Virus: heur:trojan.win32.invader

psy -  
 squalegend -
Je n'y connait rien en virus mais je crois que j'en ai plusieurs soit:
Virus:
heur:trojan.win32.invader
heur:trojann-dropper.script.generic

cheval de troie:

backdoor.win32.bifrose.ajwv
trojan.win32.agent.rzw
trojan-dropper.win32.agent.acvm
packed.win32.mondera.a
trojan-dropper.win32.agent.agfl
trojan-downloader.win32.suurch.ip

je suis très ennuyer car mon ordinateur est mon outil de travail et il est quasiment bloqué par ces processus.
je sui sous vista c un ordi portable packard bell
mon antivirus est kaspersky 2009
en fait je lavais désactivé et jai choppé ces virus.
je compte sur vous pour m'aiguiller je vous remercie d'avance.
Configuration: Windows Vista
Firefox 3.0.5

26 réponses

  • 1
  • 2
  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour,

    Pour commencer nous allons voir ce qui ce passe sur ton PC

    1/
    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Vas dans "Démarrer" puis Panneau de configuration.
    - Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
    - Clique sur Continuer.
    - Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
    - Valide par OK et redémarre.

    2/
    Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
    http://images.malwareremoval.com/random/RSIT.exe
    * Double-clique sur RSIT.exe afin de lancer RSIT.
    * Clique sur Continue à l'écran Disclaimer.
    * Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
    * Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    --> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    Note : Les deux rapports sont également sauvegardés C:\rsit

    @+

    0
  2. psy
     
    et bien voila

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Rom@in at 2009-02-04 20:46:14
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 34 GB (32%) free of 106 GB
    Total RAM: 2046 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:47:00, on 04/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\Temp\winlognn.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Rom@in\Desktop\RSIT.exe
    C:\Program Files\trend micro\Rom@in.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/alrefai/login.live.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by ( ProoHack )X =~-.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: C:\Windows\system32\hsfd83jfdg.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hsfd83jfdg.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\Windows\Temp\winlognn.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\Windows\Temp\winlognn.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
    O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\Windows\system32\hsfd83jfdg.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Ok c'est partit !

    Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Déconnecte toi d'internet et ferme toutes tes applications.

    * Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,

    * Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.

    * /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\

    * Attends que Combofix ait terminé, un rapport sera créé.

    * réactive ton parefeu, ton antivirus, la garde de ton antispyware

    * copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt

    * Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.

    @+
    0
  4. psy
     
    heu deux secondes tu dit: copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
    dc en fait je kan le raport est fini tu ve que je te le post com lotre?
    en atendant ta reponse je fai la manip
    merci pour ton aide
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Oui lance le logiciel et poste le rapport, tout comme le premier sauf que celui-ci tu le trouveras dans C:\Combofix.txt
    0
  7. psy
     
    ok ben voila

    je pense avoir fait comme il faut

    ComboFix 09-02-04.01 - Rom@in 2009-02-04 21:18:43.1 - NTFSx86
    Lancé depuis: C:\Users\Rom@in\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    C:\Users\Rom@in\AppData\Local\ecaacey.dat
    C:\Users\Rom@in\AppData\Local\ecaacey_nav.dat
    C:\Users\Rom@in\AppData\Local\ecaacey_navps.dat
    C:\Users\Rom@in\AppData\Local\zviwjey.dat
    C:\Users\Rom@in\AppData\Local\zviwjey_nav.dat
    C:\Users\Rom@in\AppData\Local\zviwjey_navps.dat
    C:\Users\Rom@in\AppData\Roaming\addons.dat
    C:\Windows\system32\config\systemprofile\AppData\Roaming\addons.dat
    C:\Windows\system32\hs78k4rgf4d.dll
    C:\Windows\system32\hsfd83jfdg.dll
    C:\Windows\system32\winspool.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-04 au 2009-02-04 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-04 20:46 . 2009-02-04 20:47 <REP> d-------- C:\rsit
    2009-02-04 20:46 . 2009-02-04 20:47 <REP> d-------- C:\Program Files\trend micro
    2009-02-04 19:04 . 2009-02-04 19:04 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
    2009-02-04 17:48 . 2009-02-04 17:48 33,808 --a------ C:\Windows\System32\drivers\klbg.sys
    2009-02-04 15:35 . 2009-02-04 21:25 557,088 --ahs---- C:\Windows\System32\drivers\fidbox2.dat
    2009-02-04 15:35 . 2009-02-04 21:25 2,984 --ahs---- C:\Windows\System32\drivers\fidbox2.idx
    2009-02-04 15:27 . 2009-02-04 17:48 101,287 --a------ C:\Windows\System32\drivers\klin.dat
    2009-02-04 15:27 . 2009-02-04 17:48 89,601 --a------ C:\Windows\System32\drivers\klick.dat
    2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2009-02-04 13:33 . 2009-02-04 13:33 <REP> d-------- C:\Program Files\CCleaner
    2009-02-04 13:31 . 2009-02-04 13:32 <REP> d-------- C:\Users\All Users\Lavasoft
    2009-02-04 13:31 . 2009-02-04 13:32 <REP> d-------- C:\ProgramData\Lavasoft
    2009-02-04 13:31 . 2009-02-04 18:39 <REP> d-------- C:\Program Files\Lavasoft
    2009-02-04 03:36 . 2009-02-04 03:36 <REP> d-------- C:\Users\All Users\Windows Genuine Advantage
    2009-02-04 03:26 . 2009-02-04 21:22 7,807,008 --ahs---- C:\Windows\System32\drivers\fidbox.dat
    2009-02-04 03:26 . 2009-02-04 21:22 92,564 --ahs---- C:\Windows\System32\drivers\fidbox.idx
    2009-02-04 02:38 . 2009-02-04 02:38 <REP> d-------- C:\kav
    2009-02-04 02:17 . 2009-02-04 02:17 <REP> d--hs---- C:\Users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-02-04 02:17 . 2009-02-04 02:17 <REP> d--hs---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-02-03 23:03 . 2009-02-03 23:03 68,096 --a------ C:\Windows\System32\ajsjfukj.dll
    2009-02-03 23:03 . 2009-02-03 23:03 2 --a------ C:\2124311817
    2009-02-03 22:07 . 2009-02-04 17:33 <REP> d-------- C:\Windows\System32\systeme34
    2009-02-03 22:07 . 2009-02-04 18:55 412,902 -rahs---- C:\Windows\System32\winjpg.jpg
    2009-02-03 22:06 . 2007-10-19 03:38 1,437,841 --a------ C:\Windows\EBP_ComptesBancaires_2008_0_0_51.exe
    2009-02-03 21:59 . 1997-01-22 20:26 565,760 --a------ C:\Windows\System32\MSVCP50.DLL
    2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- C:\Users\Rom@in\AppData\Roaming\Nero
    2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- C:\Users\All Users\Nero
    2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- C:\ProgramData\Nero
    2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- C:\Program Files\Common Files\Nero
    2009-02-03 21:50 . 2009-02-04 13:46 <REP> d-------- C:\Windows\Nero Lite 9.2.6
    2009-02-03 21:50 . 2009-02-03 21:55 <REP> d-------- C:\Program Files\Nero
    2009-02-02 21:54 . 2009-02-02 21:54 <REP> d-------- C:\Users\Rom@in\AppData\Roaming\ArchosLink
    2009-02-02 21:44 . 2009-02-02 21:44 <REP> d-------- C:\Program Files\Archos
    2009-02-02 12:00 . 2009-02-04 20:27 <REP> d-------- C:\Windows\Speeditup Free
    2009-02-02 12:00 . 2009-02-02 12:03 <REP> d-------- C:\Program Files\Speeditup Free
    2009-01-20 18:12 . 2009-01-20 18:12 <REP> d-------- C:\Program Files\Electronic Arts
    2009-01-20 12:38 . 2009-01-20 13:27 <REP> d-------- C:\Users\Rom@in\AppData\Roaming\Red Alert 3
    2009-01-20 11:48 . 2009-01-20 11:48 7,456 --a------ C:\Windows\System32\ealregsnapshot1.reg
    2009-01-14 23:27 . 2008-12-16 03:42 288,768 --a------ C:\Windows\System32\drivers\srv.sys
    2009-01-14 17:35 . 2009-01-14 17:35 <REP> d-------- C:\Users\Rom@in\AppData\Roaming\Ubisoft
    2009-01-13 23:47 . 2009-01-13 23:47 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-01-07 11:15 . 2009-01-07 11:15 <REP> d-------- C:\Program Files\DivX

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-04 20:26 --------- d-----w C:\ProgramData\Kaspersky Lab
    2009-02-04 19:27 --------- d-----w C:\Program Files\Total Video Converter
    2009-02-04 19:27 --------- d-----w C:\Program Files\Steam
    2009-02-04 19:27 --------- d-----w C:\Program Files\Screamer Radio
    2009-02-04 19:27 --------- d-----w C:\Program Files\QuickTime
    2009-02-04 19:27 --------- d-----w C:\Program Files\Opera
    2009-02-04 19:09 --------- d-----w C:\Program Files\IviCam
    2009-02-04 19:09 --------- d-----w C:\Program Files\HDReg
    2009-02-04 19:09 --------- d-----w C:\Program Files\Almacom
    2009-02-04 17:56 --------- d-----w C:\Program Files\Activision 2
    2009-02-04 14:25 --------- d-----w C:\Program Files\Kaspersky Lab
    2009-02-04 13:33 --------- d-----w C:\Program Files\DAEMON Tools
    2009-02-04 01:37 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
    2009-02-03 21:55 --------- d-----w C:\Users\Rom@in\AppData\Roaming\LimeWire
    2009-02-03 21:26 --------- d-----w C:\Users\Rom@in\AppData\Roaming\dvdcss
    2009-02-03 20:59 --------- d-----w C:\Program Files\Common Files\Adobe
    2009-02-03 19:59 --------- d-----w C:\Program Files\LimeWire
    2009-02-03 18:49 --------- d-----w C:\ProgramData\2DBoy
    2009-02-03 16:48 --------- d-----w C:\Program Files\JkDefrag
    2009-02-02 11:58 --------- d-----w C:\Program Files\Google
    2009-02-02 07:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2009-02-02 07:51 --------- d-----w C:\Program Files\Ubisoft
    2009-01-29 11:55 --------- d-----w C:\Users\Rom@in\AppData\Roaming\Skype
    2009-01-28 16:25 --------- d-----w C:\Users\Rom@in\AppData\Roaming\Hamachi
    2009-01-27 21:30 --------- d-----w C:\Program Files\Common Files\Steam
    2009-01-27 20:33 --------- d-----w C:\Program Files\Activision
    2009-01-27 20:08 22,328 ----a-w C:\Users\Rom@in\AppData\Roaming\PnkBstrK.sys
    2009-01-20 16:19 --------- d-----w C:\ProgramData\Electronic Arts
    2009-01-20 11:17 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2009-01-15 19:24 --------- d-----w C:\Program Files\Packard Bell
    2009-01-15 19:21 --------- d-----w C:\Program Files\VirtualDJ
    2009-01-15 19:20 --------- d-----w C:\Users\Rom@in\AppData\Roaming\Wallpaper
    2009-01-15 19:20 --------- d-----w C:\Program Files\Windows Live
    2009-01-15 11:39 --------- d-----w C:\Program Files\Windows Mail
    2009-01-15 11:38 --------- d-----w C:\ProgramData\Microsoft Help
    2009-01-14 16:35 --------- d-----w C:\ProgramData\Ubisoft
    2009-01-12 00:32 --------- d-----w C:\ProgramData\ma-config.com
    2009-01-12 00:32 --------- d-----w C:\Program Files\ma-config.com
    2008-12-28 17:56 --------- d-----w C:\Program Files\HP
    2008-12-28 17:55 --------- d-----w C:\ProgramData\HP
    2008-12-28 16:09 --------- d-----w C:\ProgramData\WEBREG
    2008-12-28 16:06 --------- d-----w C:\Users\Rom@in\AppData\Roaming\HP
    2008-12-28 15:54 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
    2008-12-28 15:51 --------- d-----w C:\ProgramData\Hewlett-Packard
    2008-12-19 13:15 158,657,136 ----a-w C:\Users\Public\tom_clancy_s_rainbow_six_vegas_2_pack_de_trois_cartes_multi-langues_248150.exe
    2008-12-19 13:13 95,700,424 ----a-w C:\Users\Public\tom_clancy_s_rainbow_six_vegas_2_patch_v1.03_multi-langues_247890.exe
    2008-12-10 10:55 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
    2008-12-08 14:09 --------- d-----w C:\Users\Rom@in\AppData\Roaming\FileSubmit
    2008-12-01 19:47 30,544 ----a-w C:\Windows\dirdib.drv
    2008-12-01 19:47 30,464 ----a-w C:\Windows\macromix.dll
    2008-11-24 18:25 302,352 ----a-w C:\Windows\System32\MSWNG300.DLL
    2008-11-06 16:35 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-11-06 16:35 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-08-12 14:51 174 --sha-w C:\Program Files\desktop.ini
    2008-08-26 01:00 48,591,904 --sha-w C:\Windows\System32\drivers\fidbox(180).dat
    .

    ------- Sigcheck -------

    2008-10-29 07:29 2944000 c42493a773ebb6a1e8d186a224bc4a21 C:\Windows\explorer.exe
    2006-11-02 10:45 2940416 ac6816f454eb2a13ec1827c9f41e8aaf C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
    2008-03-07 21:30 2940416 25178ba59d1c4bf07a49bd4f640b40d1 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
    2008-10-29 07:20 2940416 20527022b54a2675948feef222ead5eb C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    2008-03-07 21:30 2940416 11dd113e63f57f0bb1ac009673db9a41 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
    2008-10-28 03:15 2940416 033a1ebd8157d43b60be2c4c1e211bd5 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    2008-01-19 08:33 2944000 8e9d5fdf012f3bb26267267cd046da66 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
    2008-10-29 07:29 2944000 c42493a773ebb6a1e8d186a224bc4a21 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    2008-10-30 04:59 2944512 25f1f13a14ca67c78a8c489889fff089 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

    2006-11-02 10:45 25600 25abc30234606a14d35f0ac6ed07aa78 C:\Windows\System32\ctfmon.exe
    2006-11-02 10:45 25600 25abc30234606a14d35f0ac6ed07aa78 C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

    2008-01-19 08:33 41984 80926efb8623fbde9d7f58f6aa287e2b C:\Windows\System32\userinit.exe
    2006-11-02 10:45 41472 53c515d9d909829e0bfe1de75965fdb9 C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
    2008-01-19 08:33 41984 80926efb8623fbde9d7f58f6aa287e2b C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 142848]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 10:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 14:24 857648]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 17:48 201992]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 12:26 4722688 C:\Windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= i420vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    --a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-10-18 10:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    "Steam"="c:\program files\steam\steam.exe" -silent
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    "Skytel"=Skytel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{296BA58F-6BF0-46F7-B366-53F64AA89475}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{3D0948E9-CC72-4220-9BD3-D4301BDC76AE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{77E88F26-A7E4-44D3-A36B-6F8F4CD9944B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{404A384C-475E-4266-9642-F669E3F32E2E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
    "{04AA1113-4B11-4A34-907F-F47CF4ACF163}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{13D72760-E5E8-4DDA-898A-131DC5BF04F7}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
    "{F9F36169-06AF-4F1D-A624-A561D3A1B158}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{299CF05E-ABB0-43CE-8057-2B54219600AD}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{C1760B7C-8041-49BC-A32C-EB3AE6D607A5}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "{512D9052-1079-4ACC-98BF-90B7300C2330}"= UDP:C:\Program Files\IviCam\Ivicam.exe:Ivisible_Ivicam
    "{07F6622C-F2D5-49EB-B4C0-6C8FF09AB474}"= TCP:C:\Program Files\IviCam\Ivicam.exe:Ivisible_Ivicam
    "{8E25028B-0F7D-4F82-8D30-3D0288523415}"= UDP:C:\Program Files\IviCam\BackSurvey.exe:Ivisible_BackSurvey
    "{55DDC04F-4EBB-4E9B-9D0E-68969C19C8F1}"= TCP:C:\Program Files\IviCam\BackSurvey.exe:Ivisible_BackSurvey
    "{48B741E7-68D0-4E2A-B9E3-48E90BC77F38}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
    "{F5A55FF4-75AE-46F5-8DD6-D5DDF4904F68}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
    "{585DE286-A6C5-4A44-BDFB-EC806EB8F6A7}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
    "{56D26A8E-1CE5-4F63-9925-A85303B0466C}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
    "{4C274173-2090-4683-983C-ECF6BED7AB8E}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
    "{18F3607F-71CB-4934-AD9D-4F98E40CB8C7}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
    "TCP Query User{0441FBB9-6621-4204-8199-6D0765984332}C:\\vdp\\vdp.exe"= UDP:C:\vdp\vdp.exe:Video surveillance PRO 2008
    "UDP Query User{77FE77AD-3136-410E-8E83-AD7607726D8B}C:\\vdp\\vdp.exe"= TCP:C:\vdp\vdp.exe:Video surveillance PRO 2008
    "TCP Query User{567DE03A-35DE-475F-8B23-8B084CB05530}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
    "UDP Query User{99F07889-BA5C-4429-B7DB-230DC895A9BD}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
    "TCP Query User{E59AFF37-0BCD-4F2C-B4DC-2080542F88E5}C:\\program files\\steam\\steamapps\\halflife666173\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\halflife666173\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{A71EDBCC-B42F-4258-8312-BBFC5A84C615}C:\\program files\\steam\\steamapps\\halflife666173\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\halflife666173\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{4EA5D000-2A6C-423B-9D15-838AC67F7E23}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "UDP Query User{9355024F-7529-48A4-914F-931A0D48B67F}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "{9155BCFF-A2E5-4CC9-8FA6-4D11214AF60F}"= UDP:C:\Program Files\Activision 2\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{4764B527-E00D-4510-8E84-C6940F51C02C}"= TCP:C:\Program Files\Activision 2\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{C179472B-C2B9-4333-B612-44CCB916110D}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{AB04E4D7-DD13-4AB1-97A0-05F45D46A63F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{FDFCBB91-73EC-45BA-8576-712D3191EDDE}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
    "UDP Query User{1C950941-F073-42AE-A202-841D7FE206E3}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
    "{F491972D-BBFA-49B3-804E-0C43F51F0824}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{0FED9D4B-94E9-419A-8A70-C3B4054E54E0}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{81745D56-1089-462F-8C38-8758C602B407}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{4C1E88F6-8B15-4E23-A84F-66F3A7000AFE}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
    "UDP Query User{24A0481A-DB38-4339-A925-A9CB903A1885}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
    "{C6B07663-0EEA-425C-9BF2-527CEE2848AF}"= UDP:C:\Program Files\Activision 2\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{D3330648-AB7D-4D86-A675-8378E4AF35EE}"= TCP:C:\Program Files\Activision 2\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "TCP Query User{8DFF072C-EEAB-42D2-927B-0371F4316393}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "UDP Query User{346A7F74-C406-4DFA-8B18-B823351681AF}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "TCP Query User{99B51C32-39FA-4EC0-AC84-DE05DEBAA7D1}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
    "UDP Query User{184DFEAB-7BE6-42C7-8DCE-FB0A7A6473F7}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
    "{58D3EEF9-10F8-436A-9570-C5B460088D3C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{8486DD2A-6D61-4711-BD3D-5AC3DB488B6E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{F59D30FD-F887-449C-A5CA-0E9F425A1E53}"= UDP:C:\Program Files\RayV\RayV\RayV.exe:RayV
    "{BC4E330F-FFE4-45C4-A270-F2ECCA3EE27B}"= TCP:C:\Program Files\RayV\RayV\RayV.exe:RayV
    "TCP Query User{2DAC1BBE-AB3F-46B5-B460-3AB3509E19B6}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
    "UDP Query User{9757B9E8-59C4-43CA-9910-E04C29E59FF7}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
    "TCP Query User{4FA07E38-6E6B-43DB-A77E-78A278094D9E}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
    "UDP Query User{A01E1E06-E67D-44C9-8DDF-F976B0CB75D5}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
    "TCP Query User{7E54CE3D-5FEC-4C03-878A-08E37F812F66}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "UDP Query User{FE652118-2888-4CD0-912B-C1A20E46F36D}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "{7BAEF2ED-CB68-4E8F-B4A6-E9450297FB31}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{C2697F73-09DD-466D-9508-592ABE29BD2A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{202AC6F1-B191-446F-BB76-C93A5D45DB5A}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{616CB04A-8736-42B3-8488-10C61F5F11E8}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{A8117A06-06EA-42D4-80E0-EAEC2E7CF2FB}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "{91B5601C-14E9-4EFF-8A80-87E46D06A555}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
    "TCP Query User{EBA9F7B1-4E5E-4CD1-8DAF-C332A6C53162}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{42751737-81D2-41A9-A6C6-0AA14834DE71}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{FDA8767E-CFCB-4891-B5A4-F4400B4DD3E6}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{A5AC40B7-3392-4F59-A378-97D98BAFE183}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{12449851-F88A-4082-9E83-2794AFFF0CA0}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "{6538110C-4023-45A6-A1D7-0F134C6D5DDB}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "TCP Query User{D7AC0BAD-164E-4108-9140-E486B765C8BC}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
    "UDP Query User{D08F9BDF-EDED-4A64-B3E2-34044D41644C}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
    "{8A46F6C3-BD18-4CC5-8F69-B4F2AA297C7F}"= UDP:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
    "{559562A2-0785-4453-A76F-2D0A06B5F4E1}"= TCP:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
    "{31A54D79-8AB5-46FD-A725-FF64A0000DA6}"= UDP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
    "{FAFFC9F1-8067-4CB8-829D-14C41A2AEF70}"= TCP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
    "{344249D8-39AE-4F96-A5C9-F8E1B10D3EE1}"= UDP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
    "{9E909346-9955-4251-B1E4-624E6DCADF4B}"= TCP:C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
    "TCP Query User{FBEF6729-024B-45BE-920C-322DAC91DF5B}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
    "UDP Query User{D20ACB91-0BFA-4C3B-BF1D-9A1F32304F5E}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Packard Bell - Skype
    "TCP Query User{E0A413A1-97AD-433C-B06B-FC566464C2C9}C:\\program files\\steam\\steamapps\\halflife666173\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\halflife666173\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{20B5A22C-1A94-4B40-AA71-5CC5E42889E5}C:\\program files\\steam\\steamapps\\halflife666173\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\halflife666173\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{22F6876E-6DB5-4BC1-9F81-CE69DEF6DF1D}C:\\program files\\steam\\steamapps\\halflife666173\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\halflife666173\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{FE1903D5-02C6-46B5-BB9F-DA9D9CB564A0}C:\\program files\\steam\\steamapps\\halflife666173\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\halflife666173\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{4ABCC412-1A01-4AEE-B2CA-B9A5CD5F4989}C:\\program files\\activision\\call of duty - world at war\\codwaw1.exe"= UDP:C:\program files\activision\call of duty - world at war\codwaw1.exe:Call of Duty(R): World at War Campaign/Coop
    "UDP Query User{ED6368AA-AEAE-4C7B-A985-8CC643B7F00D}C:\\program files\\activision\\call of duty - world at war\\codwaw1.exe"= TCP:C:\program files\activision\call of duty - world at war\codwaw1.exe:Call of Duty(R): World at War Campaign/Coop
    "TCP Query User{71EF54F6-F9F0-4489-B0E7-60F0C307FD2F}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{C49F99DE-D7E0-42FD-A3E4-0612EC15E9F3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "TCP Query User{7F38E253-393E-4B09-8961-DB9514428877}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
    "UDP Query User{4977E6F7-2C42-41EC-93BB-A61C745240A5}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
    "TCP Query User{BAF380F1-D89F-43F8-8AB8-AFDCF09ED456}C:\\kav\\kis7.0\\french\\setup.exe"= UDP:C:\kav\kis7.0\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
    "UDP Query User{AEA1AE11-DA82-4FA5-A5E5-544A45F77991}C:\\kav\\kis7.0\\french\\setup.exe"= TCP:C:\kav\kis7.0\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Windows\\system32\\wininit.exe"= C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1

    R0 klbg;klbg;C:\Windows\system32\drivers\klbg.sys [2009-02-04 17:48 33808]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10 20496]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - AFD
    *Deregistered* - atapi
    *Deregistered* - Beep
    *Deregistered* - bowser
    *Deregistered* - cdfs
    *Deregistered* - CLFS
    *Deregistered* - Compbatt
    *Deregistered* - crcdisk
    *Deregistered* - DfsC
    *Deregistered* - DXGKrnl
    *Deregistered* - fastfat
    *Deregistered* - FileInfo
    *Deregistered* - FltMgr
    *Deregistered* - Hardlock
    *Deregistered* - HTTP
    *Deregistered* - iScsiPrt
    *Deregistered* - kl1
    *Deregistered* - KLIF
    *Deregistered* - KLIM6
    *Deregistered* - KSecDD
    *Deregistered* - lltdio
    *Deregistered* - luafv
    *Deregistered* - MountMgr
    *Deregistered* - mpsdrv
    *Deregistered* - MRxDAV
    *Deregistered* - mrxsmb
    *Deregistered* - mrxsmb10
    *Deregistered* - mrxsmb20
    *Deregistered* - Msfs
    *Deregistered* - msisadrv
    *Deregistered* - mssmbios
    *Deregistered* - Mup
    *Deregistered* - NativeWifiP
    *Deregistered* - NDIS
    *Deregistered* - Ndisuio
    *Deregistered* - NdisWan
    *Deregistered* - NDProxy
    *Deregistered* - NetBIOS
    *Deregistered* - netbt
    *Deregistered* - Npfs
    *Deregistered* - nsiproxy
    *Deregistered* - Ntfs
    *Deregistered* - Null
    *Deregistered* - pciide
    *Deregistered* - PEAUTH
    *Deregistered* - PptpMiniport
    *Deregistered* - PSched
    *Deregistered* - RasAcd
    *Deregistered* - Rasl2tp
    *Deregistered* - RasPppoe
    *Deregistered* - RasSstp
    *Deregistered* - rdbss
    *Deregistered* - RDPCDD
    *Deregistered* - RDPENCDD
    *Deregistered* - RDPWD
    *Deregistered* - rspndr
    *Deregistered* - secdrv
    *Deregistered* - Smb
    *Deregistered* - spldr
    *Deregistered* - sptd
    *Deregistered* - srv
    *Deregistered* - srv2
    *Deregistered* - srvnet
    *Deregistered* - ssmdrv
    *Deregistered* - swenum
    *Deregistered* - Tcpip
    *Deregistered* - tcpipreg
    *Deregistered* - TDTCP
    *Deregistered* - tdx
    *Deregistered* - TermDD
    *Deregistered* - tssecsrv
    *Deregistered* - tunmp
    *Deregistered* - tunnel
    *Deregistered* - umbus
    *Deregistered* - VgaSave
    *Deregistered* - volmgr
    *Deregistered* - volmgrx
    *Deregistered* - volsnap
    *Deregistered* - Wanarpv6
    *Deregistered* - Wdf01000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
    \shell\dinstall\command - F:\Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f49e2de-de0e-11dc-8f46-001e8c53b5aa}]
    \shell\AutoRun\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
    \shell\open\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{855aaa2d-31fd-11dd-b641-001e8c53b5aa}]
    \shell\AutoRun\command - 8ng8w.com
    \shell\explore\Command - 8ng8w.com
    \shell\open\Command - 8ng8w.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffc9fae-ef86-11dc-9a14-001e8c53b5aa}]
    \shell\AutoRun\command - wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a389e005-273d-11dd-afa4-001e8c53b5aa}]
    \shell\AutoRun\command - 8ng8w.com
    \shell\explore\Command - 8ng8w.com
    \shell\open\Command - 8ng8w.com
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-04 C:\Windows\Tasks\Extension de garantie.job
    - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

    2009-02-04 C:\Windows\Tasks\User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job
    - C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-jsf8uiw3jnjgffght - C:\Windows\Temp\winlognn.exe
    HKU-Default-Run-jsf8uiw3jnjgffght - C:\Windows\TEMP\winlognn.exe
    MSConfigStartUp-iaumkui - c:\users\rom@in\appdata\local\iaumkui.exe
    MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\QTTask.exe

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.freewebtown.com/alrefai/login.live.html
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: localhost
    FF - ProfilePath - C:\Users\Rom@in\AppData\Roaming\Mozilla\Firefox\Profiles\ae1eae33.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.photo-trafic.com/session-du-jour.php
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: C:\Program Files\Opera\program\plugins\npdivx32.dll
    FF - plugin: C:\Program Files\Opera\program\plugins\nppdf32.dll
    FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.interval - 750000
    FF - user.js: nglayout.initialpaint.delay - 750
    .
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    1/ selectionne ceci


    File::
    C:\Windows\System32\ajsjfukj.dll
    c:\windows\temp\winlognn.exe

    Folder::
    C:\2124311817
    C:\Program Files\DaemonTools_WhenUSave_Installer


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Veille à ce que Retour à la ligne ne soit pas coché dans Format.
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

    2/ Ensuite fait analyser ces fichiers sur ce site => https://www.virustotal.com/gui/

    C:\Users\Rom@in\AppData\Roaming\PnkBstrK.sys
    C:\Windows\System32\systeme34

    3/ Télécharge CCleaner
    https://filehippo.com/download_ccleaner/
    => Aide toi de ce tuto pour l'utiliser
    http://www.swl1f.net/viewtopic.php?f=14&t=69

    4/ Télécharge malwarebytes
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    Une aide pour l'installation
    http://www.swl1f.net/viewtopic.php?f=14&t=68

    => Installe le
    => Ensuite va en mode sans echec

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

    => Lance malwarebytes
    => Coche "Executer un examen complet"
    => Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
    => Clique sur Supprimer la sélection
    => Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
    => Fait copier coller et poste le rapport

    @+
    0
  9. psy
     
    donc voila pour le début ensuite je continue a suivre tes informations en attendant merci beaucoup a toi

    ComboFix 09-02-04.01 - Rom@in 2009-02-04 22:19:32.2 - NTFSx86
    Lancé depuis: c:\users\Rom@in\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\Rom@in\Desktop\CFScript.txt

    FILE ::
    c:\windows\System32\ajsjfukj.dll
    c:\windows\temp\winlognn.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\2124311817\
    c:\program files\DaemonTools_WhenUSave_Installer
    c:\program files\DaemonTools_WhenUSave_Installer\vvsn.cfg
    c:\windows\System32\ajsjfukj.dll
    .
    ---- Exécution préalable -------
    .
    C:\Autorun.inf
    c:\users\Rom@in\AppData\Local\ecaacey.dat
    c:\users\Rom@in\AppData\Local\ecaacey_nav.dat
    c:\users\Rom@in\AppData\Local\ecaacey_navps.dat
    c:\users\Rom@in\AppData\Local\zviwjey.dat
    c:\users\Rom@in\AppData\Local\zviwjey_nav.dat
    c:\users\Rom@in\AppData\Local\zviwjey_navps.dat
    c:\users\Rom@in\AppData\Roaming\addons.dat
    c:\windows\system32\config\systemprofile\AppData\Roaming\addons.dat
    c:\windows\system32\hs78k4rgf4d.dll
    c:\windows\system32\hsfd83jfdg.dll
    c:\windows\system32\winspool.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-04 au 2009-02-04 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-04 20:46 . 2009-02-04 20:47 <REP> d-------- C:\rsit
    2009-02-04 20:46 . 2009-02-04 20:47 <REP> d-------- c:\program files\trend micro
    2009-02-04 19:04 . 2009-02-04 19:04 355,584 --a------ c:\windows\System32\TuneUpDefragService.exe
    2009-02-04 17:48 . 2009-02-04 17:48 33,808 --a------ c:\windows\System32\drivers\klbg.sys
    2009-02-04 15:35 . 2009-02-04 22:24 573,472 --ahs---- c:\windows\System32\drivers\fidbox2.dat
    2009-02-04 15:35 . 2009-02-04 22:23 3,012 --ahs---- c:\windows\System32\drivers\fidbox2.idx
    2009-02-04 15:27 . 2009-02-04 17:48 101,287 --a------ c:\windows\System32\drivers\klin.dat
    2009-02-04 15:27 . 2009-02-04 17:48 89,601 --a------ c:\windows\System32\drivers\klick.dat
    2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
    2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- c:\programdata\Spybot - Search & Destroy
    2009-02-04 13:34 . 2009-02-04 18:29 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-02-04 13:33 . 2009-02-04 13:33 <REP> d-------- c:\program files\CCleaner
    2009-02-04 13:31 . 2009-02-04 13:32 <REP> d-------- c:\users\All Users\Lavasoft
    2009-02-04 13:31 . 2009-02-04 13:32 <REP> d-------- c:\programdata\Lavasoft
    2009-02-04 13:31 . 2009-02-04 18:39 <REP> d-------- c:\program files\Lavasoft
    2009-02-04 03:36 . 2009-02-04 03:36 <REP> d-------- c:\users\All Users\Windows Genuine Advantage
    2009-02-04 03:26 . 2009-02-04 21:22 7,807,008 --ahs---- c:\windows\System32\drivers\fidbox.dat
    2009-02-04 03:26 . 2009-02-04 21:22 92,564 --ahs---- c:\windows\System32\drivers\fidbox.idx
    2009-02-04 02:38 . 2009-02-04 02:38 <REP> d-------- C:\kav
    2009-02-04 02:17 . 2009-02-04 02:17 <REP> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-02-04 02:17 . 2009-02-04 02:17 <REP> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-02-03 23:03 . 2009-02-03 23:03 2 --a------ C:\2124311817
    2009-02-03 22:07 . 2009-02-04 17:33 <REP> d-------- c:\windows\System32\systeme34
    2009-02-03 22:07 . 2009-02-04 18:55 412,902 -rahs---- c:\windows\System32\winjpg.jpg
    2009-02-03 22:06 . 2007-10-19 03:38 1,437,841 --a------ c:\windows\EBP_ComptesBancaires_2008_0_0_51.exe
    2009-02-03 21:59 . 1997-01-22 20:26 565,760 --a------ c:\windows\System32\MSVCP50.DLL
    2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- c:\users\Rom@in\AppData\Roaming\Nero
    2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- c:\users\All Users\Nero
    2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- c:\programdata\Nero
    2009-02-03 21:58 . 2009-02-03 21:58 <REP> d-------- c:\program files\Common Files\Nero
    2009-02-03 21:50 . 2009-02-04 13:46 <REP> d-------- c:\windows\Nero Lite 9.2.6
    2009-02-03 21:50 . 2009-02-03 21:55 <REP> d-------- c:\program files\Nero
    2009-02-02 21:54 . 2009-02-02 21:54 <REP> d-------- c:\users\Rom@in\AppData\Roaming\ArchosLink
    2009-02-02 21:44 . 2009-02-02 21:44 <REP> d-------- c:\program files\Archos
    2009-02-02 12:00 . 2009-02-04 20:27 <REP> d-------- c:\windows\Speeditup Free
    2009-02-02 12:00 . 2009-02-02 12:03 <REP> d-------- c:\program files\Speeditup Free
    2009-01-20 18:12 . 2009-01-20 18:12 <REP> d-------- c:\program files\Electronic Arts
    2009-01-20 12:38 . 2009-01-20 13:27 <REP> d-------- c:\users\Rom@in\AppData\Roaming\Red Alert 3
    2009-01-20 11:48 . 2009-01-20 11:48 7,456 --a------ c:\windows\System32\ealregsnapshot1.reg
    2009-01-14 23:27 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
    2009-01-14 17:35 . 2009-01-14 17:35 <REP> d-------- c:\users\Rom@in\AppData\Roaming\Ubisoft
    2009-01-13 23:47 . 2009-01-13 23:47 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-01-07 11:15 . 2009-01-07 11:15 <REP> d-------- c:\program files\DivX

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-04 20:54 --------- d-----w c:\program files\Total Video Converter
    2009-02-04 20:53 --------- d-----w c:\program files\Screamer Radio
    2009-02-04 20:30 --------- d-----w c:\programdata\Kaspersky Lab
    2009-02-04 19:27 --------- d-----w c:\program files\Steam
    2009-02-04 19:27 --------- d-----w c:\program files\QuickTime
    2009-02-04 19:27 --------- d-----w c:\program files\Opera
    2009-02-04 19:09 --------- d-----w c:\program files\IviCam
    2009-02-04 19:09 --------- d-----w c:\program files\HDReg
    2009-02-04 19:09 --------- d-----w c:\program files\Almacom
    2009-02-04 17:56 --------- d-----w c:\program files\Activision 2
    2009-02-04 14:25 --------- d-----w c:\program files\Kaspersky Lab
    2009-02-04 13:33 --------- d-----w c:\program files\DAEMON Tools
    2009-02-04 01:37 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
    2009-02-03 21:55 --------- d-----w c:\users\Rom@in\AppData\Roaming\LimeWire
    2009-02-03 21:26 --------- d-----w c:\users\Rom@in\AppData\Roaming\dvdcss
    2009-02-03 20:59 --------- d-----w c:\program files\Common Files\Adobe
    2009-02-03 19:59 --------- d-----w c:\program files\LimeWire
    2009-02-03 18:49 --------- d-----w c:\programdata\2DBoy
    2009-02-03 16:48 --------- d-----w c:\program files\JkDefrag
    2009-02-02 11:58 --------- d-----w c:\program files\Google
    2009-02-02 07:51 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-02 07:51 --------- d-----w c:\program files\Ubisoft
    2009-01-29 11:55 --------- d-----w c:\users\Rom@in\AppData\Roaming\Skype
    2009-01-28 16:25 --------- d-----w c:\users\Rom@in\AppData\Roaming\Hamachi
    2009-01-27 21:30 --------- d-----w c:\program files\Common Files\Steam
    2009-01-27 20:33 --------- d-----w c:\program files\Activision
    2009-01-27 20:08 22,328 ----a-w c:\users\Rom@in\AppData\Roaming\PnkBstrK.sys
    2009-01-20 16:19 --------- d-----w c:\programdata\Electronic Arts
    2009-01-20 11:17 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
    2009-01-15 19:24 --------- d-----w c:\program files\Packard Bell
    2009-01-15 19:21 --------- d-----w c:\program files\VirtualDJ
    2009-01-15 19:20 --------- d-----w c:\users\Rom@in\AppData\Roaming\Wallpaper
    2009-01-15 19:20 --------- d-----w c:\program files\Windows Live
    2009-01-15 11:39 --------- d-----w c:\program files\Windows Mail
    2009-01-15 11:38 --------- d-----w c:\programdata\Microsoft Help
    2009-01-14 16:35 --------- d-----w c:\programdata\Ubisoft
    2009-01-12 00:32 --------- d-----w c:\programdata\ma-config.com
    2009-01-12 00:32 --------- d-----w c:\program files\ma-config.com
    2008-12-28 17:56 --------- d-----w c:\program files\HP
    2008-12-28 17:55 --------- d-----w c:\programdata\HP
    2008-12-28 16:09 --------- d-----w c:\programdata\WEBREG
    2008-12-28 16:06 --------- d-----w c:\users\Rom@in\AppData\Roaming\HP
    2008-12-28 15:54 --------- d-----w c:\program files\Common Files\Hewlett-Packard
    2008-12-28 15:51 --------- d-----w c:\programdata\Hewlett-Packard
    2008-12-19 13:15 158,657,136 ----a-w c:\users\Public\tom_clancy_s_rainbow_six_vegas_2_pack_de_trois_cartes_multi-langues_248150.exe
    2008-12-19 13:13 95,700,424 ----a-w c:\users\Public\tom_clancy_s_rainbow_six_vegas_2_patch_v1.03_multi-langues_247890.exe
    2008-12-08 14:09 --------- d-----w c:\users\Rom@in\AppData\Roaming\FileSubmit
    2008-12-01 19:47 30,544 ----a-w c:\windows\dirdib.drv
    2008-12-01 19:47 30,464 ----a-w c:\windows\macromix.dll
    2008-11-24 18:25 302,352 ----a-w c:\windows\System32\MSWNG300.DLL
    2008-11-06 16:35 200,704 ----a-w c:\windows\System32\ssldivx.dll
    2008-11-06 16:35 1,044,480 ----a-w c:\windows\System32\libdivx.dll
    2008-08-12 14:51 174 --sha-w c:\program files\desktop.ini
    2008-08-26 01:00 48,591,904 --sha-w c:\windows\System32\drivers\fidbox(180).dat
    .

    ------- Sigcheck -------

    2008-10-29 07:29 2944000 c42493a773ebb6a1e8d186a224bc4a21 c:\windows\explorer.exe
    2006-11-02 10:45 2940416 ac6816f454eb2a13ec1827c9f41e8aaf c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
    2008-03-07 21:30 2940416 25178ba59d1c4bf07a49bd4f640b40d1 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
    2008-10-29 07:20 2940416 20527022b54a2675948feef222ead5eb c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    2008-03-07 21:30 2940416 11dd113e63f57f0bb1ac009673db9a41 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
    2008-10-28 03:15 2940416 033a1ebd8157d43b60be2c4c1e211bd5 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    2008-01-19 08:33 2944000 8e9d5fdf012f3bb26267267cd046da66 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
    2008-10-29 07:29 2944000 c42493a773ebb6a1e8d186a224bc4a21 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    2008-10-30 04:59 2944512 25f1f13a14ca67c78a8c489889fff089 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

    2006-11-02 10:45 25600 25abc30234606a14d35f0ac6ed07aa78 c:\windows\System32\ctfmon.exe
    2006-11-02 10:45 25600 25abc30234606a14d35f0ac6ed07aa78 c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

    2008-01-19 08:33 41984 80926efb8623fbde9d7f58f6aa287e2b c:\windows\System32\userinit.exe
    2006-11-02 10:45 41472 53c515d9d909829e0bfe1de75965fdb9 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
    2008-01-19 08:33 41984 80926efb8623fbde9d7f58f6aa287e2b c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2009-02-04_21.29.16.02 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-04 20:25:21 221,184 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2009-02-04 21:24:01 221,184 ----a-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
    + 2009-02-02 10:25:36 2,560 ----a-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Mse\ObjBrow.dat
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-10 22:23:35 8,224 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat
    + 2009-02-03 22:03:58 16,384 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2009-02-03 22:04:59 224,639 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1036\StructuredQuerySchema.bin
    + 2009-02-04 20:25:04 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-02-03 22:13:38 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009020320090204\index.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-07 01:14:02 262,144 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\usrclass.dat
    + 2009-02-03 22:04:27 78,924 ----a-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
    + 2009-02-04 20:25:04 49,152 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data
    0
  10. psy
     
    ok donc la g tout fait je vais redémarrer en mode sans échec et lancer malwarebytes mais est-ce que après j pourrai revenir en mode normal?
    0
  11. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Oui le sacn sera très long mais laisse le travailler,

    je reprendrais la suite demain :)

    @+
    0
    1. psy
       
      Malwarebytes' Anti-Malware 1.33
      Version de la base de données: 1728
      Windows 6.0.6001 Service Pack 1

      05/02/2009 00:56:07
      mbam-log-2009-02-05 (00-56-07).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 150845
      Temps écoulé: 1 hour(s), 43 minute(s), 10 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 14
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2FREE.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGAS.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROTTRAY.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVFNSVR.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSRV.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBPROXY.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe (Security.Hijack) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Qoobox\Quarantine\C\Windows\System32\ajsjfukj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\Rom@in\AppData\Local\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Très bien, pour voir ou nous en sommes refais un rapport RSIT mais en lançant cette commande
    Fait Démarrer > Exécuter > et copie colle
    "%userprofile%\bureau\RSIT.exe" /info

    Poste les deux rapports stp que tu retrouveras dans C:\rsit

    @+

    0
    1. psy
       
      salut,
      désolé je me suis absenté donc j'ai fait les deux rapport.
      par ailleurs je pense que le virus win 32 a endommagé mon ordi car maintenant windows instaler ne fonctione plus ainsi que internet explorer et windows media player.mon antivirus kaspersky 2009 trouve le virus win 32 un peu partout a chaque démarrage il le supprime a chaque emplacement mais il est toujours là.

      Logfile of random's system information tool 1.05 (written by random/random)
      Run by Rom@in at 2009-02-10 11:14:31
      Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
      System drive C: has 23 GB (22%) free of 106 GB
      Total RAM: 2046 MB (61% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:15:03, on 10/02/2009
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Unable to get Internet Explorer version!
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Users\Rom@in\Desktop\log virus\RSIT.exe
      C:\Program Files\trend micro\Rom@in.exe
      C:\Windows\system32\msfeedssync.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
      O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
      O13 - Gopher Prefix:
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe (file missing)
      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
      O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
      End of file - 4523 bytes

      ======Scheduled tasks folder======

      C:\Windows\tasks\Extension de garantie.job
      C:\Windows\tasks\User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

      ======Registry dump======

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
      "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-09 4722688]
      "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 142848]
      "ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2009-01-20 1451248]
      "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
      "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iaumkui]
      c:\users\rom@in\appdata\local\iaumkui.exe iaumkui []

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
      C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      C:\Program Files\QuickTime\QTTask.exe -atboottime []

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
      Extension de garantie.job
      SA.DAT
      SCHEDLGU.TXT
      User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

      C:\Users\Rom@in\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
      Extension de garantie.job
      SA.DAT
      SCHEDLGU.TXT
      User_Feed_Synchronization-{C53A5279-79DA-4840-8F85-627569CF8FF5}.job

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
      C:\Windows\system32\klogon.dll [2008-04-25 206088]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "EnableLUA"=0
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1
      "EnableUIADesktopToggle"=0

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=0
      "NoDrives"=0

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDrives"=

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "C:\Windows\system32\wininit.exe"="C:\Windows\system32\wininit.exe:*:enabled:@shell32.dll,-1"
      "C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
      shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
      shell\dinstall\command - F:\Directx\dxsetup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f49e2de-de0e-11dc-8f46-001e8c53b5aa}]
      shell\AutoRun\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
      shell\open\command - G:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{855aaa2d-31fd-11dd-b641-001e8c53b5aa}]
      shell\AutoRun\command - 8ng8w.com
      shell\explore\command - 8ng8w.com
      shell\open\command - 8ng8w.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffc9fae-ef86-11dc-9a14-001e8c53b5aa}]
      shell\AutoRun\command - wd_windows_tools\setup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a389e005-273d-11dd-afa4-001e8c53b5aa}]
      shell\AutoRun\command - 8ng8w.com
      shell\explore\command - 8ng8w.com
      shell\open\command - 8ng8w.com


      ======File associations======

      .js - open -
      .vbs - open -

      ======List of files/folders created in the last 1 months======

      2009-02-06 14:01:04 ----A---- C:\Windows\system32\uxtuneup.dll
      2009-02-05 00:47:15 ----HD---- C:\Windows\msdownld.tmp
      2009-02-04 22:52:02 ----A---- C:\Windows\system32\wscript.exe
      2009-02-04 22:52:02 ----A---- C:\Windows\system32\mshta.exe
      2009-02-04 22:51:05 ----D---- C:\Users\Rom@in\AppData\Roaming\Malwarebytes
      2009-02-04 22:50:41 ----D---- C:\ProgramData\Malwarebytes
      2009-02-04 22:50:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
      2009-02-04 22:28:10 ----A---- C:\ComboFix.txt
      2009-02-04 22:18:01 ----D---- C:\ComboFix
      2009-02-04 21:21:07 ----D---- C:\Windows\temp
      2009-02-04 21:18:04 ----A---- C:\Windows\zip.exe
      2009-02-04 21:18:04 ----A---- C:\Windows\VFIND.exe
      2009-02-04 21:18:04 ----A---- C:\Windows\SWXCACLS.exe
      2009-02-04 21:18:04 ----A---- C:\Windows\sed.exe
      2009-02-04 21:18:04 ----A---- C:\Windows\grep.exe
      2009-02-04 21:18:04 ----A---- C:\Windows\fdsv.exe
      2009-02-04 21:17:55 ----D---- C:\Windows\ERDNT
      2009-02-04 21:17:55 ----D---- C:\Qoobox
      2009-02-04 20:46:15 ----D---- C:\Program Files\trend micro
      2009-02-04 20:46:14 ----D---- C:\rsit
      2009-02-04 19:04:28 ----A---- C:\Windows\system32\TuneUpDefragService.exe
      2009-02-04 13:34:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
      2009-02-04 13:34:29 ----D---- C:\Program Files\Spybot - Search & Destroy
      2009-02-04 13:33:01 ----D---- C:\Program Files\CCleaner
      2009-02-04 13:31:54 ----D---- C:\Program Files\Lavasoft
      2009-02-04 13:31:53 ----D---- C:\ProgramData\Lavasoft
      2009-02-04 03:36:21 ----D---- C:\ProgramData\Windows Genuine Advantage
      2009-02-04 02:38:39 ----D---- C:\kav
      2009-02-04 02:17:42 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
      2009-02-03 22:07:32 ----D---- C:\Windows\system32\systeme34
      2009-02-03 22:06:48 ----A---- C:\Windows\EBP_ComptesBancaires_2008_0_0_51.exe
      2009-02-03 21:59:37 ----A---- C:\Windows\system32\MSVCP50.DLL
      2009-02-03 21:58:11 ----D---- C:\Program Files\Common Files\Nero
      2009-02-03 21:58:10 ----D---- C:\Users\Rom@in\AppData\Roaming\Nero
      2009-02-03 21:58:02 ----D---- C:\ProgramData\Nero
      2009-02-03 21:50:23 ----D---- C:\Windows\Nero Lite 9.2.6
      2009-02-03 21:50:20 ----D---- C:\Program Files\Nero
      2009-02-02 22:34:49 ----A---- C:\Windows\system32\75bda9d8-.txt
      2009-02-02 21:54:28 ----D---- C:\Users\Rom@in\AppData\Roaming\ArchosLink
      2009-02-02 21:44:34 ----D---- C:\Program Files\Archos
      2009-02-02 12:00:17 ----D---- C:\Windows\Speeditup Free
      2009-02-02 12:00:17 ----D---- C:\Program Files\Speeditup Free
      2009-01-20 18:12:23 ----D---- C:\Program Files\Electronic Arts
      2009-01-20 12:38:29 ----D---- C:\Users\Rom@in\AppData\Roaming\Red Alert 3
      2009-01-14 17:35:49 ----D---- C:\Users\Rom@in\AppData\Roaming\Ubisoft

      ======List of files/folders modified in the last 1 months======

      2009-02-10 11:12:21 ----D---- C:\Windows
      2009-02-10 11:11:29 ----D---- C:\Program Files\Mozilla Firefox
      2009-02-10 11:09:19 ----D---- C:\Windows\Prefetch
      2009-02-10 11:07:09 ----D---- C:\ProgramData\Kaspersky Lab
      2009-02-10 10:34:34 ----AD---- C:\Windows\System32
      2009-02-10 01:32:51 ----D---- C:\Program Files\Steam
      2009-02-09 22:18:04 ----D---- C:\Users\Rom@in\AppData\Roaming\LimeWire
      2009-02-09 19:14:22 ----SHD---- C:\System Volume Information
      2009-02-09 13:32:40 ----D---- C:\Program Files\WinRAR
      2009-02-08 21:34:30 ----RD---- C:\Program Files
      2009-02-08 21:16:09 ----SHD---- C:\Windows\oem
      2009-02-08 21:16:04 ----D---- C:\Program Files\Internet Explorer
      2009-02-08 12:09:37 ----D---- C:\Users\Rom@in\AppData\Roaming\dvdcss
      2009-02-08 11:33:21 ----D---- C:\Program Files\Activision
      2009-02-06 22:27:18 ----D---- C:\Program Files\JkDefrag
      2009-02-06 14:00:22 ----D---- C:\Windows\system32\fr-FR
      2009-02-06 14:00:22 ----D---- C:\Windows\system32\en-US
      2009-02-06 08:57:36 ----D---- C:\Program Files\Common Files\Steam
      2009-02-05 01:58:42 ----D---- C:\Windows\system32\Tasks
      2009-02-05 01:32:46 ----SHD---- C:\boot
      2009-02-05 01:32:45 ----D---- C:\Windows\system32\config
      2009-02-04 22:51:01 ----D---- C:\Windows\system32\drivers
      2009-02-04 22:50:41 ----HD---- C:\ProgramData
      2009-02-04 22:24:17 ----A---- C:\Windows\system.ini
      2009-02-04 22:21:39 ----D---- C:\Windows\AppPatch
      2009-02-04 22:21:39 ----D---- C:\Program Files\Common Files
      2009-02-04 21:54:21 ----D---- C:\Program Files\Total Video Converter
      2009-02-04 21:53:32 ----D---- C:\Program Files\Screamer Radio
      2009-02-04 20:27:43 ----D---- C:\Windows\system32\URTTEMP
      2009-02-04 20:27:29 ----D---- C:\Windows\BisonCam
      2009-02-04 20:27:19 ----D---- C:\Program Files\QuickTime
      2009-02-04 20:27:17 ----D---- C:\Program Files\Opera
      2009-02-04 20:09:19 ----D---- C:\Program Files\IviCam
      2009-02-04 20:09:17 ----D---- C:\Program Files\HDReg
      2009-02-04 20:09:01 ----D---- C:\Program Files\Almacom
      2009-02-04 19:04:42 ----D---- C:\Windows\Tasks
      2009-02-04 18:57:53 ----D---- C:\Windows\system32\catroot2
      2009-02-04 18:57:34 ----D---- C:\Program Files\Windows Media Player
      2009-02-04 18:56:21 ----D---- C:\Program Files\Activision 2
      2009-02-04 18:39:18 ----SHD---- C:\Windows\Installer
      2009-02-04 18:39:17 ----HD---- C:\Config.Msi
      2009-02-04 18:36:08 ----DC---- C:\Windows\system32\DRVSTORE
      2009-02-04 17:17:39 ----D---- C:\Windows\system32\WDI
      2009-02-04 15:26:20 ----D---- C:\Windows\system32\catroot
      2009-02-04 15:26:20 ----D---- C:\Windows\inf
      2009-02-04 15:25:15 ----D---- C:\Program Files\Kaspersky Lab
      2009-02-04 14:33:55 ----D---- C:\Program Files\DAEMON Tools
      2009-02-04 13:42:55 ----D---- C:\Windows\Debug
      2009-02-04 13:31:48 ----D---- C:\Windows\winsxs
      2009-02-04 02:37:04 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
      2009-02-04 02:14:38 ----RD---- C:\Users
      2009-02-03 23:05:00 ----SHD---- C:\$Recycle.Bin
      2009-02-03 21:59:58 ----RSD---- C:\Windows\Fonts
      2009-02-03 21:59:36 ----D---- C:\Program Files\Common Files\Adobe
      2009-02-03 21:59:36 ----D---- C:\Program Files\Adobe
      2009-02-03 20:59:33 ----D---- C:\Program Files\LimeWire
      2009-02-03 19:49:48 ----D---- C:\ProgramData\2DBoy
      2009-02-02 16:42:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
      2009-02-02 12:58:18 ----D---- C:\Program Files\Google
      2009-02-02 12:48:21 ----D---- C:\ProgramData\Google
      2009-02-02 11:56:05 ----D---- C:\PerfLogs
      2009-02-02 08:51:45 ----HD---- C:\Program Files\InstallShield Installation Information
      2009-02-02 08:51:45 ----D---- C:\Program Files\Ubisoft
      2009-01-29 12:55:27 ----D---- C:\Users\Rom@in\AppData\Roaming\Skype
      2009-01-28 17:25:01 ----D---- C:\Users\Rom@in\AppData\Roaming\Hamachi
      2009-01-27 22:08:00 ----RSD---- C:\Windows\assembly
      2009-01-20 17:19:48 ----D---- C:\ProgramData\Electronic Arts
      2009-01-20 12:17:46 ----A---- C:\Windows\system32\CmdLineExt.dll
      2009-01-15 20:24:08 ----D---- C:\Program Files\Packard Bell
      2009-01-15 20:21:06 ----D---- C:\Program Files\VirtualDJ
      2009-01-15 20:20:52 ----D---- C:\Users\Rom@in\AppData\Roaming\Wallpaper
      2009-01-15 20:20:33 ----D---- C:\Program Files\Windows Live
      2009-01-15 12:39:10 ----D---- C:\Program Files\Windows Mail
      2009-01-15 12:38:54 ----D---- C:\ProgramData\Microsoft Help
      2009-01-14 17:35:49 ----D---- C:\ProgramData\Ubisoft
      2009-01-12 01:32:24 ----D---- C:\ProgramData\ma-config.com
      2009-01-12 01:32:24 ----D---- C:\Program Files\ma-config.com

      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-11-03 112144]
      R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-02-04 224272]
      R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
      R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
      R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-11-05 670208]
      R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
      R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
      R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
      R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-25 2609152]
      R3 Cam5603D;USB2.0 350K WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-28 847536]
      R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
      R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
      R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
      R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-10 1941848]
      R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
      R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-23 50176]
      R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
      R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
      S3 ahhsi8qd;ahhsi8qd; C:\Windows\system32\drivers\ahhsi8qd.sys []
      S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
      S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
      S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
      S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
      S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
      S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-11-05 25280]
      S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
      S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
      S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
      S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
      S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
      S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
      S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
      S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
      S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
      S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
      S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

      ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
      R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-05-25 602112]
      R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-04 201992]
      R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
      R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
      R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
      R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
      R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
      S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
      S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
      S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
      S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
      S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-06 316664]
      S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
      S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-02-04 355584]
      S4 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
      S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

      -----------------EOF-----------------



      malwarebytes:


      Malwarebytes' Anti-Malware 1.33
      Version de la base de données: 1729
      Windows 6.0.6001 Service Pack 1

      09/02/2009 16:37:13
      mbam-log-2009-02-09 (16-37-13).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|F:\|J:\|)
      Eléments examinés: 152361
      Temps écoulé: 1 hour(s), 22 minute(s), 21 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  13. psy
     
    salut,
    désolé je me suis absenté donc j'ai fait les deux rapport.
    par ailleurs je pense que le virus win 32 a endommagé mon ordi car maintenant windows instaler ne fonctione plus ainsi que internet explorer et windows media player.mon antivirus kaspersky 2009 trouve le virus win 32 un peu partout a chaque démarrage il le supprime a chaque emplacement mais il est toujours là.

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Rom@in at 2009-02-10 11:14:31
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 23 GB (22%) free of 106 GB
    Total RAM: 2046 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:15:03, on 10/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Rom@in\Desktop\log virus\RSIT.exe
    C:\Program Files\trend micro\Rom@in.exe
    C:\Windows\system32\msfeedssync.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    0
  14. psy
     
    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Rom@in at 2009-02-11 12:36:24
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 25 GB (23%) free of 106 GB
    Total RAM: 2046 MB (57% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:36:51, on 11/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Rom@in\Desktop\RSIT.exe
    C:\Program Files\trend micro\Rom@in.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Excuse moi pour la réponse tardive des soucis avec mon FAI

    Fait ceci car tu as toujours des fichiers néfastes

    Télécharge OTMoveIt3 (de Old_Timer).
    http://oldtimer.geekstogo.com/OTMoveIt3.exe
    Enregistre-le sur ton Bureau.

    - Double-clique sur OTMoveit3.exe pour le lancer.
    ( Si tu es sous Vista, click droit sur l'icone d'OTMoveIt3 --> exécuter en tant qu'administrateur pour le lancer )
    - Vérifie que l'option Unregister Dll's and Ocx's est cochée.
    - Copie la liste qui se trouve dans la zone code ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste instructions for Items to be Moved.

    Code:
    :Processes
    explorer.exe

    :Files
    C:\Windows\TEMP\winlognn.exe
    C:\Windows\system32\systeme34

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

    - Clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaitra dans le cadre "Results".
    - Copie toute la sélection apparaissant dans ce cadre Résults. Colle ce rapport dans ton prochain message.
    - Clique sur Exit pour fermer.
    - Si tu ne trouves plus le rapport,c'est un fichier .log qui se trouve en C:\_OTMoveIt\MovedFiles.

    Remarque : Il est possible qu'il te soit demandé de redémarrer ton ordinateur pour supprimer les fichiers.
    Accepte. Dans ce cas, après redémarrage, tu trouveras justement le rapport dans le dossier C:\_OTMoveIt\MovedFiles.

    Ensuite
    Ensuite fait: Démarrer > Exécuter > tape cmd (Ok)

    - Dans la fenêtre DOS, taper chacune des lignes suivantes, une à une et très exactement, en validant avec [Entrée] après chacune :

    sc stop "CLTNetCnService" [Entrée]

    sc delete "CLTNetCnService" [Entrée]

    Ensuite vérifie si tu trouve
    C:\Program Files\Common Files\Symantec Shared

    si oui supprime.

    @+

    0
  16. Psy
     
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder C:\Windows\TEMP\winlognn.exe not found.
    C:\Windows\system32\systeme34 moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\Users\Rom@in\AppData\Local\Temp\etilqs_JpdbtephA0sA9eQJNOf3 scheduled to be deleted on reboot.
    File delete failed. C:\Users\Rom@in\AppData\Local\Temp\~DF2174.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\Rom@in\AppData\Local\Temp\~DF217B.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\Rom@in\AppData\Local\Temp\~DFD3D.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\Rom@in\AppData\Local\Temp\~DFD44.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\Windows\temp\cch~1490c7bd6.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~1490c98fc.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~1499867fc.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~149989719.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~1499d4386.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~1499d5fb7.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~149dc303f.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~149dc4be4.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~149e246c9.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~149e27aa1.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~14a35a26c.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~14a35d05c.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~14dc2660e.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~14dc281c1.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~1d2e6d2cb.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~1d2e6eeaf.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~33fa2fec.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~33fe8327.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~8f92b487.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\cch~8f92cf8b.htp scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\WER668F.tmp.version.txt scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\WER669F.tmp.appcompat.txt scheduled to be deleted on reboot.
    File delete failed. C:\Windows\temp\WER66CF.tmp.hdmp scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Opera cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02152009_214225

    Files moved on Reboot...
    File C:\Users\Rom@in\AppData\Local\Temp\etilqs_JpdbtephA0sA9eQJNOf3 not found!
    File C:\Users\Rom@in\AppData\Local\Temp\~DF2174.tmp not found!
    File C:\Users\Rom@in\AppData\Local\Temp\~DF217B.tmp not found!
    File C:\Users\Rom@in\AppData\Local\Temp\~DFD3D.tmp not found!
    File C:\Users\Rom@in\AppData\Local\Temp\~DFD44.tmp not found!
    File C:\Windows\temp\cch~1490c7bd6.htp not found!
    File C:\Windows\temp\cch~1490c98fc.htp not found!
    File C:\Windows\temp\cch~1499867fc.htp not found!
    File C:\Windows\temp\cch~149989719.htp not found!
    File C:\Windows\temp\cch~1499d4386.htp not found!
    File C:\Windows\temp\cch~1499d5fb7.htp not found!
    File C:\Windows\temp\cch~149dc303f.htp not found!
    File C:\Windows\temp\cch~149dc4be4.htp not found!
    File C:\Windows\temp\cch~149e246c9.htp not found!
    File C:\Windows\temp\cch~149e27aa1.htp not found!
    File C:\Windows\temp\cch~14a35a26c.htp not found!
    File C:\Windows\temp\cch~14a35d05c.htp not found!
    File C:\Windows\temp\cch~14dc2660e.htp not found!
    File C:\Windows\temp\cch~14dc281c1.htp not found!
    File C:\Windows\temp\cch~1d2e6d2cb.htp not found!
    File C:\Windows\temp\cch~1d2e6eeaf.htp not found!
    File C:\Windows\temp\cch~33fa2fec.htp not found!
    File C:\Windows\temp\cch~33fe8327.htp not found!
    File C:\Windows\temp\cch~8f92b487.htp not found!
    File C:\Windows\temp\cch~8f92cf8b.htp not found!
    File C:\Windows\temp\WER668F.tmp.version.txt not found!
    File C:\Windows\temp\WER669F.tmp.appcompat.txt not found!
    File C:\Windows\temp\WER66CF.tmp.hdmp not found!
    C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\urlclassifier3.sqlite moved successfully.
    C:\Users\Rom@in\AppData\Local\Mozilla\Firefox\Profiles\ae1eae33.default\XUL.mfl moved successfully.
    0
  17. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    pour commencer

    Télécharge CCleaner
    https://filehippo.com/download_ccleaner/
    => Aide toi de ce tuto pour l'utiliser
    http://www.swl1f.net/viewtopic.php?f=14&t=69

    Ensuite

    * Télécharge malwarebytes
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    Une aide pour l'installation
    http://www.swl1f.net/viewtopic.php?f=14&t=68

    => Installe le
    => Ensuite va en mode sans echec

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

    => Lance malwarebytes
    => Coche "Executer un examen complet"
    => Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
    => Clique sur Supprimer la sélection
    => Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
    => Fait copier coller et poste le rapport

    ensuite

    fait un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    Scan à faire sous Internet Explorer

    et accepte le contrôle activeX de IE

    ensuite un nouveau rapport hijack stp
    @+
    0
  18. psy
     
    Je suis Vraiment Désolé de t'avoir fait patienter aussi longtemps mais g u un empêchement.
    je vais redémarrer en mode sans échec pour faire ta manipulation car maintenant c'est de pire en pire je n'ai plus windows installer et quand g ouvert ma session tout avait disparu plus de données perso plus de fond d'écran plus de bureau mozilla a revenu au mode initial tt mes marques pages supprimés et je ne peut plus travaille.je te remercie pour tes conseil et ta patience.
    je te poste les raports.

    .
    0
  19. psy
     
    j'avais oublié internet explorer ne marche plus depuis que j'ai c'est problème de virus et g essayer de le réinstaller mais windows installer ne fonctionne plus donc je vais le faire sous mozzilla.en attendant ta reponse
    0
  20. psy
     
    voila les deux rapports: malware et RSIT

    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1729
    Windows 6.0.6001 Service Pack 1

    02/03/2009 13:17:25
    mbam-log-2009-03-02 (13-17-25).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|J:\|)
    Eléments examinés: 156247
    Temps écoulé: 42 minute(s), 42 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12c9eb50-9928-48cc-8dce-4134363995dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xjvsczhr (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{12c9eb50-9928-48cc-8dce-4134363995dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\akwrcfap (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\akwrcfap (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\akwrcfap (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12c9eb50-9928-48cc-8dce-4134363995dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Windows\System32\tyrsdwr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Users\Rom@in\Local Settings\Application Data\mlkaxwdc_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\Rom@in\Local Settings\Application Data\mlkaxwdc_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\Rom@in\Local Settings\Application Data\mlkaxwdc.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\Rom@in\Local Settings\Application Data\mlkaxwdc.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.

    ...............................................................................................................................................................

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Rom@in at 2009-03-02 14:18:53
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 25 GB (23%) free of 106 GB
    Total RAM: 2046 MB (67% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:19:08, on 02/03/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Explorer.exe
    C:\Users\Rom@in\Desktop\log virus\RSIT.exe
    C:\Program Files\trend micro\Rom@in.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [mlkaxwdc] "c:\users\rom@in\appdata\local\mlkaxwdc.exe" mlkaxwdc
    O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\Windows\TEMP\winlognn.exe (User 'Default user')
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\System32\msiexec.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    0
  21. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir,

    de nouvelle infection !!

    Télécharge sur le Bureau :navilog.exe De IL-MAFIOSO
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    = installe le
    = Double-Clic Sur Navilog1 qui est sur le bureau
    = Appuyer sur une touche jusqu' arriver aux options
    = Choisir option 1 ( = taper 1 )
    ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

    le rapport se trouve dans c: fixnavi.txt

    Postes ce rapport stp.

    @+

    0
  • 1
  • 2