Un virus ouvre mon disc c au demarrage

apres tout je dois suprimer me raport ou les 2 fichier text afficher? svp

log.txt rapport
Logfile of random's system information tool 1.05 (written by random/random)
Run by FOFANA ALASSANE at 2009-03-02 14:53:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 4 GB (7%) free of 67 GB
Total RAM: 1014 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:51, on 02/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Documents and Settings\FOFANA ALASSANE\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\FOFANA ALASSANE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = MINUSTAH-LNLC:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
O1 - Hosts: .adcnt td {text-align:left;}
O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}
O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
O1 - Hosts: .ybadge img {margin-top:6px;}
O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div id="maincnt">
O1 - Hosts: <div class="geohead"><div id="geologo"><a href="https://smallbusiness.yahoo.com/"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>
O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="https://smallbusiness.yahoo.com/">GeoCities Home</a> - <a href="https://fr.yahoo.com/?p=us">Yahoo!</a> - <a href="https://help.yahoo.com/kb/account">Help</a></div>
O1 - Hosts: </div></div>
O1 - Hosts: <div class="bodywrap">
O1 - Hosts: <div class="bodycnt">
O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>
O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>
O1 - Hosts: <p>Are you the site owner?
O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!
O1 - Hosts: <a href="https://help.yahoo.com/kb/account" target="_blank">Find out how.</a> </p>
O1 - Hosts: <p><a href="https://help.yahoo.com/kb/account" target="_blank">Learn more about data transfer.</a></p>
O1 - Hosts: </div>
O1 - Hosts: <div class="adcnt">
O1 - Hosts: <a target="_top" href="https://smallbusiness.yahoo.com/"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27166/*https://smallbusiness.yahoo.com/hosting" target="_blank">Yahoo! Web Hosting<br>
O1 - Hosts: $25 Setup Waived</a></div>
O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27166/*https://smallbusiness.yahoo.com/hosting" target="_blank">webhosting.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27176/*https://smallbusiness.yahoo.com/domains" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27176/*https://smallbusiness.yahoo.com/domains" target="_blank">domains.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27184/*https://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>
O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>
O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=27184/*https://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=/27190/*https://smallbusiness.yahoo.com/stores" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>
O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="https://fr.yahoo.com/?p=us*http://us.rd.yahoo.com/evt=/27190/*https://smallbusiness.yahoo.com/stores" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ybadge">
O1 - Hosts: Get your own web site at <br><a target="_top" href="https://smallbusiness.yahoo.com/">Yahoo! GeoCities</a>
O1 - Hosts: <a href="https://smallbusiness.yahoo.com/hosting" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class=ftr>
O1 - Hosts: <hr size=1 width=100%>
O1 - Hosts: Copyright ©
O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>
O1 - Hosts: <a href="https://www.verizonmedia.com/policies/">Privacy Policy</a>
O1 - Hosts: - <a href="https://fr.yahoo.com/?p=us">Copyright Policy</a>
O1 - Hosts: - <a href="https://fr.yahoo.com/?p=us">Guidelines</a>
O1 - Hosts: - <a href="https://fr.yahoo.com/?p=us">Terms of Service</a>
O1 - Hosts: - <a href="https://help.yahoo.com/kb/account">Help</a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1169804264&f=us-w57" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System\svchost.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System\dumprep.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06FDXRC_2042390] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\FOFANA ALASSANE\Local Settings\Application Data\br4743on.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus-1860] "C:\Documents and Settings\FOFANA ALASSANE\Local Settings\Application Data\br4743on.exe" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com/
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{40D61360-6418-4571-B673-724E64515DAB}: NameServer = 208.74.112.97
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C745AD0-C47D-498F-8349-C5D3B4C7BD7A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{40D61360-6418-4571-B673-724E64515DAB}: NameServer = 208.74.112.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{40D61360-6418-4571-B673-724E64515DAB}: NameServer = 208.74.112.97
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SarkoService (SarkophageService) - Unknown owner - C:\WINDOWS\system32\srksrv.exe (file missing)
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe

merci je suis en train de scanner avec ravantivirus, mais je n'arrive pas a telecharger http://siri.urz.free.fr/RHosts.php merci

oui mais rav prends du temps pour le scanage
.

oui mais il trouve des MDM.EXE et les suprime.je vais arreté parce que ça fais 3h de temps

RAPPORT
ComboFix 09-03-01.01 - FOFANA ALASSANE 2009-03-02 20:04:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.512 [GMT 0:00]
Running from: c:\documents and settings\FOFANA ALASSANE\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
[color=purple]The following files were disabled during the run:[/color]
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\videosoft
c:\program files\videosoft\Shared Files\ViewRep7.dll
c:\program files\videosoft\Shared Files\Vsflex7.ocx
c:\program files\videosoft\Shared Files\VSPRINT7.ocx
c:\program files\videosoft\Shared Files\VSStr7.ocx
c:\windows\system\svchost.exe
c:\windows\system32\_000111_.tmp.dll
c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-03-02 14:53 . 2009-03-02 14:53 <DIR> d-------- C:\rsit
2009-02-15 15:18 . 2009-02-15 15:18 <DIR> d-------- c:\documents and settings\visiteur\Application Data\GTek
2009-02-11 21:13 . 2009-02-15 14:16 <DIR> d-------- c:\program files\Larousse
2009-02-11 21:10 . 2009-02-11 21:10 <DIR> d-------- c:\program files\Votre santé au quotidien
2009-02-10 21:13 . 2009-02-10 21:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 20:02 --------- d-----w c:\program files\SuperCopier2
2009-03-02 16:26 --------- d-----w c:\program files\Alwil Software
2009-03-02 15:32 --------- d-----w c:\program files\Google
2009-02-15 14:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 19:43 155,995 ----a-w c:\windows\java\Packages\KNP7T73P.ZIP
2009-01-16 21:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-12 20:10 --------- d-----w c:\program files\Huawei technologies
2009-01-12 14:52 --------- d-----w c:\documents and settings\FOFANA ALASSANE\Application Data\Media Player Classic
2009-01-11 22:57 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 11:57 333,184 ------w c:\windows\system32\dllcache\srv.sys
2006-08-05 21:48 65,016 -c--a-w c:\documents and settings\FOFANA ALASSANE\Application Data\GDIPFONTCACHEV1.DAT
2006-06-24 19:35 0 -c--a-w c:\documents and settings\FOFANA ALASSANE\Application Data\wklnhst.dat
2001-05-24 12:59 162,304 ----a-w c:\program files\UNWISE.EXE
2007-11-28 19:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-04-05 10:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007031920070326\index.dat
2007-04-05 10:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007040520070406\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"E06FDXRC_2042390"="c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" [2005-06-04 301776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 68856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]
"DetectorApp"="c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 102400]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-05-18 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-04-13 151552]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-04-13 192512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-09-01 221184]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-09-07 434176]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-09-07 05:39 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-22 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-04 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mrle"= mrle32.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"VIDC.X264"= x264vfw.dll
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
--a------ 2006-09-17 08:32 978944 c:\program files\Athan\Athan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FDXRC_2898984]
--a------ 2005-06-04 16:03 301776 c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FDXRC_3463031]
--a------ 2005-06-04 16:03 301776 c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-01-18 16:07 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 16:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2006-07-07 16:45 1052672 c:\program files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-10 10:50 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus]
--a------ 2005-06-04 16:03 301776 c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\Image Zone Express\\HP_IZE.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

S2 SarkophageService;SarkoService;c:\windows\system32\srksrv.exe --> c:\windows\system32\srksrv.exe [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e9a0e6-522c-11dc-8718-001636379833}]
\Shell\Auto\command - wscript "esta ig.vbs"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d05bcef-0a38-11dd-87f5-001636379833}]
\Shell\AutoRun\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2367cf50-bf8e-11dd-887d-001636379833}]
\Shell\AutoRun\command - e8kj.exe
\Shell\explore\Command - e8kj.exe
\Shell\open\Command - e8kj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23f2c526-fd21-11dd-88d9-001636379833}]
\Shell\AutoRun\command - F:\g.com
\Shell\explore\Command - F:\g.com
\Shell\open\Command - F:\g.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dcbea86-f6b3-11dc-87e7-001636379833}]
\Shell\Auto\command - F:\auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e11e622-ed30-11dc-87d2-001636379833}]
\Shell\AutoRun\command - H:\t.com
\Shell\explore\Command - H:\t.com
\Shell\open\Command - H:\t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b93d322-f29b-11dc-87b4-001636379833}]
\Shell\AutoRun\command - F:\x.com
\Shell\explore\Command - F:\x.com
\Shell\open\Command - F:\x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b71e2aef-9105-11dc-8792-001636379833}]
\Shell\AutoRun\command - F:\e9ehn1m8.com
\Shell\explore\Command - F:\e9ehn1m8.com
\Shell\open\Command - F:\e9ehn1m8.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bde7ac28-8bb7-11dc-8753-001636379833}]
\Shell\Auto\command - wscript "Sex City.jpg.wsf"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1c64290-9a2b-11dd-8858-001636379833}]
\Shell\AutoRun\command - F:\e9ehn1m8.com
\Shell\explore\Command - F:\e9ehn1m8.com
\Shell\open\Command - F:\e9ehn1m8.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfd33b42-1522-11dd-8809-001636379833}]
\Shell\AutoRun\command - F:\b.com
\Shell\explore\Command - F:\b.com
\Shell\open\Command - F:\b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d19b9a22-9c64-11dd-8859-001636379833}]
\Shell\AutoRun\command - F:\e9ehn1m8.com
\Shell\explore\Command - F:\e9ehn1m8.com
\Shell\open\Command - F:\e9ehn1m8.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3df1079-0ec7-11dd-8803-001636379833}]
\Shell\AutoRun\command - F:\b.com
\Shell\explore\Command - F:\b.com
\Shell\open\Command - F:\b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a3111a-11bb-11dc-86d7-001636379833}]
\Shell\AutoRun\command - RavMon.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe []

2007-11-28 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 18:55]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-FrameWorkService - (no file)
HKU-Default-Run-Tok-Cirrhatus-1860 - c:\documents and settings\FOFANA ALASSANE\Local Settings\Application Data\br4743on.exe
HKU-Default-Run-Tok-Cirrhatus - (no file)
ShellExecuteHooks-{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2} - WDShell
MSConfigStartUp-amva - c:\windows\system32\amvo.exe
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
MSConfigStartUp-DumpTeam - c:\new folder\DumpTeam_Pack_v4.5a6.exe
MSConfigStartUp-FIXEDFON - c:\windows\system32\Win32.vbs
MSConfigStartUp-kamsoft - c:\windows\system32\ckvo.exe
MSConfigStartUp-System12 - c:\windows\system32\ne0kS.exe
MSConfigStartUp-System64 - c:\windows\system32\ne0kS.dll.wsf


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.daemonsearch.com/intl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = MINUSTAH-LNLC:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: {40D61360-6418-4571-B673-724E64515DAB} = 208.74.112.97
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\FOFANA ALASSANE\Application Data\Mozilla\Firefox\Profiles\a1j4aw9h.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 20:06:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????3?9?5?0??P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\FOFANA~1\LOCALS~1\Temp\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3716978934-3878395076-921696528-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-02 20:08:52
ComboFix-quarantined-files.txt 2009-03-02 20:08:50

Pre-Run: 4 633 051 136 bytes free
Post-Run: 4,698,607,616 bytes free

265 --- E O F --- 2009-03-01 18:37:55

JE N4ARRIVE PAS A TELECHARGER http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

rapport

ComboFix 09-03-01.01 - FOFANA ALASSANE 2009-03-02 20:46:58.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.563 [GMT 0:00]
Running from: c:\documents and settings\FOFANA ALASSANE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\FOFANA ALASSANE\Desktop\CFscript
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\docume~1\FOFANA~1\LOCALS~1\Temp\mc21.tmp
F:\auto.exe
F:\b.com
F:\e9ehn1m8.com
F:\g.com
F:\start.exe
F:\x.com
H:\t.com
.
[color=purple]The following files were disabled during the run:[/color]
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\program files\SuperCopier2\SC2Hook.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\recycler\desktop.ini
f:\recycler\Recycler.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-03-02 14:53 . 2009-03-02 14:53 <DIR> d-------- C:\rsit
2009-02-15 15:18 . 2009-02-15 15:18 <DIR> d-------- c:\documents and settings\visiteur\Application Data\GTek
2009-02-11 21:13 . 2009-02-15 14:16 <DIR> d-------- c:\program files\Larousse
2009-02-11 21:10 . 2009-02-11 21:10 <DIR> d-------- c:\program files\Votre santé au quotidien
2009-02-10 21:13 . 2009-02-10 21:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 20:45 --------- d-----w c:\program files\SuperCopier2
2009-03-02 16:26 --------- d-----w c:\program files\Alwil Software
2009-03-02 15:32 --------- d-----w c:\program files\Google
2009-02-15 14:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 19:43 155,995 ----a-w c:\windows\java\Packages\KNP7T73P.ZIP
2009-01-16 21:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-12 20:10 --------- d-----w c:\program files\Huawei technologies
2009-01-12 14:52 --------- d-----w c:\documents and settings\FOFANA ALASSANE\Application Data\Media Player Classic
2009-01-11 22:57 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 11:57 333,184 ------w c:\windows\system32\dllcache\srv.sys
2006-08-05 21:48 65,016 -c--a-w c:\documents and settings\FOFANA ALASSANE\Application Data\GDIPFONTCACHEV1.DAT
2006-06-24 19:35 0 -c--a-w c:\documents and settings\FOFANA ALASSANE\Application Data\wklnhst.dat
2001-05-24 12:59 162,304 ----a-w c:\program files\UNWISE.EXE
2007-11-28 19:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-04-05 10:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007031920070326\index.dat
2007-04-05 10:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007040520070406\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"E06FDXRC_2042390"="c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" [2005-06-04 301776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 68856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784]
"DetectorApp"="c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 102400]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-05-18 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-04-13 151552]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-04-13 192512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-09-01 221184]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-09-07 434176]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-09-07 05:39 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-22 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-04 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mrle"= mrle32.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"VIDC.X264"= x264vfw.dll
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
--a------ 2006-09-17 08:32 978944 c:\program files\Athan\Athan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FDXRC_2898984]
--a------ 2005-06-04 16:03 301776 c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06FDXRC_3463031]
--a------ 2005-06-04 16:03 301776 c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-01-18 16:07 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 16:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2006-07-07 16:45 1052672 c:\program files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-10 10:50 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus]
--a------ 2005-06-04 16:03 301776 c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\Image Zone Express\\HP_IZE.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

S2 SarkophageService;SarkoService;c:\windows\system32\srksrv.exe --> c:\windows\system32\srksrv.exe [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe []

2007-11-28 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 18:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.daemonsearch.com/intl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = MINUSTAH-LNLC:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: {40D61360-6418-4571-B673-724E64515DAB} = 208.74.112.97
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\FOFANA ALASSANE\Application Data\Mozilla\Firefox\Profiles\a1j4aw9h.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 20:50:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????3?9?5?0??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3716978934-3878395076-921696528-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Completion time: 2009-03-02 20:52:28
ComboFix-quarantined-files.txt 2009-03-02 20:52:25
ComboFix2.txt 2009-03-02 20:08:53

Pre-Run: 4 672 307 200 bytes free
Post-Run: 4,657,147,904 bytes free

200 --- E O F --- 2009-03-01 18:37:55

slut, j'ai une carte memoire de 2GO qui est devenu inacessible depuis hier, je ne peux meme pas l'analyser avec un mon kasperky tu peux m'aider stp

ok je le fait

rapport de combfix
ComboFix 09-03-01.01 - Joseph 2009-03-04 15:39:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.840 [GMT 0:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-02-28 18:29 . 2008-06-20 01:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-28 18:29 . 2008-06-20 01:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-28 18:29 . 2008-06-20 01:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-28 18:29 . 2008-06-20 01:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-28 18:29 . 2008-06-20 01:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-28 18:29 . 2008-06-20 01:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-28 18:29 . 2008-06-20 01:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-28 18:29 . 2008-06-20 01:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-28 18:19 . 2008-07-27 18:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-28 18:19 . 2008-07-27 18:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-28 18:19 . 2008-07-27 18:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-28 18:19 . 2008-07-27 18:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-28 18:19 . 2008-07-27 18:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-28 16:28 . 2009-02-28 16:28 <DIR> d-------- c:\program files\WinSCP
2009-02-26 14:55 . 2009-02-26 15:02 <DIR> d-------- C:\NVIDIA
2009-02-26 13:18 . 2009-02-26 13:18 <DIR> d-------- c:\program files\DIFX
2009-02-26 12:35 . 2009-02-26 12:35 <DIR> d-------- c:\users\All Users\ma-config.com
2009-02-26 12:35 . 2009-02-26 12:35 <DIR> d-------- c:\programdata\ma-config.com
2009-02-26 12:35 . 2009-02-26 12:35 <DIR> d-------- c:\program files\ma-config.com
2009-02-26 11:56 . 2009-03-02 18:43 117,702 --a------ c:\users\All Users\nvModes.dat
2009-02-26 11:56 . 2009-03-02 18:43 117,702 --a------ c:\programdata\nvModes.dat
2009-02-25 13:22 . 2009-02-25 13:22 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-23 21:19 . 2008-04-26 08:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-23 21:19 . 2008-04-12 03:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-02-23 21:19 . 2008-04-05 01:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-02-23 21:19 . 2008-04-05 03:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-02-23 11:46 . 2008-12-05 04:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-23 11:46 . 2008-12-05 04:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-23 11:46 . 2008-12-05 04:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-23 11:46 . 2008-12-05 04:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-23 11:46 . 2008-12-05 04:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\windows\Options
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\users\All Users\Atheros
2009-02-16 15:57 . 2009-02-16 15:59 <DIR> d-------- C:\temp
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\programdata\Atheros
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\program files\Atheros
2009-02-16 15:57 . 2007-12-06 13:40 761,856 --a------ c:\windows\System32\athr.sys
2009-02-16 15:57 . 2007-12-13 17:19 55,808 --a------ c:\temp\devcon.exe
2009-02-16 15:57 . 2008-01-16 16:25 10,991 --a------ c:\windows\System32\athrext.cat
2009-02-16 15:57 . 2008-01-09 11:29 7,383 --a------ c:\windows\System32\netathr.inf
2009-02-16 15:53 . 2006-10-10 17:47 36,921 --a------ c:\windows\System32\hcwutl32_priv.dll
2009-02-16 15:46 . 2009-02-16 15:49 <DIR> d-------- c:\program files\NetWaiting
2009-02-16 15:42 . 2007-03-21 22:02 37,376 --a------ c:\windows\System32\drivers\rixdptsk.sys
2009-02-16 15:25 . 2009-02-28 19:21 <DIR> d-------- c:\users\All Users\NVIDIA
2009-02-16 15:25 . 2009-02-28 19:21 <DIR> d-------- c:\programdata\NVIDIA
2009-02-16 14:56 . 2008-12-04 02:42 453,152 --a------ c:\windows\System32\nvuninst.exe
2009-02-16 14:54 . 2008-01-18 11:31 196,784 --a------ c:\windows\System32\drivers\SynTP.sys
2009-02-16 14:54 . 2008-01-18 10:52 196,608 --a------ c:\windows\System32\SynCtrl.dll
2009-02-16 14:54 . 2008-01-18 10:51 163,840 --a------ c:\windows\System32\SynCOM.dll
2009-02-16 14:54 . 2008-01-18 11:03 147,456 --a------ c:\windows\System32\SynTPAPI.dll
2009-02-16 14:54 . 2008-01-18 11:30 110,592 --a------ c:\windows\System32\SynTPCo4.dll
2009-02-11 14:03 . 2009-01-15 03:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 14:03 . 2009-01-15 06:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 20:14 . 2009-02-10 20:14 <DIR> d-------- c:\program files\D'Accord_Music_Software
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Videos
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Searches
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Saved Games
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Pictures
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Music
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Links
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Downloads
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Documents
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Contacts
2009-02-05 10:41 . 2006-11-02 12:37 <DIR> d-------- c:\users\USER.JOSEPH\AppData\Roaming\Media Center Programs
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> d--h----- c:\users\USER.JOSEPH\AppData
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> d-------- c:\users\USER.JOSEPH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 15:40 16,495,392 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-04 15:26 --------- d---a-w c:\programdata\TEMP
2009-03-04 15:26 --------- d-----w c:\users\user\AppData\Roaming\OpenOffice.org2
2009-03-04 15:25 --------- d-----w c:\programdata\Kaspersky Lab
2009-03-04 15:21 227,756 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-27 13:02 --------- d-----w c:\users\user\AppData\Roaming\dvdcss
2009-02-23 15:07 --------- d-----w c:\program files\Java
2009-02-23 13:01 174 --sha-w c:\program files\desktop.ini
2009-02-23 12:47 --------- d-----w c:\program files\Windows Sidebar
2009-02-23 12:47 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-23 12:47 --------- d-----w c:\program files\Windows Mail
2009-02-23 12:47 --------- d-----w c:\program files\Windows Journal
2009-02-23 12:47 --------- d-----w c:\program files\Windows Defender
2009-02-23 12:47 --------- d-----w c:\program files\Windows Collaboration
2009-02-23 12:47 --------- d-----w c:\program files\Windows Calendar
2009-02-23 12:19 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-23 12:19 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-18 12:49 115,598 ----a-w c:\users\user\AppData\Roaming\nvModes.dat
2009-02-17 19:26 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-16 15:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-16 15:53 --------- d-----w c:\program files\WinTV
2009-02-12 12:45 --------- d-----w c:\programdata\Yahoo!
2009-02-05 11:40 --------- d-----w c:\program files\Avant Browser
2009-02-05 11:39 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-05 11:39 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-04 18:07 --------- d-----w c:\users\user\AppData\Roaming\Apple Computer
2009-02-02 10:47 --------- d-----w c:\programdata\WildTangent
2009-01-31 22:36 --------- d-----w c:\users\user\AppData\Roaming\FileZilla
2009-01-28 21:47 --------- d-----w c:\program files\Common Files\xing shared
2009-01-28 21:46 --------- d-----w c:\program files\Common Files\Real
2009-01-26 16:15 --------- d-----w c:\program files\Sarkophage
2009-01-25 15:19 --------- d-----w c:\program files\Microsoft Etudes
2009-01-25 15:17 --------- d-----w c:\program files\Learning Essentials
2009-01-24 13:32 --------- d-----w c:\program files\SpeedOptimizer
2009-01-18 13:05 --------- d-----w c:\program files\Systran
2009-01-15 14:51 --------- d-----w c:\users\user\AppData\Roaming\Skype
2009-01-15 14:49 --------- d-----w c:\users\user\AppData\Roaming\skypePM
2009-01-14 15:42 --------- d-----w c:\users\user\AppData\Roaming\vlc
2009-01-14 15:38 --------- d-----w c:\program files\VideoLAN
2009-01-13 20:47 --------- d-----w c:\program files\QuickMediaConverter
2009-01-09 14:59 --------- d-----w c:\program files\Hewlett-Packard
2009-01-05 15:13 --------- d-----w c:\program files\Common Files\Adobe
2008-12-04 11:32 32 ----a-w c:\users\All Users\ezsid.dat
2008-12-04 11:32 32 ----a-w c:\programdata\ezsid.dat
2008-08-13 22:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-13 22:04 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-13 22:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-10-11 12:10 56 --sha-r c:\windows\System32\B2BAEBF4B8.sys
2008-10-11 12:10 1,994 --sha-w c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-04 11:42 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]
2007-07-31 16:33 1391640 --a------ c:\program files\D'Accord_Music_Software\tbD'Ac.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-09-04 3057152]
"L07FXLRD_4827669"="d:\microsoft encarta 2007 - études dvd\EDICT.EXE" [2006-06-13 351000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2005-03-17 970752]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-22 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-17 110592]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-17 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{18E69B0C-C470-4CCD-840A-C259BFC880AE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1C699286-AC62-4D67-A89F-C80C07D240A1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6F493DF6-420A-4621-BA20-C7B4B9366F86}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{F999E4AD-C512-4709-B152-9E5C224806FE}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{F23BE67F-C1A7-4B95-98B4-314164317683}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B1AAC164-44A3-426F-83CF-ACAA890ECC75}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2B468E4F-B736-4566-BC7C-58113F8A63AD}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C263EB46-1F73-4DAA-B19D-7E85B4AF91A7}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9BC2DD2A-2D57-45C8-AE9B-D3768C0225BE}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{82D1B077-82A3-4509-A840-86E59C8950BF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{71345F6B-FB2A-4B9D-AE4A-2F84C39BDE63}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{02E42BFA-DEB1-45E7-9B27-73F2EFE9853C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3267061A-1E1E-47D0-9E8E-E3DE6BD22CAC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8FD066C0-906C-4CD4-9EC7-24BA9CE5DCEC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{ED7AB1B2-3D50-4CE5-B446-D42C6DB40D45}"= UDP:c:\program files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{087E0860-1BFD-4105-BF65-4B344662F373}"= TCP:c:\program files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{583A1E40-D7E5-436D-8CFA-7EAF21336223}"= UDP:81:Easyphp
"TCP Query User{AF16ECF9-8487-4E61-BE55-B485E3D12DEB}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{BB581463-910E-4466-885D-36889AB6DC05}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"{353B053E-4614-4E22-909F-45D794DF5796}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{9F482E25-149B-4DE9-B1EB-2B4CFDDC0A37}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{020340E4-FE86-48AD-910F-DFEFD5E996D9}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{1F9F616D-B137-483A-B986-AFF7BCD3BA45}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-04-04 20760]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{285bdd84-a2af-11dd-9e71-001b249fe2ab}]
\shell\auto\command - G:\SafeMass.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\SafeMass.exe
\shell\explore\command - G:\SafeMass.exe
\shell\find\command - G:\SafeMass.exe
\shell\open\command - G:\SafeMass.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56cd8ac9-61ff-11dd-9148-001b249fe2ab}]
\shell\AutoRun\command - p1f6b.exe
\shell\explore\Command - p1f6b.exe
\shell\open\Command - p1f6b.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{673a3840-cd05-11dd-9dbb-001b249fe2ab}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d0e4fc8-a1cb-11dd-9886-001b249fe2ab}]
\shell\AutoRun\command - F:\jeorels.cmd
\shell\open\Command - F:\jeorels.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82a9d785-f87c-11dd-8462-001a73a7b5a2}]
\shell\AutoRun\command - F:\opgde.exe
\shell\open\Command - F:\opgde.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95197ddc-5f29-11dd-8e89-001a73a7b5a2}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL protector.exe
\shell\infected\command - protector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3bd85c9-5214-11dd-aa7b-001b249fe2ab}]
\shell\AutoRun\command - G:\1utbfd.bat
\shell\open\Command - G:\1utbfd.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac60d4b3-550e-11dd-8dc3-001a73a7b5a2}]
\shell\AutoRun\command - H:\ReadMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1e3f017-e2df-11dd-ac77-001b249fe2ab}]
\shell\AutoRun\command - rcukd.cmd
\shell\explore\Command - rcukd.cmd
\shell\open\Command - rcukd.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b42854f7-8447-11dd-8ad9-001a73a7b5a2}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4cdc5df-d764-11dd-9531-001a73a7b5a2}]
\shell\AUtOPlAy\coMmand - wpmjx.exe
\shell\AutoRun\command - wpmjx.exe
\shell\eXpLore\CommANd - wpmjx.exe
\shell\opeN\commAnd - wpmjx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2e2bcd5-fdee-11dd-a958-001a73a7b5a2}]
\shell\AutoRun\command - F:\g.com
\shell\explore\Command - F:\g.com
\shell\open\Command - F:\g.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe8e6fd9-e725-11dd-b6df-001a73a7b5a2}]
\shell\AutoRun\command - G:\lp3c.bat
\shell\explore\Command - G:\lp3c.bat
\shell\open\Command - G:\lp3c.bat

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-26 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-03-23 22:23]

2009-03-04 c:\windows\Tasks\SpeedOptimizer Startup.job
- c:\progra~1\speedo~1\SPO.exe [2008-08-04 11:42]

2009-03-04 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-CorelDRAW Graphics Suite 11b - c:\program files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com
mStart Page = hxxp://fr.yahoo.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ao60fzdy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 15:47:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

- - - - - - - > 'lsass.exe'(664)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
.
Completion time: 2009-03-04 15:51:47
ComboFix-quarantined-files.txt 2009-03-04 15:51:37

Pre-Run: 25,100,386,304 bytes free
Post-Run: 37,707,964,416 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
334 --- E O F --- 2009-03-04 11:56:42

rapport
ComboFix 09-03-01.01 - Joseph 2009-03-04 16:34:23.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1183 [GMT 0:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFscript
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

FILE ::
F:\g.com
F:\jeorels.cmd
F:\opgde.exe
G:\1utbfd.bat
G:\lp3c.bat
G:\SafeMass.exe
H:\ReadMe.exe
.

((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-02-28 18:29 . 2008-06-20 01:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-28 18:29 . 2008-06-20 01:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-28 18:29 . 2008-06-20 01:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-28 18:29 . 2008-06-20 01:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-28 18:29 . 2008-06-20 01:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-28 18:29 . 2008-06-20 01:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-28 18:29 . 2008-06-20 01:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-28 18:29 . 2008-06-20 01:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-28 18:19 . 2008-07-27 18:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-28 18:19 . 2008-07-27 18:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-28 18:19 . 2008-07-27 18:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-28 18:19 . 2008-07-27 18:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-28 18:19 . 2008-07-27 18:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-28 16:28 . 2009-02-28 16:28 <DIR> d-------- c:\program files\WinSCP
2009-02-26 14:55 . 2009-02-26 15:02 <DIR> d-------- C:\NVIDIA
2009-02-26 13:18 . 2009-02-26 13:18 <DIR> d-------- c:\program files\DIFX
2009-02-26 12:35 . 2009-02-26 12:35 <DIR> d-------- c:\users\All Users\ma-config.com
2009-02-26 12:35 . 2009-02-26 12:35 <DIR> d-------- c:\programdata\ma-config.com
2009-02-26 12:35 . 2009-02-26 12:35 <DIR> d-------- c:\program files\ma-config.com
2009-02-26 11:56 . 2009-03-02 18:43 117,702 --a------ c:\users\All Users\nvModes.dat
2009-02-26 11:56 . 2009-03-02 18:43 117,702 --a------ c:\programdata\nvModes.dat
2009-02-25 13:22 . 2009-02-25 13:22 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-23 21:19 . 2008-04-26 08:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-23 21:19 . 2008-04-12 03:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-02-23 21:19 . 2008-04-05 01:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-02-23 21:19 . 2008-04-05 03:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-02-23 11:46 . 2008-12-05 04:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-23 11:46 . 2008-12-05 04:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-23 11:46 . 2008-12-05 04:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-23 11:46 . 2008-12-05 04:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-23 11:46 . 2008-12-05 04:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\windows\Options
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\users\All Users\Atheros
2009-02-16 15:57 . 2009-02-16 15:59 <DIR> d-------- C:\temp
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\programdata\Atheros
2009-02-16 15:57 . 2009-02-16 15:57 <DIR> d-------- c:\program files\Atheros
2009-02-16 15:57 . 2007-12-06 13:40 761,856 --a------ c:\windows\System32\athr.sys
2009-02-16 15:57 . 2007-12-13 17:19 55,808 --a------ c:\temp\devcon.exe
2009-02-16 15:57 . 2008-01-16 16:25 10,991 --a------ c:\windows\System32\athrext.cat
2009-02-16 15:57 . 2008-01-09 11:29 7,383 --a------ c:\windows\System32\netathr.inf
2009-02-16 15:53 . 2006-10-10 17:47 36,921 --a------ c:\windows\System32\hcwutl32_priv.dll
2009-02-16 15:46 . 2009-02-16 15:49 <DIR> d-------- c:\program files\NetWaiting
2009-02-16 15:42 . 2007-03-21 22:02 37,376 --a------ c:\windows\System32\drivers\rixdptsk.sys
2009-02-16 15:25 . 2009-02-28 19:21 <DIR> d-------- c:\users\All Users\NVIDIA
2009-02-16 15:25 . 2009-02-28 19:21 <DIR> d-------- c:\programdata\NVIDIA
2009-02-16 14:56 . 2008-12-04 02:42 453,152 --a------ c:\windows\System32\nvuninst.exe
2009-02-16 14:54 . 2008-01-18 11:31 196,784 --a------ c:\windows\System32\drivers\SynTP.sys
2009-02-16 14:54 . 2008-01-18 10:52 196,608 --a------ c:\windows\System32\SynCtrl.dll
2009-02-16 14:54 . 2008-01-18 10:51 163,840 --a------ c:\windows\System32\SynCOM.dll
2009-02-16 14:54 . 2008-01-18 11:03 147,456 --a------ c:\windows\System32\SynTPAPI.dll
2009-02-16 14:54 . 2008-01-18 11:30 110,592 --a------ c:\windows\System32\SynTPCo4.dll
2009-02-11 14:03 . 2009-01-15 03:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 14:03 . 2009-01-15 06:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 20:14 . 2009-02-10 20:14 <DIR> d-------- c:\program files\D'Accord_Music_Software
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Videos
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Searches
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Saved Games
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Pictures
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Music
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Links
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Downloads
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Documents
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> dr------- c:\users\USER.JOSEPH\Contacts
2009-02-05 10:41 . 2006-11-02 12:37 <DIR> d-------- c:\users\USER.JOSEPH\AppData\Roaming\Media Center Programs
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> d--h----- c:\users\USER.JOSEPH\AppData
2009-02-05 10:41 . 2009-02-05 10:41 <DIR> d-------- c:\users\USER.JOSEPH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 16:36 16,558,112 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-04 15:26 --------- d---a-w c:\programdata\TEMP
2009-03-04 15:26 --------- d-----w c:\users\user\AppData\Roaming\OpenOffice.org2
2009-03-04 15:25 --------- d-----w c:\programdata\Kaspersky Lab
2009-03-04 15:21 227,756 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-27 13:02 --------- d-----w c:\users\user\AppData\Roaming\dvdcss
2009-02-23 15:07 --------- d-----w c:\program files\Java
2009-02-23 13:01 174 --sha-w c:\program files\desktop.ini
2009-02-23 12:47 --------- d-----w c:\program files\Windows Sidebar
2009-02-23 12:47 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-23 12:47 --------- d-----w c:\program files\Windows Mail
2009-02-23 12:47 --------- d-----w c:\program files\Windows Journal
2009-02-23 12:47 --------- d-----w c:\program files\Windows Defender
2009-02-23 12:47 --------- d-----w c:\program files\Windows Collaboration
2009-02-23 12:47 --------- d-----w c:\program files\Windows Calendar
2009-02-23 12:19 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-23 12:19 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-18 12:49 115,598 ----a-w c:\users\user\AppData\Roaming\nvModes.dat
2009-02-17 19:26 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-16 15:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-16 15:53 --------- d-----w c:\program files\WinTV
2009-02-12 12:45 --------- d-----w c:\programdata\Yahoo!
2009-02-05 11:40 --------- d-----w c:\program files\Avant Browser
2009-02-05 11:39 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-05 11:39 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-04 18:07 --------- d-----w c:\users\user\AppData\Roaming\Apple Computer
2009-02-02 10:47 --------- d-----w c:\programdata\WildTangent
2009-01-31 22:36 --------- d-----w c:\users\user\AppData\Roaming\FileZilla
2009-01-28 21:47 --------- d-----w c:\program files\Common Files\xing shared
2009-01-28 21:46 --------- d-----w c:\program files\Common Files\Real
2009-01-26 16:15 --------- d-----w c:\program files\Sarkophage
2009-01-25 15:19 --------- d-----w c:\program files\Microsoft Etudes
2009-01-25 15:17 --------- d-----w c:\program files\Learning Essentials
2009-01-24 13:32 --------- d-----w c:\program files\SpeedOptimizer
2009-01-18 13:05 --------- d-----w c:\program files\Systran
2009-01-15 14:51 --------- d-----w c:\users\user\AppData\Roaming\Skype
2009-01-15 14:49 --------- d-----w c:\users\user\AppData\Roaming\skypePM
2009-01-14 15:42 --------- d-----w c:\users\user\AppData\Roaming\vlc
2009-01-14 15:38 --------- d-----w c:\program files\VideoLAN
2009-01-13 20:47 --------- d-----w c:\program files\QuickMediaConverter
2009-01-09 14:59 --------- d-----w c:\program files\Hewlett-Packard
2009-01-05 15:13 --------- d-----w c:\program files\Common Files\Adobe
2008-12-04 11:32 32 ----a-w c:\users\All Users\ezsid.dat
2008-12-04 11:32 32 ----a-w c:\programdata\ezsid.dat
2008-08-13 22:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-13 22:04 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-13 22:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-10-11 12:10 56 --sha-r c:\windows\System32\B2BAEBF4B8.sys
2008-10-11 12:10 1,994 --sha-w c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-04_15.49.08.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-04 15:47:40 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-04 16:38:47 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-04 16:38:47 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-04 15:32:03 101,350 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-04 15:59:56 101,350 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-04 15:32:03 595,684 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-04 15:59:56 595,684 ----a-w c:\windows\System32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-04 11:42 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]
2007-07-31 16:33 1391640 --a------ c:\program files\D'Accord_Music_Software\tbD'Ac.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-09-04 3057152]
"L07FXLRD_4827669"="d:\microsoft encarta 2007 - études dvd\EDICT.EXE" [2006-06-13 351000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2005-03-17 970752]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-22 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-17 110592]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-17 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{18E69B0C-C470-4CCD-840A-C259BFC880AE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1C699286-AC62-4D67-A89F-C80C07D240A1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6F493DF6-420A-4621-BA20-C7B4B9366F86}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{F999E4AD-C512-4709-B152-9E5C224806FE}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{F23BE67F-C1A7-4B95-98B4-314164317683}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B1AAC164-44A3-426F-83CF-ACAA890ECC75}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2B468E4F-B736-4566-BC7C-58113F8A63AD}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C263EB46-1F73-4DAA-B19D-7E85B4AF91A7}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9BC2DD2A-2D57-45C8-AE9B-D3768C0225BE}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{82D1B077-82A3-4509-A840-86E59C8950BF}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{71345F6B-FB2A-4B9D-AE4A-2F84C39BDE63}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{02E42BFA-DEB1-45E7-9B27-73F2EFE9853C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3267061A-1E1E-47D0-9E8E-E3DE6BD22CAC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8FD066C0-906C-4CD4-9EC7-24BA9CE5DCEC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{ED7AB1B2-3D50-4CE5-B446-D42C6DB40D45}"= UDP:c:\program files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{087E0860-1BFD-4105-BF65-4B344662F373}"= TCP:c:\program files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{583A1E40-D7E5-436D-8CFA-7EAF21336223}"= UDP:81:Easyphp
"TCP Query User{AF16ECF9-8487-4E61-BE55-B485E3D12DEB}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{BB581463-910E-4466-885D-36889AB6DC05}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"{353B053E-4614-4E22-909F-45D794DF5796}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{9F482E25-149B-4DE9-B1EB-2B4CFDDC0A37}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{020340E4-FE86-48AD-910F-DFEFD5E996D9}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{1F9F616D-B137-483A-B986-AFF7BCD3BA45}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-04-04 20760]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{673a3840-cd05-11dd-9dbb-001b249fe2ab}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b42854f7-8447-11dd-8ad9-001a73a7b5a2}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-26 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-03-23 22:23]

2009-03-04 c:\windows\Tasks\SpeedOptimizer Startup.job
- c:\progra~1\speedo~1\SPO.exe [2008-08-04 11:42]

2009-03-04 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com
mStart Page = hxxp://fr.yahoo.com
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ao60fzdy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 16:38:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000009134AB116EF2F149EA 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

- - - - - - - > 'lsass.exe'(664)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
.
Completion time: 2009-03-04 16:42:16
ComboFix-quarantined-files.txt 2009-03-04 16:42:08
ComboFix2.txt 2009-03-04 15:51:50

Pre-Run: 35,703,336,960 bytes free
Post-Run: 35,421,138,944 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
305 --- E O F --- 2009-03-04 11:56:42

il ya une fenetre qui souvre souvant

probleme de pilote avec mon lecteur dvd du hp pavilion dv9500
Slimtype DVD A DS8A1H ATA Device (Driver mal installé)

salut
excuse moi de te deranger, j'ai formate mon ordi et je n'arrive plus a retrouver les pilotes peripherique du systeme de base dont voici les details de pilots
PCI\VEN_1180&DEV_0592&SUBSYS_30A0103C&REV_0A\4&6B16D5B&0&4BF0
PCI\VEN_1180&DEV_0843&SUBSYS_30A0103C&REV_01\4&6B16D5B&0&4AF0
PCI\VEN_1180&DEV_0852&SUBSYS_30A0103C&REV_05\4&6B16D5B&0&4CF0
aider moi stp