Launcher"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player"
"C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe:*:Disabled:Assistance à distance - Windows Messenger et voix"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Valve\Steam\Steam.exe"="C:\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe:*:Enabled:pes6.exe"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe"="C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"="C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-08-21 05:52:41 ----SHD---- C:\RECYCLER
2009-08-21 05:30:25 ----A---- C:\WINDOWS\system32\msisip.dll
2009-08-21 05:30:25 ----A---- C:\WINDOWS\system32\msimsg.dll
2009-08-21 05:30:25 ----A---- C:\WINDOWS\system32\msihnd.dll
2009-08-21 05:30:25 ----A---- C:\WINDOWS\system32\msiexec.exe
2009-08-21 05:30:25 ----A---- C:\WINDOWS\system32\msi.dll
2009-08-21 05:30:24 ----DC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-08-21 05:29:45 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-21 05:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-21 05:28:03 ----D---- C:\WINDOWS\LastGood
2009-08-21 04:50:42 ----D---- C:\WINDOWS\temp
2009-08-21 04:50:40 ----A---- C:\ComboFix.txt
2009-08-20 19:17:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-20 19:07:37 ----SD---- C:\65604-CF
2009-08-14 11:39:57 ----A---- C:\WINDOWS\CA533A.INI
2009-08-13 22:10:14 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-08-13 22:10:14 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-08-13 22:10:13 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-08-13 22:09:56 ----D---- C:\WINDOWS\system32\xlive
2009-08-13 22:09:55 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-08-13 22:09:15 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-08-13 22:09:15 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-08-13 22:09:14 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-08-13 22:09:10 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-08-13 22:09:10 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-08-13 22:09:06 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-08-13 22:09:03 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-08-13 21:07:47 ----D---- C:\Program Files\Street Fighter IV
2009-08-13 11:55:49 ----D---- C:\Program Files\Simulateur de conduite 3D
2009-07-23 14:53:57 ----D---- C:\Program Files\DkZ Studio

======List of files/folders modified in the last 1 months======

2009-08-21 05:54:01 ----D---- C:\WINDOWS\Prefetch
2009-08-21 05:53:54 ----D---- C:\Program Files\trend micro
2009-08-21 05:52:36 ----D---- C:\WINDOWS
2009-08-21 05:52:29 ----D---- C:\WINDOWS\SYSTEM32
2009-08-21 05:52:20 ----SHD---- C:\System Volume Information
2009-08-21 05:52:20 ----D---- C:\WINDOWS\system32\Restore
2009-08-21 05:52:16 ----D---- C:\WINDOWS\ERDNT
2009-08-21 05:52:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-21 05:30:42 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2009-08-21 05:30:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-21 05:30:39 ----HD---- C:\WINDOWS\INF
2009-08-21 05:28:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-21 05:27:01 ----SH---- C:\boot.ini
2009-08-21 05:27:01 ----A---- C:\WINDOWS\WIN.INI
2009-08-21 05:27:01 ----A---- C:\WINDOWS\system.ini
2009-08-21 05:24:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-21 05:17:02 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-21 05:14:37 ----D---- C:\WINDOWS\system32\DRIVERS
2009-08-21 05:14:05 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-21 04:40:29 ----D---- C:\Program Files\Fichiers communs
2009-08-21 04:38:44 ----D---- C:\WINDOWS\AppPatch
2009-08-21 04:13:47 ----RD---- C:\Program Files
2009-08-21 03:24:55 ----D---- C:\WINDOWS\system32\CONFIG
2009-08-17 18:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-16 12:45:08 ----D---- C:\Program Files\Cheat 'O Matic
2009-08-15 18:19:25 ----D---- C:\Program Files\eMule
2009-08-15 15:28:58 ----D---- C:\WINDOWS\system32\FxsTmp
2009-08-15 14:18:59 ----D---- C:\Documents and Settings\moi\Application Data\OpenOffice.org2
2009-08-14 11:48:33 ----D---- C:\Program Files\SopCast
2009-08-14 11:48:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-08-14 11:42:25 ----D---- C:\Program Files\Fichiers communs\Real
2009-08-14 11:40:43 ----D---- C:\Program Files\mIRC
2009-08-13 22:10:15 ----D---- C:\WINDOWS\system32\DirectX
2009-08-01 14:44:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-01 14:42:27 ----D---- C:\Program Files\JPEG Compression
2009-08-01 14:41:23 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-05-21 5632]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-19 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2271]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R2 Vcs;Vcs support; \??\C:\WINDOWS\system32\Drivers\Vcs.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-10 25280]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-19 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-19 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-03-12 47360]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-19 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-19 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-19 20480]
S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]
S3 3xHybrid;Pinnacle PCTV 110i service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 827008]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
S3 HWIONT;HWIONT; \??\C:\Documents and Settings\moi\Bureau\moretv\HWIONT.sys []
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-19 15360]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-19 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-19 40320]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2007-12-05 4096]
S3 PAEAFLT.sys;USB Composite Device; C:\WINDOWS\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576]
S3 Pcatip;Pcatip; C:\WINDOWS\System32\DRIVERS\Pcatip.sys [2006-03-28 68960]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-19 11136]
S3 SPC230NC;Philips SPC230NC Webcam; C:\WINDOWS\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-19 15360]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-19 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 26496]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-07-23 223128]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 wip0204;Wippien Network Adapter 2.4; C:\WINDOWS\system32\DRIVERS\wip0204.sys [2008-12-31 23480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-07-16 380528]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-19 268800]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe []
S3 UMWdf;Infrastructure de pilote-mode utilisateur Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Répondre à corsy
Destrio5   21-08-2009 à 06:09:02
- 0 +

Il reste des traces de l'infection.


1/

  • Lance ce fichier : C:\Program Files\trend micro\moi.exe
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :


O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)

O3 - Toolbar: (no name) - {00000000-5736-4205-0008-781cd0e19f00} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.



2/

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Double-clique sur OTM.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :


:processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msword98]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Antispyware 2010]

:commands
[purity]
[emptytemp]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.


---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\

---> Le nom du rapport correspond au moment de sa création : date_heure.log

Répondre à Destrio5
corsy   21-08-2009 à 06:22:25
- 0 +

le logiciel ma demander de redemarrer

voici le rapport :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msword98\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Antispyware 2010\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 699307 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: moi
->Temp folder emptied: 36529528 bytes
->Temporary Internet Files folder emptied: 40916089 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36971769 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: secours
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 27548 bytes
->FireFox cache emptied: 118393173 bytes

User: ya et she
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: ya et she.DELL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1025802 bytes
->FireFox cache emptied: 11084276 bytes

%systemdrive% .tmp files removed: 1073741824 bytes
C:\WINDOWS\NV10841364.TMP folder deleted successfully.
C:\WINDOWS\NV28082812.TMP folder deleted successfully.
C:\WINDOWS\NV33643368.TMP folder deleted successfully.
C:\WINDOWS\NV38603864.TMP folder deleted successfully.
%systemroot% .tmp files removed: 62176794 bytes
%systemroot%\System32 .tmp files removed: 618856844 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_78c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 17048 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1907,89 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08212009_061324

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_78c.dat not found!

Registry entries deleted on Reboot...

Répondre à corsy
Destrio5   21-08-2009 à 06:22:46
- 0 +

Je vais dormir. Je te conseille de changer d'antivirus.

  • Désinstalle Avast.


  • Installe AntiVir et mets-le à jour.
  • Double-clique sur l'icône d'AntiVir (Parapluie) dans la barre des tâches.
  • Dans AntiVir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages puis valide.
  • Fais un scan complet, clique sur Tout réparer si AntiVir trouve quelque chose et poste le rapport.


Tutoriel : Scanner le(s) disque(s) dur(s)

Répondre à Destrio5
corsy   21-08-2009 à 06:24:50
- 0 +

ok je vais aussi dormir,je fais ca demain matin

merci pour tout


Message édité par corsy le 21-08-2009 à 06:25:10
Répondre à corsy
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Je n'accede plus a ma session
Aller à :

Il y a 2073 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,376 secondes
Liens