oui

et j ai du faire oui,
puis il y a eu plusieur infection , des trojan , et j ai du tous les autorisé pour ke le ComboFix puisse continuer
à la fin , il a fermé explorer.exe mais y a eu une infection encore de type trojan dans le c:/windows.system32/CMD et aussi d'autre trojan comme (catchme.rar , ....) il ont été detecté par Kaspersky et puis kan le pc s'arrêtait il y a eu l ecran bleu là ,
windows ma donné un rapport à propot de cet arret non planifié, le voila :

Signature du problème :
Nom d’événement de problème: BlueScreen
Version du système: 6.0.6001.2.1.0.768.3
Identificateur de paramètres régionaux: 2060

Informations supplémentaires sur le problème :
BCCode: 93
BCP1: 00000A48
BCP2: 00000000
BCP3: 00000000
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1

Fichiers aidant à décrire le problème :
C:\Windows\Minidump\Mini041608-01.dmp
C:\Users\Younes\AppData\Local\Temp\WER-94380-0.sysdata.xml
C:\Users\Younes\AppData\Local\Temp\WER50EC.tmp.version.txt

Lire notre déclaration de confidentialité :
http://go.microsoft.com/fwlink/?linkid= ... cid=0x040c







et puis bein si non mtn il me sort un message comme quoi je n dois ouvrir aucun programme tant que combofix n'est pas fini

mais si non ya eu des programme qui se sont ouvert ( demarage automatique avec windows ) j y peux rien , et l programme ne veut tjr pas terminer ! ! !


voila

ah voila il a fini
voila le rapport :

ComboFix 08-04-14.2 - Younes 2008-04-16 0:16:05.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.849 [GMT 2:00]
Endroit: C:\Users\Younes\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Younes\Desktopblackbird.jpg
C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\bdn.com
C:\Windows\dat.txt
C:\Windows\FVProtect.exe
C:\Windows\mslagent
C:\Windows\mslagent\2_mslagent.dll
C:\Windows\mslagent\mslagent.exe
C:\Windows\mslagent\uninstall.exe
C:\Windows\search_res.txt
C:\Windows\System32\EedNonnn.ini
C:\Windows\System32\EedNonnn.ini2
C:\Windows\System32\hioowhph.ini
C:\Windows\system32\nnnoNdeE.dll
C:\Windows\system32\win77fac_va.dll
C:\Windows\system32smp
C:\Windows\system32smp\msrc.exe
C:\Windows\userconfig9x.dll

----- BITS: Possible sites infect‚s -----

hxxp://www.microsoft.com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))))))))
.

2008-04-15 23:32 . 2008-04-15 23:32 <REP> d-------- C:\VundoFix Backups
2008-04-15 20:38 . 2008-04-15 20:48 691 --a------ C:\Users\Younes\AppData\Roaming\GetValue.vbs
2008-04-15 20:38 . 2008-04-15 20:48 35 --a------ C:\Users\Younes\AppData\Roaming\SetValue.bat
2008-04-15 20:10 . 2008-04-15 20:13 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-15 20:10 . 2008-04-15 20:11 <REP> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-15 20:08 . 2008-04-15 20:08 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-04-15 12:35 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-04-15 12:35 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-04-15 12:35 . 2008-04-14 19:28 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-04-15 12:35 . 2008-04-12 13:49 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-04-15 12:35 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-15 12:35 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-15 12:35 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-04-15 05:21 . 2008-04-15 23:11 <REP> d-------- C:\Users\Younes\AppData\Roaming\ma-config.com
2008-04-15 05:21 . 2008-04-15 05:21 <REP> d-------- C:\Program Files\ma-config.com
2008-04-15 03:07 . 2008-04-14 21:11 245,760 --a------ C:\Windows\lgmxvpatqgl.dll
2008-04-15 03:07 . 2008-04-14 21:11 217,088 --a------ C:\Windows\omlbpkaw.dll
2008-04-15 03:07 . 2008-04-14 21:11 188,416 --a------ C:\Windows\pmsoarbf.dll
2008-04-15 03:04 . 2008-04-15 03:04 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-04-14 13:16 . 2008-04-14 13:23 <REP> d-------- C:\Users\Younes\AppData\Roaming\Dev-Cpp
2008-04-14 13:12 . 2008-04-14 21:56 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-04-13 20:28 . 2008-04-13 20:29 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-13 18:35 . 2008-04-16 00:29 <REP> d-------- C:\PacSteam
2008-04-13 16:37 . 2008-04-13 16:36 737,280 --a------ C:\Windows\iun6002.exe
2008-04-13 16:36 . 2008-04-13 16:36 <REP> d-------- C:\Windows\System32\athan
2008-04-13 16:36 . 2008-04-13 16:37 <REP> d-------- C:\Program Files\Athan
2008-04-13 02:32 . 2008-04-13 02:32 <REP> d-------- C:\Users\Younes\AppData\Roaming\JLC's Software
2008-04-13 02:32 . 2008-04-13 02:32 <REP> d-------- C:\Program Files\JLC's Software
2008-04-13 01:22 . 2008-04-13 01:22 <REP> d-------- C:\Program Files\WinISO
2008-04-12 21:45 . 2008-04-12 21:45 <REP> d-------- C:\Program Files\Cedelia
2008-04-09 09:18 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-09 09:18 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-09 09:18 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 09:17 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-09 09:17 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-09 09:17 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-09 09:17 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-09 09:17 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 09:17 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-09 09:17 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 09:17 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 09:17 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 09:17 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 09:16 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-08 18:53 . 2008-04-08 18:53 91,700 --a------ C:\Windows\System32\drivers\klin.dat
2008-04-08 18:53 . 2008-04-08 18:53 85,860 --a------ C:\Windows\System32\drivers\klick.dat
2008-04-08 18:49 . 2008-04-16 00:28 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-08 18:49 . 2008-04-16 00:28 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-04-08 18:49 . 2008-04-15 20:43 113,747,232 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-04-08 18:49 . 2008-04-15 20:43 1,507,544 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-04-08 14:50 . 2008-04-08 17:27 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-04-08 14:48 . 2008-04-08 14:48 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-08 14:48 . 2008-04-08 14:48 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-04-08 02:14 . 2008-04-08 02:14 <REP> d-------- C:\Users\Younes\AppData\Roaming\ESET
2008-04-08 02:12 . 2008-04-08 02:12 <REP> d-------- C:\Users\All Users\ESET
2008-04-08 02:12 . 2008-04-08 02:12 <REP> d-------- C:\ProgramData\ESET
2008-03-30 01:33 . 2008-03-30 01:37 576 --a------ C:\Windows\settings.cfg
2008-03-29 15:44 . 2008-03-29 15:44 <REP> d-------- C:\Users\All Users\Office Genuine Advantage
2008-03-29 15:44 . 2008-03-29 15:44 <REP> d-------- C:\ProgramData\Office Genuine Advantage
2008-03-28 16:46 . 2008-03-28 16:46 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-25 05:48 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-03-25 05:48 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-03-25 05:46 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-03-25 05:45 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-03-25 05:44 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-03-25 05:43 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-03-25 05:42 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-03-25 05:42 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-03-25 05:42 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-03-25 05:42 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-03-25 05:42 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-03-25 05:42 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-03-25 05:42 . 2006-11-02 11:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-03-25 05:42 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-03-25 05:42 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-03-25 05:42 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-03-24 22:18 . 2008-04-16 00:24 12 --a------ C:\Windows\bthservsdp.dat
2008-03-21 08:11 . 2008-03-21 08:17 <REP> d-------- C:\Program Files\Common Files\Nero
2008-03-21 02:31 . 1997-07-19 17:55 1,347,344 --a------ C:\Windows\System32\Msvbvm50.dll
2008-03-21 02:31 . 1997-07-19 17:55 1,347,344 --a------ C:\Windows\system\Msvbvm50.dll
2008-03-20 22:05 . 2008-03-20 22:05 <REP> d-------- C:\Users\All Users\LightScribe
2008-03-20 22:05 . 2008-03-20 22:05 <REP> d-------- C:\ProgramData\LightScribe
2008-03-20 18:22 . 2008-03-20 18:27 <REP> d-------- C:\Users\All Users\Quark
2008-03-20 18:22 . 2008-03-20 18:27 <REP> d-------- C:\ProgramData\Quark
2008-03-20 17:57 . 2008-04-15 21:11 69 --a------ C:\Windows\NeroDigital.ini
2008-03-20 16:46 . 2008-03-20 14:51 290 --a------ C:\Windows\AntiTrial.ini
2008-03-20 16:40 . 2008-03-20 16:40 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-20 15:34 . 2008-03-20 15:34 <REP> d-------- C:\Users\Younes\AppData\Roaming\Nero
2008-03-20 15:25 . 2008-03-21 08:11 <REP> d-------- C:\Users\All Users\Nero
2008-03-20 15:25 . 2008-03-21 08:11 <REP> d-------- C:\ProgramData\Nero
2008-03-20 15:25 . 2008-03-20 15:25 <REP> d-------- C:\Program Files\Nero
2008-03-20 14:51 . 2008-03-20 14:51 251 --a------ C:\Windows\AntiTrial.bin
2008-03-17 10:25 . 2008-03-17 10:25 16 --a------ C:\Windows\popcinfo.dat
2008-03-17 10:11 . 2008-03-17 10:11 <REP> d-------- C:\Users\All Users\Steam
2008-03-17 10:11 . 2008-03-17 10:13 <REP> d-------- C:\Users\All Users\PopCap Games
2008-03-17 10:11 . 2008-03-17 10:11 <REP> d-------- C:\ProgramData\Steam
2008-03-17 10:11 . 2008-03-17 10:13 <REP> d-------- C:\ProgramData\PopCap Games
2008-03-17 02:27 . 2008-03-17 02:27 <REP> d-------- C:\Program Files\Common Files\Thraex Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 18:17 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-15 16:18 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 11:08 --------- d-----w C:\ProgramData\eMule
2008-04-14 20:24 --------- d-----w C:\Users\Younes\AppData\Roaming\LimeWire
2008-04-14 11:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 10:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-14 00:56 --------- d-----w C:\Users\Younes\AppData\Roaming\Skype
2008-04-14 00:27 --------- d-----w C:\Users\Younes\AppData\Roaming\skypePM
2008-04-13 18:45 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-09 15:29 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 00:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-08 00:00 --------- d-----w C:\ProgramData\Symantec
2008-04-08 00:00 --------- d-----w C:\Program Files\Symantec
2008-04-05 10:59 27,934 ----a-w C:\Users\Younes\AppData\Roaming\nvModes.dat
2008-04-02 19:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 00:42 --------- d-----w C:\Users\Younes\AppData\Roaming\Winamp
2008-03-29 13:54 --------- d-----w C:\Program Files\Windows Live
2008-03-29 13:50 --------- d-----w C:\ProgramData\WLInstaller
2008-03-25 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Journal
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Defender
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Calendar
2008-03-21 00:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 20:57 --------- d-----w C:\ProgramData\Roxio
2008-03-11 03:05 --------- d-----w C:\Program Files\Custom-Strike
2008-03-10 15:00 --------- d-----w C:\Users\Younes\AppData\Roaming\Roxio
2008-03-10 11:37 --------- d-----w C:\Program Files\Java
2008-03-07 02:56 --------- d---a-w C:\ProgramData\TEMP
2008-03-07 02:29 --------- d-----w C:\Program Files\Deskshare
2008-03-07 02:20 --------- d-----w C:\Program Files\Common Files\DeskShare Shared
2008-03-06 03:27 --------- d-----w C:\Users\Younes\AppData\Roaming\vlc
2008-03-06 03:26 --------- d-----w C:\Program Files\VideoLAN
2008-03-04 03:31 --------- d-----w C:\Users\Younes\AppData\Roaming\Shareaza
2008-03-02 20:31 --------- d-----w C:\Users\Younes\AppData\Roaming\ZC Dream Photo
2008-03-02 04:55 --------- d-----w C:\Users\Younes\AppData\Roaming\Windows Live Writer
2008-03-02 04:39 --------- d-----w C:\Program Files\No-IP
2008-03-02 04:38 --------- d-----w C:\Program Files\Net Control 2
2008-03-02 04:37 --------- d-----w C:\Program Files\sXe Injected
2008-02-29 21:20 --------- d-----w C:\Users\Younes\AppData\Roaming\Configuration
2008-02-26 20:36 --------- d-----w C:\Program Files\LopSDV
2008-02-26 18:52 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-26 18:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 18:37 --------- d-----w C:\Program Files\MSN Messenger
2008-02-25 02:14 --------- d-----w C:\ProgramData\Messenger Plus!
2008-02-24 01:28 --------- d-----w C:\ProgramData\Microsoft Corporation
2008-02-24 01:26 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-02-23 15:29 --------- d-----w C:\ProgramData\CyberLink
2008-02-23 14:52 --------- d-----w C:\ProgramData\POP3Profiles
2008-02-23 14:51 --------- d-----w C:\ProgramData\Sonic
2008-02-23 14:22 --------- d-----w C:\ProgramData\NVIDIA
2008-02-23 14:22 --------- d-----w C:\ProgramData\Lavasoft
2008-02-23 14:22 --------- d-----w C:\ProgramData\HP
2008-02-23 14:22 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-23 14:22 --------- d-----w C:\ProgramData\Adobe Systems
2008-02-23 14:21 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-23 14:21 --------- d-----w C:\ProgramData\Skype
2008-02-23 14:20 --------- d-----w C:\ProgramData\Trymedia
2008-02-23 13:56 --------- d-----w C:\ProgramData\ProgramData
2008-02-23 04:50 --------- d-----w C:\Program Files\Common Files\NSV
2008-02-22 19:14 --------- d-----w C:\Program Files\Microsoft Works
2008-02-22 19:14 --------- d-----w C:\Program Files\Google
2008-02-22 19:14 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-22 19:14 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-21 21:03 --------- d-----w C:\Program Files\BitTorrent
2008-02-21 20:53 --------- d-----w C:\Users\Younes\AppData\Roaming\BitTorrent
2008-02-21 00:28 --------- d-----w C:\Program Files\MediaEldoradoCodec
2008-02-18 21:24 --------- d-----w C:\Program Files\DivX
2008-02-18 00:42 --------- d-----w C:\Program Files\Sony Setup
2008-02-17 23:50 --------- d-----w C:\Users\Younes\AppData\Roaming\Sony
2008-02-17 21:44 --------- d-----w C:\Program Files\GetFlash
2008-02-17 15:40 --------- d-----w C:\Program Files\HHD Software
2008-02-17 13:26 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-17 13:26 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-17 13:25 --------- d-----w C:\Program Files\Skype
2008-02-17 11:21 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-02-15 10:30 --------- d-----w C:\Users\Younes\AppData\Roaming\CyberLink
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-19 07:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-19 07:33 58,880 ----a-w C:\Windows\bfsvc.exe
2008-01-19 07:33 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-19 07:33 498,176 ----a-w C:\Windows\HelpPane.exe
2008-01-19 07:33 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-19 07:33 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
2008-01-19 07:33 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
2008-01-19 07:33 2,927,104 ----a-w C:\Windows\explorer.exe
2008-01-19 07:33 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-19 07:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-19 07:33 151,040 ----a-w C:\Windows\notepad.exe
2008-01-19 07:33 134,656 ----a-w C:\Windows\regedit.exe
2008-01-19 07:33 13,312 ----a-w C:\Windows\fveupdate.exe
.

Code: Tout sélectionner

<pre>
----a-w           325,204 2006-12-21 19:56:28  C:\SwSetup\webcam\WCAMC\FW_210_Silence Install .exe
</pre>

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 12:02 482760]
"Steam"="c:\pacsteam\steam.exe" [2008-04-13 18:38 1271032]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"ccleaner"="C:\My Files\Programs\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 09:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 09:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 09:05 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:24 1024000]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"Flashget"="C:\My Files\Programs\FlashGet\flashget.exe" [2007-09-25 10:10 2007088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C14E6230-757D-4246-81CE-B34E2940C722}"= C:\Windows\system32\iiffdddA.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=?$??I2????,C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F31761E5-80D6-4B35-A236-9EB3B7367415}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{215FBE56-B330-47FA-8A2A-9AA6613A6305}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{875F1762-79BF-49AF-AE97-AA5BC085BA41}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7AB7F30E-297A-4CA5-BBF1-BC91297AD1DC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DF19AA5F-7DD8-4EC8-9E36-B343FFD05B3F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{762A60F9-58D2-4344-89B2-8CF01B25AAA0}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1BF04210-AC18-4AC0-A73F-C674FABA20A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1CCD7C8F-E293-48F2-8E42-C8FC06550D7F}"= UDP:C:\My Files\Programs\LimeWire\LimeWire.exe:LimeWire
"{E8F4BFBA-9B1F-4493-BD62-CC4893BC02E4}"= TCP:C:\My Files\Programs\LimeWire\LimeWire.exe:LimeWire
"{7D948B97-8715-4C5D-AC47-F88CD71C26F8}"= UDP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{06D7BF47-C3B1-4E3B-B17E-BCACA044CC32}"= TCP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{CE2FB6EE-FF9B-4E6F-803D-AF9C40B38F79}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C6CE629-0FD7-4DAE-827D-22C7420BD4A5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7FFCAAE3-1905-4E32-852E-728EAF0F8713}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{648525E5-BBBE-42AC-9F1C-89C1AD9AFB96}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7B465427-4B31-4A98-BB79-B9A897423CE8}C:\\my files\\programs\\emule\\emule.exe"= UDP:C:\my files\programs\emule\emule.exe:eMule
"UDP Query User{A375CB6C-AC58-42ED-A118-63CBBC7D691D}C:\\my files\\programs\\emule\\emule.exe"= TCP:C:\my files\programs\emule\emule.exe:eMule
"TCP Query User{3770EDD6-2951-4009-80FE-0D4FBB4762BF}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{9E5BE247-0994-4FB5-8701-27698B67E9D4}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{2F6F40A0-54FA-4BD9-B387-6E2DCC481176}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D4A9EE0C-E1BC-4D8D-875C-CFE0C4CC1723}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\My Files\\Programs\\BitTorrent\\bittorrent.exe"= C:\My Files\Programs\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 NC2RemoteDesktop;Net Control 2 Remote Desktop Server Service;"C:\Program Files\Net Control 2\ncvserver.exe" /SERVICE []
S3 ncvhook;ncvhook;C:\Windows\system32\DRIVERS\ncvhook.sys [2007-09-30 17:54]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-10-18 02:09]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-10-18 02:09]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-13 18:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c8f1a26-db2b-11dc-afea-001b24c8b8cc}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9f2c333-dd4a-11dc-b6e4-001b24c8b8cc}]
\shell\AutoRun\command - 0hct8ybw.bat
\shell\explore\Command - 0hct8ybw.bat
\shell\open\Command - 0hct8ybw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dec108f9-089b-11dd-bc5f-001b24c8b8cc}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 00:28:17
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\System32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-16 0:48:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 22:47:44

Pre-Run: 56,239,104,000 octets libres
Post-Run: 55,805,157,376 octets libres
.
2008-04-15 21:59:45 --- E O F ---

** Désactive l'antivirus, provisoirement. **

Crée un fichier texte nommé CFScript.txt
Double clique pour l'ouvrir, et copie colle ceci dedans :

Code: Tout sélectionner

File::
C:\Windows\system32\nnnoNdeE.dll
C:\Windows\lgmxvpatqgl.dll
C:\Windows\omlbpkaw.dll
C:\Windows\pmsoarbf.dll

RENV::
C:\SwSetup\webcam\WCAMC\FW_210_Silence Install .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FE05E43-F4E5-4FAB-9207-528461E9FE8B}]

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

** AJoute agélement après cela un rapport HijackThis et réactive l'antivirus. **

ComboFix 08-04-15.4 - Younes 2008-04-16 12:45:55.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.950 [GMT 2:00]
Endroit: C:\Users\Younes\Desktop\ComboFix.exe
Command switches used :: C:\Users\Younes\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\lgmxvpatqgl.dll
C:\Windows\omlbpkaw.dll
C:\Windows\pmsoarbf.dll
C:\Windows\system32\nnnoNdeE.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\lgmxvpatqgl.dll
C:\Windows\omlbpkaw.dll
C:\Windows\pmsoarbf.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.

2008-04-16 04:04 . 2008-04-16 04:04 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-04-16 04:04 . 2008-04-16 04:04 <REP> d-------- C:\ProgramData\WindowsSearch
2008-04-15 20:38 . 2008-04-15 20:48 691 --a------ C:\Users\Younes\AppData\Roaming\GetValue.vbs
2008-04-15 20:38 . 2008-04-15 20:48 35 --a------ C:\Users\Younes\AppData\Roaming\SetValue.bat
2008-04-15 20:10 . 2008-04-15 20:13 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-15 20:10 . 2008-04-15 20:11 <REP> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-15 20:08 . 2008-04-15 20:08 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-04-15 12:35 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-04-15 12:35 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-04-15 12:35 . 2008-04-14 19:28 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-04-15 12:35 . 2008-04-12 13:49 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-04-15 12:35 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-15 12:35 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-15 12:35 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-04-15 05:21 . 2008-04-15 23:11 <REP> d-------- C:\Users\Younes\AppData\Roaming\ma-config.com
2008-04-15 05:21 . 2008-04-15 05:21 <REP> d-------- C:\Program Files\ma-config.com
2008-04-15 03:04 . 2008-04-15 03:04 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-04-14 13:16 . 2008-04-14 13:23 <REP> d-------- C:\Users\Younes\AppData\Roaming\Dev-Cpp
2008-04-14 13:12 . 2008-04-14 21:56 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-04-13 20:28 . 2008-04-13 20:29 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-13 18:35 . 2008-04-16 11:07 <REP> d-------- C:\PacSteam
2008-04-13 16:37 . 2008-04-13 16:36 737,280 --a------ C:\Windows\iun6002.exe
2008-04-13 16:36 . 2008-04-13 16:36 <REP> d-------- C:\Windows\System32\athan
2008-04-13 16:36 . 2008-04-13 16:37 <REP> d-------- C:\Program Files\Athan
2008-04-13 02:32 . 2008-04-13 02:32 <REP> d-------- C:\Users\Younes\AppData\Roaming\JLC's Software
2008-04-13 02:32 . 2008-04-13 02:32 <REP> d-------- C:\Program Files\JLC's Software
2008-04-13 01:22 . 2008-04-13 01:22 <REP> d-------- C:\Program Files\WinISO
2008-04-12 21:45 . 2008-04-12 21:45 <REP> d-------- C:\Program Files\Cedelia
2008-04-09 09:18 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-09 09:18 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-09 09:18 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 09:17 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-09 09:17 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-09 09:17 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-09 09:17 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-09 09:17 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 09:17 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-09 09:17 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 09:17 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 09:17 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 09:17 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 09:16 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-08 18:53 . 2008-04-08 18:53 91,700 --a------ C:\Windows\System32\drivers\klin.dat
2008-04-08 18:53 . 2008-04-08 18:53 85,860 --a------ C:\Windows\System32\drivers\klick.dat
2008-04-08 18:49 . 2008-04-16 11:07 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-08 18:49 . 2008-04-16 11:07 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-04-08 18:49 . 2008-04-16 12:49 115,338,528 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-04-08 18:49 . 2008-04-16 05:46 1,539,272 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-04-08 14:50 . 2008-04-08 17:27 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-04-08 14:48 . 2008-04-08 14:48 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-08 14:48 . 2008-04-08 14:48 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-04-08 02:14 . 2008-04-08 02:14 <REP> d-------- C:\Users\Younes\AppData\Roaming\ESET
2008-04-08 02:12 . 2008-04-08 02:12 <REP> d-------- C:\Users\All Users\ESET
2008-04-08 02:12 . 2008-04-08 02:12 <REP> d-------- C:\ProgramData\ESET
2008-03-30 01:33 . 2008-03-30 01:37 576 --a------ C:\Windows\settings.cfg
2008-03-29 15:44 . 2008-03-29 15:44 <REP> d-------- C:\Users\All Users\Office Genuine Advantage
2008-03-29 15:44 . 2008-03-29 15:44 <REP> d-------- C:\ProgramData\Office Genuine Advantage
2008-03-28 16:46 . 2008-03-28 16:46 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-25 05:48 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-03-25 05:48 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-03-25 05:46 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-03-25 05:45 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-03-25 05:44 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-03-25 05:43 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-03-25 05:42 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-03-25 05:42 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-03-25 05:42 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-03-25 05:42 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-03-25 05:42 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-03-25 05:42 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-03-25 05:42 . 2006-11-02 11:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-03-25 05:42 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-03-25 05:42 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-03-25 05:42 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-03-24 22:18 . 2008-04-16 05:45 12 --a------ C:\Windows\bthservsdp.dat
2008-03-21 08:11 . 2008-03-21 08:17 <REP> d-------- C:\Program Files\Common Files\Nero
2008-03-21 02:31 . 1997-07-19 17:55 1,347,344 --a------ C:\Windows\System32\Msvbvm50.dll
2008-03-21 02:31 . 1997-07-19 17:55 1,347,344 --a------ C:\Windows\system\Msvbvm50.dll
2008-03-20 22:05 . 2008-03-20 22:05 <REP> d-------- C:\Users\All Users\LightScribe
2008-03-20 22:05 . 2008-03-20 22:05 <REP> d-------- C:\ProgramData\LightScribe
2008-03-20 18:22 . 2008-03-20 18:27 <REP> d-------- C:\Users\All Users\Quark
2008-03-20 18:22 . 2008-03-20 18:27 <REP> d-------- C:\ProgramData\Quark
2008-03-20 17:57 . 2008-04-16 12:40 69 --a------ C:\Windows\NeroDigital.ini
2008-03-20 16:46 . 2008-03-20 14:51 290 --a------ C:\Windows\AntiTrial.ini
2008-03-20 16:40 . 2008-03-20 16:40 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-20 15:34 . 2008-03-20 15:34 <REP> d-------- C:\Users\Younes\AppData\Roaming\Nero
2008-03-20 15:25 . 2008-03-21 08:11 <REP> d-------- C:\Users\All Users\Nero
2008-03-20 15:25 . 2008-03-21 08:11 <REP> d-------- C:\ProgramData\Nero
2008-03-20 15:25 . 2008-03-20 15:25 <REP> d-------- C:\Program Files\Nero
2008-03-20 14:51 . 2008-03-20 14:51 251 --a------ C:\Windows\AntiTrial.bin
2008-03-17 10:25 . 2008-04-16 12:02 26 --a------ C:\Windows\popcinfo.dat
2008-03-17 10:11 . 2008-03-17 10:11 <REP> d-------- C:\Users\All Users\Steam
2008-03-17 10:11 . 2008-03-17 10:13 <REP> d-------- C:\Users\All Users\PopCap Games
2008-03-17 10:11 . 2008-03-17 10:11 <REP> d-------- C:\ProgramData\Steam
2008-03-17 10:11 . 2008-03-17 10:13 <REP> d-------- C:\ProgramData\PopCap Games
2008-03-17 02:27 . 2008-03-17 02:27 <REP> d-------- C:\Program Files\Common Files\Thraex Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 10:10 27,934 ----a-w C:\Users\Younes\AppData\Roaming\nvModes.dat
2008-04-15 18:48 7,796 ----a-w C:\Windows\System32\tmp.reg
2008-04-15 18:17 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-15 16:18 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 11:08 --------- d-----w C:\ProgramData\eMule
2008-04-14 20:24 --------- d-----w C:\Users\Younes\AppData\Roaming\LimeWire
2008-04-14 11:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 10:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-14 00:56 --------- d-----w C:\Users\Younes\AppData\Roaming\Skype
2008-04-14 00:27 --------- d-----w C:\Users\Younes\AppData\Roaming\skypePM
2008-04-13 18:45 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-09 15:29 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 00:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-08 00:00 --------- d-----w C:\ProgramData\Symantec
2008-04-08 00:00 --------- d-----w C:\Program Files\Symantec
2008-04-02 19:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 00:42 --------- d-----w C:\Users\Younes\AppData\Roaming\Winamp
2008-03-29 13:54 --------- d-----w C:\Program Files\Windows Live
2008-03-29 13:50 --------- d-----w C:\ProgramData\WLInstaller
2008-03-25 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Journal
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Defender
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Calendar
2008-03-25 04:03 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-25 04:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-21 00:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 20:57 --------- d-----w C:\ProgramData\Roxio
2008-03-11 03:05 --------- d-----w C:\Program Files\Custom-Strike
2008-03-10 15:00 --------- d-----w C:\Users\Younes\AppData\Roaming\Roxio
2008-03-10 11:37 --------- d-----w C:\Program Files\Java
2008-03-07 02:56 --------- d---a-w C:\ProgramData\TEMP
2008-03-07 02:29 --------- d-----w C:\Program Files\Deskshare
2008-03-07 02:20 --------- d-----w C:\Program Files\Common Files\DeskShare Shared
2008-03-06 03:27 --------- d-----w C:\Users\Younes\AppData\Roaming\vlc
2008-03-06 03:26 --------- d-----w C:\Program Files\VideoLAN
2008-03-04 03:31 --------- d-----w C:\Users\Younes\AppData\Roaming\Shareaza
2008-03-02 20:31 --------- d-----w C:\Users\Younes\AppData\Roaming\ZC Dream Photo
2008-03-02 04:55 --------- d-----w C:\Users\Younes\AppData\Roaming\Windows Live Writer
2008-03-02 04:39 --------- d-----w C:\Program Files\No-IP
2008-03-02 04:38 --------- d-----w C:\Program Files\Net Control 2
2008-03-02 04:37 --------- d-----w C:\Program Files\sXe Injected
2008-02-29 21:20 --------- d-----w C:\Users\Younes\AppData\Roaming\Configuration
2008-02-26 20:36 --------- d-----w C:\Program Files\LopSDV
2008-02-26 18:52 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-26 18:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 18:37 --------- d-----w C:\Program Files\MSN Messenger
2008-02-26 03:28 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-02-25 02:14 --------- d-----w C:\ProgramData\Messenger Plus!
2008-02-24 01:28 --------- d-----w C:\ProgramData\Microsoft Corporation
2008-02-24 01:26 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-02-23 15:29 --------- d-----w C:\ProgramData\CyberLink
2008-02-23 14:52 --------- d-----w C:\ProgramData\POP3Profiles
2008-02-23 14:51 --------- d-----w C:\ProgramData\Sonic
2008-02-23 14:22 --------- d-----w C:\ProgramData\NVIDIA
2008-02-23 14:22 --------- d-----w C:\ProgramData\Lavasoft
2008-02-23 14:22 --------- d-----w C:\ProgramData\HP
2008-02-23 14:22 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-23 14:22 --------- d-----w C:\ProgramData\Adobe Systems
2008-02-23 14:21 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-23 14:21 --------- d-----w C:\ProgramData\Skype
2008-02-23 14:20 --------- d-----w C:\ProgramData\Trymedia
2008-02-23 13:56 --------- d-----w C:\ProgramData\ProgramData
2008-02-23 04:50 --------- d-----w C:\Program Files\Common Files\NSV
2008-02-22 19:14 --------- d-----w C:\Program Files\Microsoft Works
2008-02-22 19:14 --------- d-----w C:\Program Files\Google
2008-02-22 19:14 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-22 19:14 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-21 21:03 --------- d-----w C:\Program Files\BitTorrent
2008-02-21 20:53 --------- d-----w C:\Users\Younes\AppData\Roaming\BitTorrent
2008-02-21 00:28 --------- d-----w C:\Program Files\MediaEldoradoCodec
2008-02-18 21:24 --------- d-----w C:\Program Files\DivX
2008-02-18 00:42 --------- d-----w C:\Program Files\Sony Setup
2008-02-17 23:50 --------- d-----w C:\Users\Younes\AppData\Roaming\Sony
2008-02-17 21:44 --------- d-----w C:\Program Files\GetFlash
2008-02-17 15:40 --------- d-----w C:\Program Files\HHD Software
2008-02-17 13:26 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-17 13:26 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-17 13:25 --------- d-----w C:\Program Files\Skype
2008-02-17 11:21 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-02-17 11:02 58,904 ----a-w C:\Windows\System32\is4tray.dll
2008-02-08 16:37 219,664 ----a-w C:\Windows\System32\klogon.dll
2008-02-04 17:23 693,792 ----a-w C:\Windows\System32\OGACheckControl.DLL
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-29 01:53 612,864 ----a-w C:\Windows\System32\x264vfw.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-04-16_ 0.46.47.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 22:25:27 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-16 09:06:58 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-15 22:25:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-16 09:07:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-15 22:25:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-16 09:07:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-15 22:06:44 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-16 10:22:09 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-15 22:26:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-16 09:09:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-16 09:09:58 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-15 22:14:41 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-16 10:44:05 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-15 22:26:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-16 09:10:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-16 09:10:03 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-15 18:57:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-16 09:12:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-15 18:57:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-16 09:12:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-15 18:57:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-16 09:12:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-15 22:15:49 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-16 10:45:48 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-16 10:45:48 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-04-15 22:30:49 9,466 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-966014692-314144330-3634896158-1000_UserData.bin
+ 2008-04-16 09:10:58 9,498 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-966014692-314144330-3634896158-1000_UserData.bin
- 2008-04-15 22:30:46 76,176 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-16 09:10:57 76,270 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-15 18:55:22 45,370 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-16 09:10:49 45,746 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 12:02 482760]
"Steam"="c:\pacsteam\steam.exe" [2008-04-13 18:38 1271032]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"ccleaner"="C:\My Files\Programs\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 09:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 09:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 09:05 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:24 1024000]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"Flashget"="C:\My Files\Programs\FlashGet\flashget.exe" [2007-09-25 10:10 2007088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C14E6230-757D-4246-81CE-B34E2940C722}"= C:\Windows\system32\iiffdddA.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=?$??I2????,C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F31761E5-80D6-4B35-A236-9EB3B7367415}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{215FBE56-B330-47FA-8A2A-9AA6613A6305}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{875F1762-79BF-49AF-AE97-AA5BC085BA41}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7AB7F30E-297A-4CA5-BBF1-BC91297AD1DC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DF19AA5F-7DD8-4EC8-9E36-B343FFD05B3F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{762A60F9-58D2-4344-89B2-8CF01B25AAA0}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1BF04210-AC18-4AC0-A73F-C674FABA20A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1CCD7C8F-E293-48F2-8E42-C8FC06550D7F}"= UDP:C:\My Files\Programs\LimeWire\LimeWire.exe:LimeWire
"{E8F4BFBA-9B1F-4493-BD62-CC4893BC02E4}"= TCP:C:\My Files\Programs\LimeWire\LimeWire.exe:LimeWire
"{7D948B97-8715-4C5D-AC47-F88CD71C26F8}"= UDP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{06D7BF47-C3B1-4E3B-B17E-BCACA044CC32}"= TCP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{CE2FB6EE-FF9B-4E6F-803D-AF9C40B38F79}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C6CE629-0FD7-4DAE-827D-22C7420BD4A5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7FFCAAE3-1905-4E32-852E-728EAF0F8713}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{648525E5-BBBE-42AC-9F1C-89C1AD9AFB96}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7B465427-4B31-4A98-BB79-B9A897423CE8}C:\\my files\\programs\\emule\\emule.exe"= UDP:C:\my files\programs\emule\emule.exe:eMule
"UDP Query User{A375CB6C-AC58-42ED-A118-63CBBC7D691D}C:\\my files\\programs\\emule\\emule.exe"= TCP:C:\my files\programs\emule\emule.exe:eMule
"TCP Query User{3770EDD6-2951-4009-80FE-0D4FBB4762BF}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{9E5BE247-0994-4FB5-8701-27698B67E9D4}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{2F6F40A0-54FA-4BD9-B387-6E2DCC481176}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D4A9EE0C-E1BC-4D8D-875C-CFE0C4CC1723}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{34A4D864-6886-47A2-A9C9-A593DC6BE183}"= UDP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{A051865C-4C82-42A6-B923-A8F77F3E4386}"= TCP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\My Files\\Programs\\BitTorrent\\bittorrent.exe"= C:\My Files\Programs\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 NC2RemoteDesktop;Net Control 2 Remote Desktop Server Service;"C:\Program Files\Net Control 2\ncvserver.exe" /SERVICE []
S3 ncvhook;ncvhook;C:\Windows\system32\DRIVERS\ncvhook.sys [2007-09-30 17:54]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-10-18 02:09]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-10-18 02:09]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-13 18:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c8f1a26-db2b-11dc-afea-001b24c8b8cc}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9f2c333-dd4a-11dc-b6e4-001b24c8b8cc}]
\shell\AutoRun\command - 0hct8ybw.bat
\shell\explore\Command - 0hct8ybw.bat
\shell\open\Command - 0hct8ybw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dec108f9-089b-11dd-bc5f-001b24c8b8cc}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 12:49:58
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-16 12:52:10
ComboFix-quarantined-files.txt 2008-04-16 10:51:22

Pre-Run: 52,436,332,544 octets libres
Post-Run: 52,404,387,840 octets libres
.
2008-04-15 21:59:45 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:00, on 16/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\My Files\Programs\FlashGet\flashget.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\QuickPlay\QP.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\My Files\Setup Files\Antivirus\anti spyware\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\My Files\Programs\FlashGet\jccatch_1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\My Files\Programs\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {C130E860-7C1C-44F0-996C-1F995C10B61E} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Flashget] C:\My Files\Programs\FlashGet\flashget.exe /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Steam] "c:\pacsteam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ccleaner] "C:\My Files\Programs\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\My Files\Programs\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\My Files\Programs\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash by &GetFlash - C:\PROGRA~1\GetFlash\getflash.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\My Files\Programs\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\My Files\Programs\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fich ... 0_4_13.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ?$??I2????,C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Net Control 2 Remote Desktop Server Service (NC2RemoteDesktop) - Unknown owner - C:\Program Files\Net Control 2\ncvserver.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12724 bytes

Le système est presque clean, on va faire un dernier petit script pour rétablir des paramètres qui ont pu être altérés et 2-3 petites choses dans la base de registre. Voici le script.

File::
C:\Windows\system32\iiffdddA.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C14E6230-757D-4246-81CE-B34E2940C722}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9f2c333-dd4a-11dc-b6e4-001b24c8b8cc}]

Il faudra sans doute redémarrer si ComboFix ne le fait pas pour toi.
Après redémarrage, réactive l'UAC :

* Démarrer > Panneau de Configuration
* Double clique sur l'icône Comptes d'utilisateurs
* Clique ensuite sur Activer et valide.

@ toute

j fé koi avec ce script
La même chose que celui d'avant , avec le meme nom du fichier texte et j l'execute avec combofix ???

d'abord j vous remerci d'avoir rendu mon system clean

merci bcp bcp je sais pas comment vous remercier
en verité tellement que je suis imressionné avec votre travail , j fais des publicité de votre site
d ailleur, j invite même mes amis qui ont des problemes à vous contacter , si non j vois pas comment j pourrai vous remercier


au sujet de la suite voila :
bon j ai fé la meme chose que dans l precedent , et voici l rapport :


ComboFix 08-04-15.4 - Younes 2008-04-16 20:45:54.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.950 [GMT 2:00]
Endroit: C:\Users\Younes\Desktop\ComboFix.exe
Command switches used :: C:\Users\Younes\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\system32\iiffdddA.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.

2008-04-16 04:04 . 2008-04-16 04:04 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-04-16 04:04 . 2008-04-16 04:04 <REP> d-------- C:\ProgramData\WindowsSearch
2008-04-15 20:38 . 2008-04-15 20:48 691 --a------ C:\Users\Younes\AppData\Roaming\GetValue.vbs
2008-04-15 20:38 . 2008-04-15 20:48 35 --a------ C:\Users\Younes\AppData\Roaming\SetValue.bat
2008-04-15 20:10 . 2008-04-15 20:13 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-15 20:10 . 2008-04-15 20:11 <REP> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-15 20:08 . 2008-04-15 20:08 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-04-15 12:35 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-04-15 12:35 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-04-15 12:35 . 2008-04-14 19:28 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-04-15 12:35 . 2008-04-12 13:49 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-04-15 12:35 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-15 12:35 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-15 12:35 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-04-15 05:21 . 2008-04-15 23:11 <REP> d-------- C:\Users\Younes\AppData\Roaming\ma-config.com
2008-04-15 05:21 . 2008-04-15 05:21 <REP> d-------- C:\Program Files\ma-config.com
2008-04-15 03:04 . 2008-04-15 03:04 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-04-14 13:16 . 2008-04-14 13:23 <REP> d-------- C:\Users\Younes\AppData\Roaming\Dev-Cpp
2008-04-14 13:12 . 2008-04-14 21:56 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-04-13 20:28 . 2008-04-13 20:29 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-13 18:35 . 2008-04-16 17:30 <REP> d-------- C:\PacSteam
2008-04-13 16:37 . 2008-04-13 16:36 737,280 --a------ C:\Windows\iun6002.exe
2008-04-13 16:36 . 2008-04-13 16:36 <REP> d-------- C:\Windows\System32\athan
2008-04-13 16:36 . 2008-04-13 16:37 <REP> d-------- C:\Program Files\Athan
2008-04-13 02:32 . 2008-04-13 02:32 <REP> d-------- C:\Users\Younes\AppData\Roaming\JLC's Software
2008-04-13 02:32 . 2008-04-13 02:32 <REP> d-------- C:\Program Files\JLC's Software
2008-04-13 01:22 . 2008-04-13 01:22 <REP> d-------- C:\Program Files\WinISO
2008-04-12 21:45 . 2008-04-12 21:45 <REP> d-------- C:\Program Files\Cedelia
2008-04-09 09:18 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-09 09:18 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-09 09:18 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 09:17 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-09 09:17 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-09 09:17 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-09 09:17 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-09 09:17 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 09:17 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-09 09:17 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 09:17 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 09:17 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 09:17 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 09:16 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-08 18:53 . 2008-04-08 18:53 91,700 --a------ C:\Windows\System32\drivers\klin.dat
2008-04-08 18:53 . 2008-04-08 18:53 85,860 --a------ C:\Windows\System32\drivers\klick.dat
2008-04-08 18:49 . 2008-04-16 14:41 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-08 18:49 . 2008-04-16 14:41 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-04-08 18:49 . 2008-04-16 20:55 119,492,384 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-04-08 18:49 . 2008-04-16 14:39 1,556,360 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-04-08 14:50 . 2008-04-08 17:27 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-04-08 14:48 . 2008-04-08 14:48 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-08 14:48 . 2008-04-08 14:48 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-04-08 02:14 . 2008-04-08 02:14 <REP> d-------- C:\Users\Younes\AppData\Roaming\ESET
2008-04-08 02:12 . 2008-04-08 02:12 <REP> d-------- C:\Users\All Users\ESET
2008-04-08 02:12 . 2008-04-08 02:12 <REP> d-------- C:\ProgramData\ESET
2008-03-30 01:33 . 2008-03-30 01:37 576 --a------ C:\Windows\settings.cfg
2008-03-29 15:44 . 2008-03-29 15:44 <REP> d-------- C:\Users\All Users\Office Genuine Advantage
2008-03-29 15:44 . 2008-03-29 15:44 <REP> d-------- C:\ProgramData\Office Genuine Advantage
2008-03-28 16:46 . 2008-03-28 16:46 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-25 05:48 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-03-25 05:48 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-03-25 05:46 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-03-25 05:45 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-03-25 05:44 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-03-25 05:43 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-03-25 05:42 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-03-25 05:42 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-03-25 05:42 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-03-25 05:42 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-03-25 05:42 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-03-25 05:42 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-03-25 05:42 . 2006-11-02 11:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-03-25 05:42 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-03-25 05:42 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-03-25 05:42 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-03-24 22:18 . 2008-04-16 14:39 12 --a------ C:\Windows\bthservsdp.dat
2008-03-21 08:11 . 2008-03-21 08:17 <REP> d-------- C:\Program Files\Common Files\Nero
2008-03-21 02:31 . 1997-07-19 17:55 1,347,344 --a------ C:\Windows\System32\Msvbvm50.dll
2008-03-21 02:31 . 1997-07-19 17:55 1,347,344 --a------ C:\Windows\system\Msvbvm50.dll
2008-03-20 22:05 . 2008-03-20 22:05 <REP> d-------- C:\Users\All Users\LightScribe
2008-03-20 22:05 . 2008-03-20 22:05 <REP> d-------- C:\ProgramData\LightScribe
2008-03-20 18:22 . 2008-03-20 18:27 <REP> d-------- C:\Users\All Users\Quark
2008-03-20 18:22 . 2008-03-20 18:27 <REP> d-------- C:\ProgramData\Quark
2008-03-20 17:57 . 2008-04-16 15:19 69 --a------ C:\Windows\NeroDigital.ini
2008-03-20 16:46 . 2008-03-20 14:51 290 --a------ C:\Windows\AntiTrial.ini
2008-03-20 16:40 . 2008-03-20 16:40 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-20 15:34 . 2008-03-20 15:34 <REP> d-------- C:\Users\Younes\AppData\Roaming\Nero
2008-03-20 15:25 . 2008-03-21 08:11 <REP> d-------- C:\Users\All Users\Nero
2008-03-20 15:25 . 2008-03-21 08:11 <REP> d-------- C:\ProgramData\Nero
2008-03-20 15:25 . 2008-03-20 15:25 <REP> d-------- C:\Program Files\Nero
2008-03-20 14:51 . 2008-03-20 14:51 251 --a------ C:\Windows\AntiTrial.bin
2008-03-17 10:25 . 2008-04-16 12:02 26 --a------ C:\Windows\popcinfo.dat
2008-03-17 10:11 . 2008-03-17 10:11 <REP> d-------- C:\Users\All Users\Steam
2008-03-17 10:11 . 2008-03-17 10:13 <REP> d-------- C:\Users\All Users\PopCap Games
2008-03-17 10:11 . 2008-03-17 10:11 <REP> d-------- C:\ProgramData\Steam
2008-03-17 10:11 . 2008-03-17 10:13 <REP> d-------- C:\ProgramData\PopCap Games
2008-03-17 02:27 . 2008-03-17 02:27 <REP> d-------- C:\Program Files\Common Files\Thraex Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 18:14 --------- d-----w C:\Users\Younes\AppData\Roaming\Roxio
2008-04-16 17:45 --------- d-----w C:\Users\Younes\AppData\Roaming\Skype
2008-04-16 16:51 --------- d-----w C:\Users\Younes\AppData\Roaming\skypePM
2008-04-16 10:10 27,934 ----a-w C:\Users\Younes\AppData\Roaming\nvModes.dat
2008-04-15 18:48 7,796 ----a-w C:\Windows\System32\tmp.reg
2008-04-15 18:17 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-15 16:18 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 11:08 --------- d-----w C:\ProgramData\eMule
2008-04-14 20:24 --------- d-----w C:\Users\Younes\AppData\Roaming\LimeWire
2008-04-14 11:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 10:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-13 18:45 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-09 15:29 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 00:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-08 00:00 --------- d-----w C:\ProgramData\Symantec
2008-04-08 00:00 --------- d-----w C:\Program Files\Symantec
2008-04-02 19:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 00:42 --------- d-----w C:\Users\Younes\AppData\Roaming\Winamp
2008-03-29 13:54 --------- d-----w C:\Program Files\Windows Live
2008-03-29 13:50 --------- d-----w C:\ProgramData\WLInstaller
2008-03-25 20:02 174 --sha-w C:\Program Files\desktop.ini
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Journal
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Defender
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-25 19:48 --------- d-----w C:\Program Files\Windows Calendar
2008-03-25 04:03 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-25 04:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-21 00:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 22:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 20:57 --------- d-----w C:\ProgramData\Roxio
2008-03-11 03:05 --------- d-----w C:\Program Files\Custom-Strike
2008-03-10 11:37 --------- d-----w C:\Program Files\Java
2008-03-07 02:56 --------- d---a-w C:\ProgramData\TEMP
2008-03-07 02:29 --------- d-----w C:\Program Files\Deskshare
2008-03-07 02:20 --------- d-----w C:\Program Files\Common Files\DeskShare Shared
2008-03-06 03:27 --------- d-----w C:\Users\Younes\AppData\Roaming\vlc
2008-03-06 03:26 --------- d-----w C:\Program Files\VideoLAN
2008-03-04 03:31 --------- d-----w C:\Users\Younes\AppData\Roaming\Shareaza
2008-03-02 20:31 --------- d-----w C:\Users\Younes\AppData\Roaming\ZC Dream Photo
2008-03-02 04:55 --------- d-----w C:\Users\Younes\AppData\Roaming\Windows Live Writer
2008-03-02 04:39 --------- d-----w C:\Program Files\No-IP
2008-03-02 04:38 --------- d-----w C:\Program Files\Net Control 2
2008-03-02 04:37 --------- d-----w C:\Program Files\sXe Injected
2008-02-29 21:20 --------- d-----w C:\Users\Younes\AppData\Roaming\Configuration
2008-02-26 20:36 --------- d-----w C:\Program Files\LopSDV
2008-02-26 18:52 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-26 18:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 18:37 --------- d-----w C:\Program Files\MSN Messenger
2008-02-26 03:28 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-02-25 02:14 --------- d-----w C:\ProgramData\Messenger Plus!
2008-02-24 01:28 --------- d-----w C:\ProgramData\Microsoft Corporation
2008-02-24 01:26 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-02-23 15:29 --------- d-----w C:\ProgramData\CyberLink
2008-02-23 14:52 --------- d-----w C:\ProgramData\POP3Profiles
2008-02-23 14:51 --------- d-----w C:\ProgramData\Sonic
2008-02-23 14:22 --------- d-----w C:\ProgramData\NVIDIA
2008-02-23 14:22 --------- d-----w C:\ProgramData\Lavasoft
2008-02-23 14:22 --------- d-----w C:\ProgramData\HP
2008-02-23 14:22 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-23 14:22 --------- d-----w C:\ProgramData\Adobe Systems
2008-02-23 14:21 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-23 14:21 --------- d-----w C:\ProgramData\Skype
2008-02-23 14:20 --------- d-----w C:\ProgramData\Trymedia
2008-02-23 13:56 --------- d-----w C:\ProgramData\ProgramData
2008-02-23 04:50 --------- d-----w C:\Program Files\Common Files\NSV
2008-02-22 19:14 --------- d-----w C:\Program Files\Microsoft Works
2008-02-22 19:14 --------- d-----w C:\Program Files\Google
2008-02-22 19:14 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-22 19:14 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-21 21:03 --------- d-----w C:\Program Files\BitTorrent
2008-02-21 20:53 --------- d-----w C:\Users\Younes\AppData\Roaming\BitTorrent
2008-02-21 00:28 --------- d-----w C:\Program Files\MediaEldoradoCodec
2008-02-18 21:24 --------- d-----w C:\Program Files\DivX
2008-02-18 00:42 --------- d-----w C:\Program Files\Sony Setup
2008-02-17 23:50 --------- d-----w C:\Users\Younes\AppData\Roaming\Sony
2008-02-17 21:44 --------- d-----w C:\Program Files\GetFlash
2008-02-17 15:40 --------- d-----w C:\Program Files\HHD Software
2008-02-17 13:26 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-17 13:26 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-17 13:25 --------- d-----w C:\Program Files\Skype
2008-02-17 11:21 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-02-17 11:02 58,904 ----a-w C:\Windows\System32\is4tray.dll
2008-02-08 16:37 219,664 ----a-w C:\Windows\System32\klogon.dll
2008-02-04 17:23 693,792 ----a-w C:\Windows\System32\OGACheckControl.DLL
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-29 01:53 612,864 ----a-w C:\Windows\System32\x264vfw.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
.

((((((((((((((((((((((((((((( snapshot_2008-04-16_12.51.07.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 09:06:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-16 12:40:31 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-16 09:07:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-16 12:40:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-16 09:07:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-16 12:40:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-16 10:22:09 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-16 18:55:49 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-16 09:09:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-16 15:18:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-16 15:18:33 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-16 10:44:05 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-16 18:49:31 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-16 09:10:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-16 12:43:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-16 12:43:47 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-16 09:12:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-16 18:37:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-16 09:12:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-16 18:37:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-16 09:12:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-16 18:37:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-16 09:10:58 9,498 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-966014692-314144330-3634896158-1000_UserData.bin
+ 2008-04-16 12:44:47 9,514 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-966014692-314144330-3634896158-1000_UserData.bin
- 2008-04-16 09:10:57 76,270 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-16 12:44:47 76,356 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-16 09:10:49 45,746 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-16 12:44:39 46,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 12:02 482760]
"Steam"="c:\pacsteam\steam.exe" [2008-04-13 18:38 1271032]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"ccleaner"="C:\My Files\Programs\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2008-01-19 09:33 49664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 09:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 09:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 09:05 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:24 1024000]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"Flashget"="C:\My Files\Programs\FlashGet\flashget.exe" [2007-09-25 10:10 2007088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=?$??I2????,C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F31761E5-80D6-4B35-A236-9EB3B7367415}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{215FBE56-B330-47FA-8A2A-9AA6613A6305}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{875F1762-79BF-49AF-AE97-AA5BC085BA41}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7AB7F30E-297A-4CA5-BBF1-BC91297AD1DC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DF19AA5F-7DD8-4EC8-9E36-B343FFD05B3F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{762A60F9-58D2-4344-89B2-8CF01B25AAA0}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1BF04210-AC18-4AC0-A73F-C674FABA20A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1CCD7C8F-E293-48F2-8E42-C8FC06550D7F}"= UDP:C:\My Files\Programs\LimeWire\LimeWire.exe:LimeWire
"{E8F4BFBA-9B1F-4493-BD62-CC4893BC02E4}"= TCP:C:\My Files\Programs\LimeWire\LimeWire.exe:LimeWire
"{7D948B97-8715-4C5D-AC47-F88CD71C26F8}"= UDP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{06D7BF47-C3B1-4E3B-B17E-BCACA044CC32}"= TCP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{CE2FB6EE-FF9B-4E6F-803D-AF9C40B38F79}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C6CE629-0FD7-4DAE-827D-22C7420BD4A5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7FFCAAE3-1905-4E32-852E-728EAF0F8713}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{648525E5-BBBE-42AC-9F1C-89C1AD9AFB96}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7B465427-4B31-4A98-BB79-B9A897423CE8}C:\\my files\\programs\\emule\\emule.exe"= UDP:C:\my files\programs\emule\emule.exe:eMule
"UDP Query User{A375CB6C-AC58-42ED-A118-63CBBC7D691D}C:\\my files\\programs\\emule\\emule.exe"= TCP:C:\my files\programs\emule\emule.exe:eMule
"TCP Query User{3770EDD6-2951-4009-80FE-0D4FBB4762BF}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{9E5BE247-0994-4FB5-8701-27698B67E9D4}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{34A4D864-6886-47A2-A9C9-A593DC6BE183}"= UDP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{A051865C-4C82-42A6-B923-A8F77F3E4386}"= TCP:C:\My Files\Games\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{2F6F40A0-54FA-4BD9-B387-6E2DCC481176}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D4A9EE0C-E1BC-4D8D-875C-CFE0C4CC1723}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\My Files\\Programs\\BitTorrent\\bittorrent.exe"= C:\My Files\Programs\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 NC2RemoteDesktop;Net Control 2 Remote Desktop Server Service;"C:\Program Files\Net Control 2\ncvserver.exe" /SERVICE []
S3 ncvhook;ncvhook;C:\Windows\system32\DRIVERS\ncvhook.sys [2007-09-30 17:54]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-10-18 02:09]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-10-18 02:09]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-13 18:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c8f1a26-db2b-11dc-afea-001b24c8b8cc}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dec108f9-089b-11dd-bc5f-001b24c8b8cc}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 20:56:00
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-04-16 20:59:41
ComboFix-quarantined-files.txt 2008-04-16 18:58:30

Pre-Run: 54,027,214,848 octets libres
Post-Run: 53,990,776,832 octets libres
.
2008-04-15 21:59:45 --- E O F ---

Oui, c'était bine ça : même chose que pour l'autre script.

Le système semble ok. Est-ce qu'il y a encore des symptômes anormaux ?

Merci pour la pub.

euuhh non j vois pas
si non
voici un rapport hijackthis si vous voulez et merci encore une fois :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:22, on 16/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\My Files\Programs\FlashGet\flashget.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PacSteam\Steam.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\My Files\Setup Files\Antivirus\anti spyware\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\My Files\Programs\FlashGet\jccatch_1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\My Files\Programs\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {C130E860-7C1C-44F0-996C-1F995C10B61E} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Flashget] C:\My Files\Programs\FlashGet\flashget.exe /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Steam] "c:\pacsteam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ccleaner] "C:\My Files\Programs\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\My Files\Programs\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\My Files\Programs\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash by &GetFlash - C:\PROGRA~1\GetFlash\getflash.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\My Files\Programs\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\My Files\Programs\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fich ... 0_4_13.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ?$??I2????,C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Net Control 2 Remote Desktop Server Service (NC2RemoteDesktop) - Unknown owner - C:\Program Files\Net Control 2\ncvserver.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12728 bytes

Clean.

Réactive l'UAC si ce n'est pas fait, ça protège bien.

Un peu de lecture, pour les conseils (p2p amène des saletés...) et comprendre les mécanismes pour se proéteger, car c'est je crois ta 2eme désinfection ici.
prevention-comment-eviter-bien-des-infections-t24540.html

oui c la deuxieme fois
si non j ai desinstallé emule il reste que limewire
a part ça j ai jamais eu de virus par logiciel de peer to peer
si non bein cette fois la source du virus etait d un crack que j ai telechargé pour un programme

en tout cas , merci bcp pour tout et encore mille fois merci.

bonjour Falkra,

Y a encore un probleme que j ai pas remarqué,
les racourcis du menu demarrer ne fonctionnent plus !!!

comment j fé pour les remettre comme avant ??

Re. Est-ce que ceux du bureau fonctionnent ?

oui

c celles du menu demarrer qui ne fonctionnent plus

Et les raccourcis sont là ? Il y a les listes.
Quand tu cliques, il y a un message d'erreur (si oui lequel) ?

euhh non
les icones elle sont là , kan j essai de les executer , ya rien qui se passe
j met une image pour vous montrer les fichiers comment ils sont

Hum, en faisant clic droit propriétés sur un des raccourcis, le contenu est ok ?

non j crois pas
voici un aperçu de proprieté du raccourcis windows movie maker

Est-ce que tu as utilisé un nettoyeur de registre dernièrement (CCleaner, etc) ?