Trojan.generic.291379, Comment le supprimer ? Résolu

Question

Bonjour et bonne année à tous,

Depuis quelques jours, mon ordi est infecté par les virus trojan.generic.2913791.

Je suspectais déjà un virus, mais aujourd'hui, bitdefender a enfin réussi à faire une analyse anti-malwares complète (jusqu'alors, l'ordi plantait en plein milieu de l'analyse) et ce virus a été détecté, mais bitdefender est incapable de le supprimer.

Bitdefender détecte 13 fichiers infectés, 11 infectés par trojan.generic.2911258 qui sont supprimés, mais qui reviennent en permanence, et 2 infectés par trojan.generic.2913791 qui ne peuvent pas être supprimés.

Le tout, dans le même fichier : 

 <system>=>globalroot\systemroot\system32\h8srtirqqqweupw.dll(memory dump) et (full dump)

Apparemment, et comme le suggère l'emplacement du fichier infecté, l'infection est bien enracinée, car depuis l'infection :

-La restauration du système, la défragmentation, le formatage des autres partitions sont impossible.

-Il m'est impossible d'installer spytbotS&D (je clique sur l'exe d'instal, le sablier apparait, puis rien du tout).

-Les mises à jours via internet explorer et le site windows update sont très difficiles (explorer se ferme).

-Le système freeze régulièrement.

-J'ai réinstaller un jeu qui depuis ne fonctionne plus (toutes les 2 min, les couleurs bugent, et le jeu est réduit en barre des taches)

Je joints le log Hijackthis : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:47, on 02/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Feu Central\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 5284 bytes

Le site d'évaluation de log en ligne de hijackthis ne trouve rien d'anormal.

Voilà, ce problème dépasse très largement mes compétences informatiques, et je ne sais vraiment pas quoi faire.

Quelqu'un aurait-il une idée ??

Merci d'avance.

Redbart · Answer

Bsr

télécharge MBAM en espérant que tu puisses l'installer
https://download.cnet.com/malwarebytes-anti-malware/windows.html?part=dl-10804572&subj=dl&tag=button
m.à.j., scan et supprime tout ce qu'il trouve
redémarre le pc

vérifie si les fonctions update installation sont revenus

post le rapport

Staro · Answer

Ok, je fais çà tout de suite, en fait j'ai déliré pour SpybotS&D, le logiciel, je l'ai déjà instalé, c'est l'exe du logiciel qui ne répond pas...

PS: merci de ta rapidité =)

Staro · Answer

Bon, ben c'est mort, même problème avec le setup de MBAM... Il ne répond pas =/

Je vais essayer en mode sans échec.

......................................................................................................

Idem en mode sans-échec... Je sens que c'est pas gagné... =/

Mais merci quand même.

Staro · Answer

Est-ce que je risque quelque chose, si j'essaye de le supprimer manuellement ??

Sinon, je pense à un reformatage complet du pc, mais bien sûr je préfèrerais éviter...

Merci d'avance.

moment de grace · Answer

bonjour

cela ressemble bien à un rookit

essaies ceci pour en savoir un peu plus


• Télécharge Random's System Information Tool (RSIT) de Random/Random. 

http://images.malwareremoval.com/random/RSIT.exe 

• Enregistre le sur ton Bureau. 

• Double clique sur RSIT.exe pour lancer l'outil. 

• Clique sur "Continue" à l'écran Disclaimer. 

• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) 

et tu devras accepter la licence. 

• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Les rapports se trouvent à cet endroit: 
C:\rsit\info.txt 
C:\rsit\log.txt

Staro · Answer

Ok, merci de ta réponse moment de grace...

Voilà les 2 rapports :

Staro · Answer

info.txt logfile of random's system information tool 1.06 2010-01-02 16:30:31

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BitDefender Antivirus 2009-->MsiExec.exe /X{7E0F42A8-AC7D-4557-8D8F-49918C543ABF}
Canon ScanGear Toolbox CS 2.2-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox CS\uninst.dll"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{17E57E89-DDB3-4f76-9AF1-A8E01CC633E4}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Exact Audio Copy 0.99pb3-->C:\Program Files\Exact Audio Copy\uninst.exe
Fallout 2-->C:\WINDOWS\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log
FO2 Expansion Pack 1.2-->"C:\Program Files\BlackIsle\Fallout2\unins000.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Feu Central\Bureau\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
hp deskjet 840c series (Supprimer uniquement)-->C:\Program Files\hp deskjet 840c series\hpfiui.exe -c -vdivid=HPF -vpnum=90 -vinstport=LPT1: -vproduct=840c -huninstall
hp deskjet 840c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 840c series
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Codec Pack 5.5.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Mise à jour pour Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{165EB935-0893-4FB3-B6FD-4D2B638B69B2}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Real Alternative 2.0.1-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rybka 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93409FE9-4751-4564-916A-BBD76537DEE0}\Setup.exe" -l0x40c  -removeonly
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Sélecteur d'installation de Microsoft Works 2005-->C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP F:\
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} 
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: Antivirus BitDefender 

======System event log======

Computer Name: FEUCENTRAL
Event Code: 7026
Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : 
bdpredir

Record Number: 5
Source Name: Service Control Manager
Time Written: 20100101151713.000000+060
Event Type: erreur
User: 

Computer Name: FEUCENTRAL
Event Code: 3100
Message: Le pilote de l'édition Développeur IPv6 Microsoft a été démarré.

Record Number: 4
Source Name: Tcpip6
Time Written: 20100101151554.000000+060
Event Type: Informations
User: 

Computer Name: FEUCENTRAL
Event Code: 10
Message: Ce lecteur ne semble pas prendre en charge la lecture audio numérique.

Record Number: 3
Source Name: redbook
Time Written: 20100101151554.000000+060
Event Type: Informations
User: 

Computer Name: FEUCENTRAL
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 2
Source Name: EventLog
Time Written: 20100101151534.000000+060
Event Type: Informations
User: 

Computer Name: FEUCENTRAL
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20100101151534.000000+060
Event Type: Informations
User: 

=====Application event log=====

Computer Name: FEUCENTRAL
Event Code: 105
Message: The service was started.

Record Number: 768
Source Name: ATI Smart
Time Written: 20091008223907.000000+120
Event Type: Informations
User: 

Computer Name: FEUCENTRAL
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 767
Source Name: SecurityCenter
Time Written: 20091008063924.000000+120
Event Type: Informations
User: 

Computer Name: FEUCENTRAL
Event Code: 105
Message: The service was started.

Record Number: 766
Source Name: ATI Smart
Time Written: 20091008063903.000000+120
Event Type: Informations
User: 

Computer Name: FEUCENTRAL
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 765
Source Name: SecurityCenter
Time Written: 20091008022223.000000+120
Event Type: Informations
User: 

Computer Name: FEUCENTRAL
Event Code: 105
Message: The service was started.

Record Number: 764
Source Name: ATI Smart
Time Written: 20091008022219.000000+120
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Staro · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Feu Central at 2010-01-02 16:30:09
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 49 GB (62%) free of 79 GB
Total RAM: 1023 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:24, on 02/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Feu Central\Bureau\RSIT.exe
C:\Documents and Settings\Feu Central\Bureau\Feu Central.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 5428 bytes

======Scheduled tasks folder======

C:\WINDOWS	asks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-11-16 782336]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-15 196608]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe [2009-01-08 2521464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-12 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2009-05-23 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VIA RAID TOOL.lnk]
C:\PROGRA~1\VIA\RAID\RAID_T~1.EXE [2004-07-14 585728]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe"="C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-02 16:30:08 ----D---- C:sit
2010-01-02 02:07:26 ----A---- C:\WINDOWS
tbtlog.txt
2010-01-01 22:54:10 ----A---- C:\WINDOWS\system32\unrar.dll
2010-01-01 22:54:10 ----A---- C:\WINDOWS\avisplitter.ini
2010-01-01 22:54:09 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-01-01 22:54:09 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-01-01 22:54:09 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-01-01 22:54:07 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-01-01 22:54:07 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-01-01 22:54:06 ----D---- C:\Program Files\K-Lite Codec Pack
2010-01-01 15:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-01-01 15:04:10 ----SHD---- C:\Config.Msi
2010-01-01 15:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-01-01 15:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-01-01 15:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-01-01 15:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-01-01 14:56:38 ----D---- C:\Documents and Settings\Feu Central\Application Data\Windows Search
2010-01-01 11:14:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-01-01 11:14:40 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-01-01 11:14:40 ----D---- C:\Documents and Settings\Feu Central\Application Data\Windows Desktop Search
2010-01-01 11:14:14 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-01-01 11:14:14 ----D---- C:\Program Files\Windows Desktop Search
2010-01-01 11:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-01-01 11:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-01-01 11:13:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-01 11:13:50 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-01-01 11:13:30 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-01 11:13:22 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-01-01 11:12:37 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-01-01 11:12:19 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-01 11:12:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-01-01 11:10:43 ----D---- C:\WINDOWS\system32\URTTEMP
2010-01-01 11:10:21 ----A---- C:\WINDOWS\imsins.BAK
2010-01-01 11:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-31 22:53:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-31 22:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-31 06:17:41 ----HDC---- C:\WINDOWS\ie8
2009-12-31 06:08:59 ----HD---- C:\WINDOWS\msdownld.tmp
2009-12-31 04:58:35 ----D---- C:\WINDOWS\Prefetch
2009-12-31 04:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-12-31 04:47:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-31 04:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-31 04:05:52 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32
tprint.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32
tlsapi.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32
tdll.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32
slookup.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\locator.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\localspl.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\ftp.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\format.com
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\cmd.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\cacls.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\autochk.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\samlib.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32shx32.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32astapi.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32asman.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32asdlg.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32asauto.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32asapi32.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\printui.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32
wprovau.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32
tvdm.exe
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\userinit.exe
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\untfs.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\ulib.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32	cpmonui.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\smss.exe
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\services.exe
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\schannel.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\savedump.exe
2009-12-31 04:04:33 ----A---- C:\WINDOWS\system32
toskrnl.exe
2009-12-31 04:04:33 ----A---- C:\WINDOWS\system32
tkrnlpa.exe
2009-12-31 04:04:33 ----A---- C:\WINDOWS\system32\HAL.DLL
2009-12-31 02:27:48 ----D---- C:\Program Files\BlackIsle
2009-12-31 00:58:21 ----D---- C:\Program Files\DAEMON Tools Lite
2009-12-27 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-27 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-26 10:12:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-12-26 10:12:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-12-26 10:11:41 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-12-26 03:08:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-26 03:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-26 03:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-26 03:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-26 03:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-26 03:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-26 03:07:42 ----D---- C:\Program Files\MSXML 6.0
2009-12-26 03:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-26 03:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-26 03:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-26 03:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-26 03:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-26 03:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-26 03:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-26 03:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-26 03:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-26 03:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-26 03:06:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-26 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-26 03:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-26 03:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-26 03:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-26 03:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-26 03:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-26 03:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-26 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-26 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-26 03:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-26 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-26 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-12-26 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-26 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-26 03:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-26 03:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-26 03:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-26 03:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-26 03:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-26 03:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-26 03:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-26 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-26 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-26 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-26 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-26 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-26 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2009-12-26 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-26 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-26 03:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-26 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-26 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-26 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-26 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-26 03:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-26 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-26 00:31:03 ----A---- C:\WINDOWS\system32\SET180.tmp
2009-12-26 00:31:01 ----A---- C:\WINDOWS\system32\SET185.tmp
2009-12-26 00:31:01 ----A---- C:\WINDOWS\system32\SET184.tmp
2009-12-26 00:31:01 ----A---- C:\WINDOWS\system32\SET109F.tmp
2009-12-26 00:31:00 ----A---- C:\WINDOWS\system32\SET18E.tmp
2009-12-26 00:31:00 ----A---- C:\WINDOWS\system32\SET18B.tmp
2009-12-26 00:31:00 ----A---- C:\WINDOWS\system32\SET189.tmp
2009-12-26 00:31:00 ----A---- C:\WINDOWS\system32\SET187.tmp
2009-12-26 00:30:59 ----A---- C:\WINDOWS\system32\SET196.tmp
2009-12-26 00:30:59 ----A---- C:\WINDOWS\system32\SET193.tmp
2009-12-26 00:30:59 ----A---- C:\WINDOWS\system32\SET192.tmp
2009-12-26 00:30:57 ----A---- C:\WINDOWS\system32\SET1A5.tmp
2009-12-26 00:30:56 ----A---- C:\WINDOWS\system32\SET1AC.tmp
2009-12-26 00:30:56 ----A---- C:\WINDOWS\system32\SET1AB.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1C0.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1BA.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B9.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B8.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B7.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B4.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B3.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B1.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B0.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1AF.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET10A7.tmp
2009-12-26 00:30:54 ----A---- C:\WINDOWS\system32\SET1CA.tmp
2009-12-26 00:30:54 ----A---- C:\WINDOWS\system32\SET1C9.tmp
2009-12-26 00:30:54 ----A---- C:\WINDOWS\system32\SET1C8.tmp
2009-12-26 00:30:54 ----A---- C:\WINDOWS\system32\SET1C7.tmp
2009-12-26 00:30:53 ----A---- C:\WINDOWS\system32\SET1CF.tmp
2009-12-26 00:30:53 ----A---- C:\WINDOWS\system32\SET1CD.tmp
2009-12-26 00:30:53 ----A---- C:\WINDOWS\system32\SET10A9.tmp
2009-12-26 00:30:52 ----A---- C:\WINDOWS\system32\SET1D7.tmp
2009-12-26 00:30:52 ----A---- C:\WINDOWS\system32\SET1D0.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1E4.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1E1.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1DF.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1DE.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1DD.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1DB.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1DA.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1D9.tmp
2009-12-26 00:30:50 ----A---- C:\WINDOWS\system32\SET1EA.tmp
2009-12-26 00:30:50 ----A---- C:\WINDOWS\system32\SET1E7.tmp
2009-12-26 00:30:50 ----A---- C:\WINDOWS\system32\SET1E6.tmp
2009-12-26 00:30:50 ----A---- C:\WINDOWS\system32\SET1E5.tmp
2009-12-26 00:30:49 ----A---- C:\WINDOWS\system32\SET1F0.tmp
2009-12-26 00:30:48 ----A---- C:\WINDOWS\system32\SET1F9.tmp
2009-12-26 00:30:48 ----A---- C:\WINDOWS\system32\SET1F6.tmp
2009-12-26 00:30:48 ----A---- C:\WINDOWS\system32\SET1F5.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET205.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET204.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET1FF.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET1FD.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET1FC.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET10AC.tmp
2009-12-26 00:30:46 ----A---- C:\WINDOWS\system32\SET215.tmp
2009-12-26 00:30:46 ----A---- C:\WINDOWS\system32\SET214.tmp
2009-12-26 00:30:46 ----A---- C:\WINDOWS\system32\SET20A.tmp
2009-12-26 00:30:46 ----A---- C:\WINDOWS\system32\SET207.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET21F.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET21D.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET21C.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET21B.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET21A.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET218.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET10AD.tmp
2009-12-26 00:30:43 ----A---- C:\WINDOWS\system32\SET238.tmp
2009-12-26 00:30:43 ----A---- C:\WINDOWS\system32\SET236.tmp
2009-12-26 00:30:43 ----A---- C:\WINDOWS\system32\SET234.tmp
2009-12-26 00:30:43 ----A---- C:\WINDOWS\system32\SET22F.tmp
2009-12-26 00:30:42 ----A---- C:\WINDOWS\system32\SET23E.tmp
2009-12-26 00:30:42 ----A---- C:\WINDOWS\system32\SET23D.tmp
2009-12-26 00:30:42 ----A---- C:\WINDOWS\system32\SET23B.tmp
2009-12-26 00:30:42 ----A---- C:\WINDOWS\system32\SET23A.tmp
2009-12-26 00:30:42 ----A---- C:\WINDOWS\system32\SET239.tmp
2009-12-26 00:30:41 ----A---- C:\WINDOWS\system32\SET248.tmp
2009-12-26 00:30:41 ----A---- C:\WINDOWS\system32\SET247.tmp
2009-12-26 00:30:41 ----A---- C:\WINDOWS\system32\SET243.tmp
2009-12-26 00:30:41 ----A---- C:\WINDOWS\system32\SET242.tmp
2009-12-26 00:30:40 ----A---- C:\WINDOWS\system32\SET250.tmp
2009-12-26 00:30:40 ----A---- C:\WINDOWS\system32\SET24F.tmp
2009-12-26 00:30:40 ----A---- C:\WINDOWS\system32\SET24E.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET26A.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET264.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET262.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET260.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET25F.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET25E.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET258.tmp
2009-12-26 00:30:38 ----A---- C:\WINDOWS\system32\SET27A.tmp
2009-12-26 00:30:38 ----A---- C:\WINDOWS\system32\SET278.tmp
2009-12-26 00:30:38 ----A---- C:\WINDOWS\system32\SET276.tmp
2009-12-26 00:30:37 ----A---- C:\WINDOWS\system32\SET28B.tmp
2009-12-26 00:30:37 ----A---- C:\WINDOWS\system32\SET289.tmp
2009-12-26 00:30:37 ----A---- C:\WINDOWS\system32\SET27F.tmp
2009-12-26 00:30:37 ----A---- C:\WINDOWS\system32\SET27C.tmp
2009-12-26 00:30:37 ----A---- C:\WINDOWS\system32\SET27B.tmp
2009-12-26 00:30:36 ----A---- C:\WINDOWS\system32\SET292.tmp
2009-12-26 00:30:36 ----A---- C:\WINDOWS\system32\SET290.tmp
2009-12-26 00:30:36 ----A---- C:\WINDOWS\system32\SET28C.tmp
2009-12-26 00:30:36 ----A---- C:\WINDOWS\system32\SET10BA.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET2A0.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET29F.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET29D.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET29C.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET29B.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET296.tmp
2009-12-26 00:30:34 ----A---- C:\WINDOWS\system32\SET2A9.tmp
2009-12-26 00:30:33 ----A---- C:\WINDOWS\system32\SET2B2.tmp
2009-12-26 00:30:33 ----A---- C:\WINDOWS\system32\SET2B1.tmp
2009-12-26 00:30:33 ----A---- C:\WINDOWS\system32\SET2AA.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2C5.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2C2.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2C1.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2C0.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2BE.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2BD.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2BC.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2B9.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2B8.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2B7.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2B6.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2B5.tmp
2009-12-26 00:30:31 ----A---- C:\WINDOWS\system32\SET2C8.tmp
2009-12-26 00:30:30 ----A---- C:\WINDOWS\system32\SET2CE.tmp
2009-12-26 00:30:30 ----A---- C:\WINDOWS\system32\SET2CD.tmp
2009-12-26 00:30:29 ----A---- C:\WINDOWS\system32\SET2D6.tmp
2009-12-26 00:30:29 ----A---- C:\WINDOWS\system32\SET2D5.tmp
2009-12-26 00:30:29 ----A---- C:\WINDOWS\system32\SET2D4.tmp
2009-12-26 00:30:29 ----A---- C:\WINDOWS\system32\SET2CF.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2E2.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2E1.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2DE.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2DD.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2DB.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2D8.tmp
2009-12-26 00:30:27 ----A---- C:\WINDOWS\system32\SET2F0.tmp
2009-12-26 00:30:27 ----A---- C:\WINDOWS\system32\SET2EB.tmp
2009-12-26 00:30:27 ----A---- C:\WINDOWS\system32\SET2E9.tmp
2009-12-26 00:30:27 ----A---- C:\WINDOWS\system32\SET2E8.tmp
2009-12-26 00:30:27 ----A---- C:\WINDOWS\system32\SET2E5.tmp
2009-12-26 00:30:26 ----A---- C:\WINDOWS\system32\SET304.tmp
2009-12-26 00:30:26 ----A---- C:\WINDOWS\system32\SET303.tmp
2009-12-26 00:30:26 ----A---- C:\WINDOWS\system32\SET300.tmp
2009-12-26 00:30:26 ----A---- C:\WINDOWS\system32\SET2FF.tmp
2009-12-26 00:30:26 ----A---- C:\WINDOWS\system32\SET2F7.tmp
2009-12-26 00:30:25 ----A---- C:\WINDOWS\system32\SET317.tmp
2009-12-26 00:30:25 ----A---- C:\WINDOWS\system32\SET316.tmp
2009-12-26 00:30:25 ----A---- C:\WINDOWS\system32\SET314.tmp
2009-12-26 00:30:25 ----A---- C:\WINDOWS\system32\SET311.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET336.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET332.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET32E.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET32C.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET32A.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET329.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET328.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET327.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET323.tmp
2009-12-26 00:30:22 ----A---- C:\WINDOWS\system32\SET342.tmp
2009-12-26 00:30:22 ----A---- C:\WINDOWS\system32\SET33D.tmp
2009-12-26 00:30:22 ----A---- C:\WINDOWS\system32\SET33B.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET351.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET350.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET34E.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET349.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET348.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET346.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET345.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET344.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET10C7.tmp
2009-12-26 00:30:20 ----A---- C:\WINDOWS\system32\SET363.tmp
2009-12-26 00:30:20 ----A---- C:\WINDOWS\system32\SET358.tmp
2009-12-26 00:30:19 ----A---- C:\WINDOWS\system32\SET368.tmp
2009-12-26 00:30:19 ----A---- C:\WINDOWS\system32\SET367.tmp
2009-12-26 00:30:19 ----A---- C:\WINDOWS\system32\SET366.tmp
2009-12-26 00:30:18 ----A---- C:\WINDOWS\system32\SET3A2.tmp
2009-12-26 00:30:18 ----A---- C:\WINDOWS\system32\SET3A0.tmp
2009-12-26 00:30:18 ----A---- C:\WINDOWS\system32\SET398.tmp
2009-12-26 00:30:18 ----A---- C:\WINDOWS\system32\SET36C.tmp
2009-12-26 00:30:14 ----A---- C:\WINDOWS\system32\SET3AA.tmp
2009-12-26 00:30:13 ----A---- C:\WINDOWS\system32\SET3AC.tmp
2009-12-26 00:30:12 ----A---- C:\WINDOWS\system32\SET3C9.tmp
2009-12-26 00:30:12 ----A---- C:\WINDOWS\system32\SET3C6.tmp
2009-12-26 00:30:11 ----A---- C:\WINDOWS\system32\SET3DB.tmp
2009-12-26 00:30:11 ----A---- C:\WINDOWS\system32\SET3D6.tmp
2009-12-26 00:30:11 ----A---- C:\WINDOWS\system32\SET3CF.tmp
2009-12-26 00:30:11 ----A---- C:\WINDOWS\system32\SET3CD.tmp
2009-12-26 00:30:11 ----A---- C:\WINDOWS\system32\SET3CB.tmp
2009-12-26 00:30:10 ----A---- C:\WINDOWS\system32\SET3F4.tmp
2009-12-26 00:30:09 ----A---- C:\WINDOWS\system32\SET3FD.tmp
2009-12-26 00:30:09 ----A---- C:\WINDOWS\system32\SET3FC.tmp
2009-12-26 00:30:09 ----A---- C:\WINDOWS\system32\SET3FA.tmp
2009-12-26 00:30:09 ----A---- C:\WINDOWS\system32\SET10E0.tmp
2009-12-26 00:30:08 ----A---- C:\WINDOWS\system32\SET403.tmp
2009-12-26 00:30:07 ----A---- C:\WINDOWS\system32\SET407.tmp
2009-12-26 00:30:07 ----A---- C:\WINDOWS\system32\SET10E6.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\system32\SET41A.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\system32\SET419.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\system32\SET418.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\system32\SET416.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\SET502.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\003138_.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\003131_.tmp
2009-12-26 00:30:04 ----A---- C:\WINDOWS\system32\SET43E.tmp
2009-12-26 00:30:04 ----A---- C:\WINDOWS\system32\SET433.tmp
2009-12-26 00:30:04 ----A---- C:\WINDOWS\system32\SET42D.tmp
2009-12-26 00:30:04 ----A---- C:\WINDOWS\system32\SET428.tmp
2009-12-26 00:30:04 ----A---- C:\WINDOWS\system32\SET424.tmp
2009-12-26 00:30:03 ----A---- C:\WINDOWS\system32\SET475.tmp
2009-12-26 00:30:03 ----A---- C:\WINDOWS\system32\SET472.tmp
2009-12-26 00:30:03 ----A---- C:\WINDOWS\system32\SET447.tmp
2009-12-26 00:30:03 ----A---- C:\WINDOWS\system32\SET446.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET48A.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET488.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET487.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET485.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET482.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET481.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET480.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET47E.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET47D.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET47C.tmp
2009-12-26 00:30:01 ----A---- C:\WINDOWS\system32\SET495.tmp
2009-12-26 00:30:01 ----A---- C:\WINDOWS\system32\SET490.tmp
2009-12-26 00:30:01 ----A---- C:\WINDOWS\system32\SET48E.tmp
2009-12-26 00:30:00 ----A---- C:\WINDOWS\system32\SET4A4.tmp
2009-12-26 00:30:00 ----A---- C:\WINDOWS\system32\SET49E.tmp
2009-12-26 00:30:00 ----A---- C:\WINDOWS\system32\SET496.tmp
2009-12-26 00:29:59 ----A---- C:\WINDOWS\system32\SET4B7.tmp
2009-12-26 00:29:59 ----A---- C:\WINDOWS\system32\SET4B3.tmp
2009-12-26 00:29:59 ----A---- C:\WINDOWS\system32\SET4B1.tmp
2009-12-26 00:29:59 ----A---- C:\WINDOWS\system32\SET4AE.tmp
2009-12-26 00:29:59 ----A---- C:\WINDOWS\system32\SET4AA.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4CA.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4C7.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4C6.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4C2.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4C1.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4BD.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4BC.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4BA.tmp
2009-12-26 00:29:54 ----A---- C:\WINDOWS\system32\SET4D4.tmp
2009-12-26 00:29:54 ----A---- C:\WINDOWS\system32\SET4D1.tmp
2009-12-26 00:29:53 ----A---- C:\WINDOWS\system32\SET4E2.tmp
2009-12-26 00:29:53 ----A---- C:\WINDOWS\system32\SET4DE.tmp
2009-12-26 00:29:53 ----A---- C:\WINDOWS\system32\SET4DC.tmp
2009-12-26 00:29:53 ----A---- C:\WINDOWS\system32\SET4D9.tmp
2009-12-26 00:29:53 ----A---- C:\WINDOWS\system32\SET4D6.tmp
2009-12-25 21:04:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-25 21:04:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 19:57:57 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-25 19:30:16 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-25 19:30:16 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-25 19:29:58 ----RA---- C:\WINDOWS\SET8F.tmp
2009-12-25 19:29:56 ----RA---- C:\WINDOWS\SET83.tmp
2009-12-25 19:29:54 ----RA---- C:\WINDOWS\SET80.tmp
2009-12-25 01:11:02 ----A---- C:\WINDOWS\system32\krl32mainweq.dll
2009-12-25 01:09:09 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2009-12-22 07:05:20 ----D---- C:\Program Files\QuickTime
2009-12-22 07:05:19 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-12-17 20:59:39 ----A---- C:\WINDOWS\EditHexaUninstall.exe
2009-12-05 00:21:39 ----A---- C:\WINDOWS\ipuninst.exe

======List of files/folders modified in the last 1 months======

2010-01-02 16:28:53 ----D---- C:\WINDOWS\system32
2010-01-02 16:28:44 ----D---- C:\WINDOWS\Temp
2010-01-02 16:24:29 ----D---- C:\Program Files\Mozilla Firefox
2010-01-02 14:14:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-02 04:43:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-02 02:07:26 ----D---- C:\WINDOWS
2010-01-01 22:54:06 ----RD---- C:\Program Files
2010-01-01 22:09:54 ----D---- C:\WINDOWS
etwork diagnostic
2010-01-01 15:11:24 ----SHD---- C:\WINDOWS\Installer
2010-01-01 15:05:10 ----HD---- C:\WINDOWS\inf
2010-01-01 15:05:05 ----D---- C:\WINDOWS\Registration
2010-01-01 15:04:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-01 15:03:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-01 11:19:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-01 11:16:08 ----D---- C:\WINDOWS\AppPatch
2010-01-01 11:14:45 ----D---- C:\WINDOWS\security
2010-01-01 11:14:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-01 11:14:16 ----D---- C:\WINDOWS\system32\fr-FR
2010-01-01 11:14:14 ----D---- C:\WINDOWS\system32\wbem
2010-01-01 11:13:38 ----A---- C:\WINDOWS\win.ini
2010-01-01 11:13:29 ----D---- C:\Program Files\Windows Media Player
2010-01-01 11:13:28 ----D---- C:\WINDOWS\Help
2010-01-01 11:12:43 ----D---- C:\WINDOWS\system32\drivers
2010-01-01 11:11:48 ----RSD---- C:\WINDOWS\assembly
2010-01-01 11:10:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-31 07:26:57 ----D---- C:\WINDOWS\Debug
2009-12-31 06:20:36 ----D---- C:\Program Files\Internet Explorer
2009-12-31 06:14:01 ----D---- C:\WINDOWS\ie8updates
2009-12-31 05:08:19 ----D---- C:\Program Files\Messenger
2009-12-31 05:06:14 ----D---- C:\Program Files\Outlook Express
2009-12-31 04:58:08 ----D---- C:\WINDOWS\system32\Setup
2009-12-31 04:58:07 ----RSD---- C:\WINDOWS\Fonts
2009-12-31 04:53:43 ----D---- C:\WINDOWS\WinSxS
2009-12-31 04:53:23 ----D---- C:\WINDOWS\ime
2009-12-31 04:53:19 ----D---- C:\WINDOWS\PeerNet
2009-12-31 04:53:19 ----D---- C:\Program Files\Movie Maker
2009-12-31 04:52:16 ----D---- C:\WINDOWS\system32\Restore
2009-12-31 04:52:16 ----D---- C:\WINDOWS\system32
pp
2009-12-31 04:52:15 ----D---- C:\WINDOWS\srchasst
2009-12-31 04:52:15 ----D---- C:\WINDOWS\msagent
2009-12-31 04:52:14 ----D---- C:\WINDOWS\system32\Com
2009-12-31 04:52:14 ----D---- C:\Program Files\NetMeeting
2009-12-31 04:52:12 ----D---- C:\Program Files\Windows NT
2009-12-31 04:52:10 ----D---- C:\Program Files\Fichiers communs\System
2009-12-31 04:52:00 ----D---- C:\WINDOWS\system32\usmt
2009-12-31 04:52:00 ----D---- C:\WINDOWS\system32\oobe
2009-12-31 04:51:59 ----D---- C:\WINDOWS\system
2009-12-31 04:45:05 ----D---- C:\WINDOWS\EHome
2009-12-31 04:20:41 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-31 04:15:32 ----SD---- C:\WINDOWS\Tasks
2009-12-31 04:08:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-31 00:59:26 ----D---- C:\Documents and Settings\Feu Central\Application Data\uTorrent
2009-12-30 09:34:56 ----D---- C:\WINDOWS\Media
2009-12-26 14:47:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-26 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-25 22:04:35 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-25 20:43:11 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-25 20:22:43 ----D---- C:\WINDOWS\system32\1036
2009-12-25 20:22:11 ----D---- C:\WINDOWS	wain_32
2009-12-25 20:21:11 ----D---- C:\WINDOWS\system32\icsxml
2009-12-25 20:20:34 ----D---- C:\WINDOWS\system32\1033
2009-12-25 20:19:24 ----D---- C:\WINDOWS\Driver Cache
2009-12-25 20:05:49 ----SHD---- C:\System Volume Information
2009-12-25 20:03:48 ----D---- C:\WINDOWS\system32\config
2009-12-25 19:58:49 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-25 19:58:28 ----D---- C:\WINDOWS\system32\ias
2009-12-25 19:58:00 ----RD---- C:\WINDOWS\Web
2009-12-25 19:57:51 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-25 19:54:41 ----SH---- C:\boot.ini
2009-12-25 19:30:22 ----A---- C:\WINDOWS\system.ini
2009-12-25 19:30:05 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-25 15:12:43 ----D---- C:\Documents and Settings
2009-12-24 03:37:03 ----A---- C:\WINDOWS\SGTBox.INI
2009-12-24 03:20:54 ----D---- C:\Documents and Settings\Feu Central\Application Data\Canon
2009-12-23 12:40:28 ----A---- C:\WINDOWS\ChssBase.ini
2009-12-05 00:05:49 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS	cpip6.sys [2008-06-20 225856]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-13 786944]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-12-10 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS	unmp.sys [2008-04-13 12288]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys []
S3 af60xrzx;af60xrzx; C:\WINDOWS\system32\drivers\af60xrzx.sys []
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32
tsim.sys []
S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner	rufos.sys []
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2009-05-23 203776]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-13 389120]
R2 Iprip;Écouteur RIP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2009-10-07 413696]
R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\system32	cpsvcs.exe [2004-08-05 19456]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-11-16 1638240]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-12 516096]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 p2pgasvc;Authentification de groupe réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Staro · Answer

Voilà, j'espère que çà pourra être utile...

moment de grace · Answer

oui ca l'est...utile

presence donc d'un rookit TDSS

Attention, avant de commencer, lit attentivement la procédure, et imprime la 

Télécharge ComboFix de sUBs en le renommant MDG.exe avant de l’enregistrer sur ton Bureau : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\ 

---> Double-clique sur ComboFix.exe 
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter 

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION 
(si il te le propose remets provisoirement internet)

---> Mets-le en langue française F 
Tape sur la touche 1 (Yes) pour démarrer le scan. 

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC 

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

Note : Le rapport se trouve également là : C:\ComboFix.txt

Staro · Answer

Ok, un grand merci à toi moment de grace, l'opération combofix s'est terminée, le plan s'est déroulé sans accrocs (j'adore =) 

J'éspère juste que je ne vends pas la peau de l'ours avant de l'avoir tué là...

Bon, le log indique la présence d'un antivirus résident, pourtant j'avais tout désactivé de façon permanente dans bitdefender (pour éviter que l'analyse en temps réel ne se recharge au redémarrage)
Mais je n'ai pas réussi à fermer complètement le programme dans la barre des taches, je suis pas habitué à bitdefender, sur kaspersky, il suffit de faire un clic droit + désactivé + fermer pour voir disparaitre l'icône de la barre des taches. J'éspère que çà n'a pas interféré avec combofix...

Voilà, maintenant, le log (dans un message séparé) :

Staro · Answer

ComboFix 10-01-01.05 - Feu Central 02/01/2010  21:37:36.1.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1023.718 [GMT 1:00]
Lancé depuis: c:\documents and settings\Feu Central\Bureau\MDG.exe
AV: Antivirus BitDefender  *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
 * Un antivirus résident est actif

.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_004591_.tmp.dll
c:\windows\system32\_004592_.tmp.dll
c:\windows\system32\_004593_.tmp.dll
c:\windows\system32\_004594_.tmp.dll
c:\windows\system32\_004601_.tmp.dll
c:\windows\system32\_004602_.tmp.dll
c:\windows\system32\_004603_.tmp.dll
c:\windows\system32\_004604_.tmp.dll
c:\windows\system32\_004606_.tmp.dll
c:\windows\system32\_004607_.tmp.dll
c:\windows\system32\_004610_.tmp.dll
c:\windows\system32\_004611_.tmp.dll
c:\windows\system32\_004613_.tmp.dll
c:\windows\system32\_004614_.tmp.dll
c:\windows\system32\_004615_.tmp.dll
c:\windows\system32\_004617_.tmp.dll
c:\windows\system32\_004619_.tmp.dll
c:\windows\system32\_004620_.tmp.dll
c:\windows\system32\_004621_.tmp.dll
c:\windows\system32\_004625_.tmp.dll
c:\windows\system32\_004626_.tmp.dll
c:\windows\system32\_004628_.tmp.dll
c:\windows\system32\_004631_.tmp.dll
c:\windows\system32\_004633_.tmp.dll
c:\windows\system32\_004634_.tmp.dll
c:\windows\system32\_004635_.tmp.dll
c:\windows\system32\_004636_.tmp.dll
c:\windows\system32\_004637_.tmp.dll
c:\windows\system32\_004640_.tmp.dll
c:\windows\system32\_004641_.tmp.dll
c:\windows\system32\_004642_.tmp.dll
c:\windows\system32\_004643_.tmp.dll
c:\windows\system32\_004644_.tmp.dll
c:\windows\system32\_004649_.tmp.dll
c:\windows\system32\_004651_.tmp.dll
c:\windows\system32\drivers\H8SRTkllxownswi.sys
c:\windows\system32\H8SRTbkovkbuyxu.dat
c:\windows\system32\H8SRTirqqqweupw.dll
c:\windows\system32\H8SRTsrtexmobwu.dll
c:\windows\system32\srcr.dat

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Legacy_IPRIP
-------\Service_Iprip


(((((((((((((((((((((((((((((   Fichiers créés du 2009-12-02 au 2010-01-02  ))))))))))))))))))))))))))))))))))))
.

2010-01-02 15:30 . 2010-01-02 15:30	--------	d-----w-	C:sit
2010-01-01 21:54 . 2009-08-16 15:08	178176	----a-w-	c:\windows\system32\unrar.dll
2010-01-01 21:54 . 2009-05-29 21:37	205824	----a-w-	c:\windows\system32\xvidvfw.dll
2010-01-01 21:54 . 2009-05-29 21:31	881664	----a-w-	c:\windows\system32\xvidcore.dll
2010-01-01 21:54 . 2004-01-25 16:18	217088	----a-w-	c:\windows\system32\yv12vfw.dll
2010-01-01 21:54 . 2009-12-11 18:00	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2010-01-01 21:54 . 2010-01-01 21:54	--------	d-----w-	c:\program files\K-Lite Codec Pack
2010-01-01 14:05 . 2010-01-01 14:05	134	----a-w-	c:\documents and settings\Feu Central\Local Settings\Application Data\fusioncache.dat
2010-01-01 14:04 . 2010-01-01 14:08	--------	d-----w-	c:\documents and settings\Feu Central\Local Settings\Application Data\ApplicationHistory
2010-01-01 13:56 . 2010-01-01 13:56	--------	d-----w-	c:\documents and settings\Feu Central\Application Data\Windows Search
2010-01-01 10:19 . 2010-01-01 10:19	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-01 10:14 . 2010-01-01 10:14	--------	d-----w-	c:\documents and settings\Feu Central\Application Data\Windows Desktop Search
2010-01-01 10:14 . 2010-01-01 14:06	--------	d-----w-	c:\program files\Windows Desktop Search
2010-01-01 10:14 . 2010-01-01 10:14	--------	d-----w-	c:\windows\system32\GroupPolicy
2010-01-01 10:13 . 2008-03-07 17:02	98304	-c----w-	c:\windows\system32\dllcache
lhtml.dll
2010-01-01 10:13 . 2008-03-07 17:02	29696	-c----w-	c:\windows\system32\dllcache\mimefilt.dll
2010-01-01 10:13 . 2008-03-07 17:02	192000	-c----w-	c:\windows\system32\dllcache\offfilt.dll
2010-01-01 10:13 . 2010-01-01 10:13	--------	d-----w-	c:\program files\Windows Media Connect 2
2010-01-01 10:12 . 2010-01-01 10:12	--------	d-----w-	c:\windows\system32\drivers\UMDF
2010-01-01 10:12 . 2010-01-01 10:12	--------	d-----w-	c:\windows\system32\LogFiles
2010-01-01 10:10 . 2010-01-01 10:10	--------	d-----w-	c:\windows\system32\URTTEMP
2010-01-01 10:03 . 2009-11-21 15:58	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2009-12-31 05:17 . 2009-12-31 05:18	--------	dc-h--w-	c:\windows\ie8
2009-12-31 05:08 . 2009-12-31 05:19	--------	d--h--w-	c:\windows\msdownld.tmp
2009-12-31 03:04 . 2009-09-11 14:18	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-12-31 01:37 . 2009-10-29 07:42	594432	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2009-12-31 01:37 . 2009-10-29 07:42	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2009-12-31 01:37 . 2009-10-29 07:42	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-31 01:37 . 2009-10-29 07:42	1985536	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2009-12-31 01:37 . 2009-10-29 07:42	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2009-12-31 01:37 . 2009-10-29 07:42	11069952	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2009-12-31 01:36 . 2009-10-02 04:44	92160	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2009-12-31 01:27 . 2009-12-31 01:27	--------	d-----w-	c:\program files\BlackIsle
2009-12-30 23:58 . 2009-12-30 23:58	--------	d-----w-	c:\program files\DAEMON Tools Lite
2009-12-26 02:07 . 2009-12-26 02:07	--------	d-----w-	c:\program files\MSXML 6.0
2009-12-25 23:30 . 2004-08-05 12:00	403	-c----w-	c:\windows\system32\dllcache
pdrmv2.zip
2009-12-25 23:30 . 2004-08-05 12:00	22060	-c----w-	c:\windows\system32\dllcache
pds.zip
2009-12-25 23:30 . 2009-07-31 09:03	1372672	-c----w-	c:\windows\system32\dllcache\msxml6.dll
2009-12-25 23:30 . 2008-04-14 02:04	93184	-c----w-	c:\windows\system32\dllcache\msxml6r.dll
2009-12-25 23:30 . 2008-04-14 02:34	294912	-c----w-	c:\windows\system32\dllcache\dlimport.exe
2009-12-25 22:16 . 2009-08-25 09:18	354816	-c----w-	c:\windows\system32\dllcache\winhttp.dll
2009-12-25 22:12 . 2008-04-21 21:15	219136	-c----w-	c:\windows\system32\dllcache\wordpad.exe
2009-12-25 21:58 . 2008-06-14 17:33	272768	-c----w-	c:\windows\system32\dllcache\bthport.sys
2009-12-25 21:55 . 2009-03-06 14:20	286720	-c----w-	c:\windows\system32\dllcache\pdh.dll
2009-12-25 21:55 . 2009-02-06 10:10	227840	-c----w-	c:\windows\system32\dllcache\wmiprvse.exe
2009-12-25 21:55 . 2009-06-25 08:26	736768	-c----w-	c:\windows\system32\dllcache\lsasrv.dll
2009-12-25 21:55 . 2009-02-09 11:23	111104	-c----w-	c:\windows\system32\dllcache\services.exe
2009-12-25 21:55 . 2009-02-09 10:53	685568	-c----w-	c:\windows\system32\dllcache\advapi32.dll
2009-12-25 21:55 . 2009-02-09 10:53	473600	-c----w-	c:\windows\system32\dllcache\fastprox.dll
2009-12-25 21:55 . 2009-02-09 10:53	453120	-c----w-	c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-25 21:55 . 2009-02-09 10:53	401408	-c----w-	c:\windows\system32\dllcachepcss.dll
2009-12-25 21:55 . 2009-02-09 10:53	739840	-c----w-	c:\windows\system32\dllcache
tdll.dll
2009-12-25 21:45 . 2008-05-08 14:02	203136	-c----w-	c:\windows\system32\dllcachemcast.sys
2009-12-25 21:44 . 2008-12-11 10:57	333952	-c----w-	c:\windows\system32\dllcache\srv.sys
2009-12-25 21:43 . 2009-07-10 13:27	1315328	-c----w-	c:\windows\system32\dllcache\msoe.dll
2009-12-25 21:42 . 2008-10-15 16:35	337408	-c----w-	c:\windows\system32\dllcache
etapi32.dll
2009-12-25 21:17 . 2008-10-24 11:21	455296	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2009-12-25 21:16 . 2008-04-11 19:05	691712	-c----w-	c:\windows\system32\dllcache\inetcomm.dll
2009-12-25 21:15 . 2009-08-04 17:27	2147328	-c----w-	c:\windows\system32\dllcache
tkrnlmp.exe
2009-12-25 21:15 . 2009-08-04 17:27	2025984	-c----w-	c:\windows\system32\dllcache
tkrpamp.exe
2009-12-25 21:15 . 2009-08-04 17:28	2068096	-c----w-	c:\windows\system32\dllcache
tkrnlpa.exe
2009-12-25 20:04 . 2009-12-25 20:04	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-12-25 20:04 . 2009-12-25 20:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 19:02 . 2004-08-05 12:00	41600	-c--a-w-	c:\windows\system32\dllcache\weitekp9.dll
2009-12-25 19:02 . 2004-08-05 12:00	31360	-c--a-w-	c:\windows\system32\dllcache\weitekp9.sys
2009-12-25 19:00 . 2004-08-05 12:00	98304	-c--a-w-	c:\windows\system32\dllcache\msir3jp.dll
2009-12-25 18:59 . 2008-04-14 02:31	198656	-c--a-w-	c:\windows\system32\dllcache\cintime.dll
2009-12-25 18:57 . 2004-08-05 12:00	16384	-c--a-w-	c:\windows\system32\dllcache\isignup.exe
2009-12-25 18:30 . 2004-08-05 12:00	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll
2009-12-25 18:30 . 2004-08-05 12:00	24661	----a-w-	c:\windows\system32\spxcoins.dll
2009-12-25 18:30 . 2004-08-05 12:00	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll
2009-12-25 18:30 . 2004-08-05 12:00	13312	----a-w-	c:\windows\system32\irclass.dll
2009-12-25 18:29 . 2009-12-25 18:29	--------	d-s---w-	c:\windows\system32\config\systemprofile\Historique
2009-12-25 14:15 . 2009-12-25 14:15	--------	d-----w-	c:\documents and settings\Administrateur\Application Data\Bitdefender
2009-12-25 00:11 . 2010-01-02 00:56	871	----a-w-	c:\windows\system32\krl32mainweq.dll
2009-12-22 06:05 . 2009-12-22 06:05	--------	d-----w-	c:\program files\QuickTime
2009-12-22 06:05 . 2009-12-22 06:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-17 19:59 . 2008-04-12 16:32	310272	----a-w-	c:\windows\EditHexaUninstall.exe
2009-12-15 22:30 . 2009-12-15 22:30	79488	----a-w-	c:\documents and settings\Feu Central\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-04 23:21 . 2009-12-31 01:29	53248	----a-w-	c:\windows\ipuninst.exe

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 20:45 . 2009-05-23 16:42	81984	----a-w-	c:\windows\system32\bdod.bin
2010-01-01 14:04 . 2004-08-05 12:00	93838	----a-w-	c:\windows\system32\perfc00C.dat
2010-01-01 14:04 . 2004-08-05 12:00	532348	----a-w-	c:\windows\system32\perfh00C.dat
2009-12-31 03:55 . 2009-05-23 16:09	76507	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-31 00:11 . 2009-05-23 20:48	42674	----a-w-	c:\documents and settings\Feu Central\Application Data\wklnhst.dat
2009-12-30 23:59 . 2009-06-07 18:57	--------	d-----w-	c:\documents and settings\Feu Central\Application Data\uTorrent
2009-12-30 23:58 . 2009-10-14 08:57	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-12-26 08:51 . 2009-05-23 16:32	36936	----a-w-	c:\documents and settings\Feu Central\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 18:56 . 2009-05-23 16:06	23032	----a-w-	c:\windows\system32\emptyregdb.dat
2009-12-24 02:20 . 2009-08-04 21:02	--------	d-----w-	c:\documents and settings\Feu Central\Application Data\Canon
2009-12-04 23:05 . 2009-10-14 09:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-11-21 15:58 . 2004-08-05 12:00	471552	----a-w-	c:\windows\AppPatch\aclayers.dll
2009-11-18 19:47 . 2009-05-28 15:13	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2009-11-13 20:43 . 2009-11-13 20:43	--------	d-----w-	c:\program files\Real Alternative
2009-11-06 20:52 . 2009-05-23 22:44	--------	d-----w-	c:\program files\ChessBase
2009-11-06 20:51 . 2009-05-23 20:17	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-11-06 20:49 . 2009-05-23 20:17	--------	d-----w-	c:\program files\Fichiers communs\InstallShield
2009-11-06 20:45 . 2009-05-23 22:47	--------	d-----w-	c:\documents and settings\Feu Central\Application Data\ChessBase
2009-11-05 09:37 . 2009-11-05 09:37	--------	d-----w-	c:\program files\Fichiers communs\ChessBase
2009-11-01 14:07 . 2009-05-24 12:58	36864	----a-w-	c:\documents and settings\Feu Central	imeseal.exe
2009-10-29 07:42 . 2004-08-05 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-05 12:00	75776	----a-w-	c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-05 12:00	25088	----a-w-	c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2009-12-31 03:05	265728	----a-w-	c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-08-05 12:00	271360	----a-w-	c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-05 12:00	79872	----a-w-	c:\windows\system32aschap.dll
2009-10-12 13:39 . 2004-08-05 12:00	150528	----a-w-	c:\windows\system32astls.dll
2009-10-08 13:57 . 2008-07-29 17:59	614400	----a-w-	c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2004-08-05 12:00	22528	----a-w-	c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2004-08-05 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2009-11-16 17:55 . 2009-05-27 05:39	65536	----a-w-	c:\program files\mozilla firefox\components\FFComm.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-16 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 06:36	2521464	----a-w-	c:\program files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-12 19:10	339968	----a-w-	c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2009-05-23 22:37	454656	----a-w-	c:\program files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-11-15 10:20	77824	----a-w-	c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=
"c:\Program Files\eMule\emule.exe"=
"c:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11:09 111112]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 18:16 172032]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/10/2009 09:57 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx	REG_MULTI_SZ   	scan
p2psvc	REG_MULTI_SZ   	p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2009-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
FF - ProfilePath - c:\documents and settings\Feu Central\Application Data\Mozilla\Firefox\Profilesw4vvc86.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 22:00
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3188)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32	cpsvcs.exe
c:\windows\system32\SearchIndexer.exe
.
**************************************************************************
.
Heure de fin: 2010-01-02  22:04:32 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-01-02 21:04

Avant-CF: 51 313 721 344 octets libres
Après-CF: 51 338 240 000 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - A169E3CA4D42E0CEA29406849AF6C67F

moment de grace · Answer

pour ton antivirus c'est normal, le rookit te bloquait l'acces


Téléchargez MalwareByte's Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
 
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation. 
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre. 
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. 
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur  Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. 
. Rends toi dans l'onglet rapport/log 
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous 
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller 


Si tu as besoin d'aide regarde ces tutoriels : 
 Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
 http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

Staro · Answer

Bon, avant de lire ton message, j'ai fais un scan bitdefender, je joints aussi ce log...


- Le log bitdefender (juste la fin) :

Problèmes résolusNom de l'objet Nom de la menace État final 
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTirqqqweupw.dll.vir Trojan.Generic.2911258 Supprimé 
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP15\A0004004.dll Trojan.Generic.2911258 Supprimé 
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTkllxownswi.sys.vir Worm.Generic.218737 Supprimé 
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP15\A0004002.sys Worm.Generic.218737 Supprimé 



- Le log MBAM :

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3483
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/01/2010 02:00:00
mbam-log-2010-01-03 (02-00-00).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 162051
Temps écoulé: 48 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTsrtexmobwu.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP15\A0004003.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.


Voilà, tout ce qui ne fonctionnait plus, fonctionne à nouveau... 

Puis-je me considérer débarrassé de ce satané rootkit ? 

J'ai aussi fait une analyse SpybotS&D, il y avait 3 entrées très mineures que j'ai supprimées...
En parlant de spybot, cet outil est il dépassé ? Si je ne garde que MBAM, çà le fait aussi ?

Je te remercie encore de tes réponses moment de grace =)

moment de grace · Answer

encore un doute sur deux fichiers


Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Clique sur parcourir et cherches ces fichiers : 

C:\WINDOWS\SGTBox.INI

C:\WINDOWS\ChssBase.ini


Clique sur Send File. 

Un rapport va s'élaborer ligne à ligne. 

Attends la fin. Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copie le dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers : 

Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK

Staro · Answer

Ok, les fichiers sont clean...

Je crois bien que tu as résolu mon problème moment de grace, je te remercie vraiment de l'attention que tu as porté à mon cas. J'aimerais vraiment te remercier... Si tu me file ton adresse en MP, je t'enverrais une bonne bouteille... Ou autre chose si tu n'apprécies pas le vin... =) 
Çà me ferrait vraiment plaisir...

PS: Haha! Trop fort le site, les fichiers sont analysés par quasiment tout les anti-virus existants...
Tu fais vraiment pas les choses à moitié...

PS: Les logs pour la forme : 

Fichier ChssBase.ini reçu le 2010.01.03 19:52:06 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)

Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared 	4.5.0.46 	2010.01.03 	-
AhnLab-V3 	5.0.0.2 	2010.01.02 	-
AntiVir 	7.9.1.122 	2009.12.31 	-
Antiy-AVL 	2.0.3.7 	2009.12.31 	-
Authentium 	5.2.0.5 	2010.01.03 	-
Avast 	4.8.1351.0 	2010.01.03 	-
AVG 	8.5.0.430 	2010.01.03 	-
BitDefender 	7.2 	2010.01.03 	-
CAT-QuickHeal 	10.00 	2010.01.02 	-
ClamAV 	0.94.1 	2010.01.03 	-
Comodo 	3457 	2010.01.03 	-
DrWeb 	5.0.1.12222 	2010.01.03 	-
eSafe 	7.0.17.0 	2010.01.03 	-
eTrust-Vet 	35.1.7210 	2010.01.01 	-
F-Prot 	4.5.1.85 	2010.01.03 	-
F-Secure 	9.0.15370.0 	2010.01.03 	-
Fortinet 	4.0.14.0 	2010.01.02 	-
GData 	19 	2010.01.03 	-
Ikarus 	T3.1.1.79.0 	2009.12.31 	-
Jiangmin 	13.0.900 	2010.01.03 	-
K7AntiVirus 	7.10.936 	2010.01.02 	-
Kaspersky 	7.0.0.125 	2010.01.03 	-
McAfee 	5850 	2010.01.03 	-
McAfee+Artemis 	5850 	2010.01.03 	-
McAfee-GW-Edition 	6.8.5 	2010.01.01 	-
Microsoft 	1.5302 	2010.01.03 	-
NOD32 	4740 	2010.01.03 	-
Norman 	6.04.03 	2009.12.31 	-
nProtect 	2009.1.8.0 	2010.01.03 	-
Panda 	10.0.2.2 	2010.01.03 	-
PCTools 	7.0.3.5 	2010.01.03 	-
Prevx 	3.0 	2010.01.03 	-
Rising 	22.28.03.04 	2009.12.31 	-
Sophos 	4.49.0 	2010.01.03 	-
Sunbelt 	3.2.1858.2 	2010.01.03 	-
TheHacker 	6.5.0.3.129 	2010.01.03 	-
TrendMicro 	9.120.0.1004 	2010.01.03 	-
VBA32 	3.12.12.1 	2010.01.01 	-
ViRobot 	2009.12.31.2118 	2009.12.31 	-
VirusBuster 	5.0.21.0 	2010.01.03 	-
Information additionnelle
File size: 149 bytes
MD5   : 3592b6697b73ba13af607a4ff03704bf
SHA1  : e25f3234ded2a4b6fc949b224960061990fa6f7b
SHA256: fed54f03db755fc8f34ae68ef72d8cb68f91725f7176ffcffc0cd5b8a1e4442f
TrID  : File type identification
Generic INI configuration (100.0%)
ssdeep: 3:xPQr/jNvmN3HluHLACo+JpjX0mMYOxO+xE5FqF7LLN9Rovn:xPQd63HYHLJtnOiqFnNzy
PEiD  : -
RDS   : NSRL Reference Data Set

Fichier SGTBox.INI reçu le 2010.01.03 19:53:25 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)

Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared 	4.5.0.46 	2010.01.03 	-
AhnLab-V3 	5.0.0.2 	2010.01.02 	-
AntiVir 	7.9.1.122 	2009.12.31 	-
Antiy-AVL 	2.0.3.7 	2009.12.31 	-
Authentium 	5.2.0.5 	2010.01.03 	-
Avast 	4.8.1351.0 	2010.01.03 	-
AVG 	8.5.0.430 	2010.01.03 	-
BitDefender 	7.2 	2010.01.03 	-
CAT-QuickHeal 	10.00 	2010.01.02 	-
ClamAV 	0.94.1 	2010.01.03 	-
Comodo 	3457 	2010.01.03 	-
DrWeb 	5.0.1.12222 	2010.01.03 	-
eSafe 	7.0.17.0 	2010.01.03 	-
eTrust-Vet 	35.1.7210 	2010.01.01 	-
F-Prot 	4.5.1.85 	2010.01.03 	-
F-Secure 	9.0.15370.0 	2010.01.03 	-
Fortinet 	4.0.14.0 	2010.01.02 	-
GData 	19 	2010.01.03 	-
Ikarus 	T3.1.1.79.0 	2009.12.31 	-
Jiangmin 	13.0.900 	2010.01.03 	-
K7AntiVirus 	7.10.936 	2010.01.02 	-
Kaspersky 	7.0.0.125 	2010.01.03 	-
McAfee 	5850 	2010.01.03 	-
McAfee+Artemis 	5850 	2010.01.03 	-
McAfee-GW-Edition 	6.8.5 	2010.01.01 	-
Microsoft 	1.5302 	2010.01.03 	-
NOD32 	4740 	2010.01.03 	-
Norman 	6.04.03 	2009.12.31 	-
nProtect 	2009.1.8.0 	2010.01.03 	-
Panda 	10.0.2.2 	2010.01.03 	-
PCTools 	7.0.3.5 	2010.01.03 	-
Prevx 	3.0 	2010.01.03 	-
Rising 	22.28.03.04 	2009.12.31 	-
Sophos 	4.49.0 	2010.01.03 	-
Sunbelt 	3.2.1858.2 	2010.01.03 	-
TheHacker 	6.5.0.3.129 	2010.01.03 	-
TrendMicro 	9.120.0.1004 	2010.01.03 	-
VBA32 	3.12.12.1 	2010.01.01 	-
ViRobot 	2009.12.31.2118 	2009.12.31 	-
VirusBuster 	5.0.21.0 	2010.01.03 	-
Information additionnelle
File size: 32397 bytes
MD5   : a495226504dd88ced15bd3b32400b2a9
SHA1  : 0847991c50e344800f81840534cb6890a1b5db4f
SHA256: e9ce36def7a36e2e35bb86e8a2f3aa33e804683682a185431bdde4edc4f8be74
TrID  : File type identification
Generic INI configuration (100.0%)
ssdeep: 6:ojeGoCyZGJW1zGSk/vLQeMKESA1hREqjgkk6YUgBYUmDMtkrYU26YUmoMlYUmhYx:ojFlW1C/vkXjlUtL5mAtLDvSeqtkOU
PEiD  : -
RDS   : NSRL Reference Data Set

moment de grace · Answer

(sourire)

fais moi un nouveau RSIT juste le rapport log qu'on nettoie tout ca

Staro · Answer

Mais c'est l'hallu là, tu m'as déjà répondu... T'es une sorte d'ange gardien ou quoi ?? =P

Donc, le log RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Feu Central at 2010-01-03 21:14:36
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 48 GB (61%) free of 79 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:02, on 03/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Feu Central\Mes documents\Stan\Sécurité\RSIT.exe
C:\Documents and Settings\Feu Central\Mes documents\Stan\Sécurité\Feu Central.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 4126 bytes

======Scheduled tasks folder======

C:\WINDOWS	asks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-11-16 782336]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-15 196608]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe [2009-01-08 2521464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-12 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2009-05-23 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VIA RAID TOOL.lnk]
C:\PROGRA~1\VIA\RAID\RAID_T~1.EXE [2004-07-14 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe"="C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-03 01:07:33 ----D---- C:\Documents and Settings\Feu Central\Application Data\Malwarebytes
2010-01-03 01:07:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-03 01:06:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-02 22:59:36 ----SHD---- C:\RECYCLER
2010-01-02 22:04:34 ----A---- C:\ComboFix.txt
2010-01-02 21:21:18 ----A---- C:\Boot.bak
2010-01-02 21:21:15 ----RASHD---- C:\cmdcons
2010-01-02 21:18:10 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-02 21:18:10 ----A---- C:\WINDOWS\MBR.exe
2010-01-02 21:18:09 ----A---- C:\WINDOWS\zip.exe
2010-01-02 21:18:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-02 21:18:09 ----A---- C:\WINDOWS\SWSC.exe
2010-01-02 21:18:09 ----A---- C:\WINDOWS\SWREG.exe
2010-01-02 21:18:09 ----A---- C:\WINDOWS\sed.exe
2010-01-02 21:18:09 ----A---- C:\WINDOWS\PEV.exe
2010-01-02 21:18:09 ----A---- C:\WINDOWS\grep.exe
2010-01-02 21:17:52 ----D---- C:\WINDOWS\ERDNT
2010-01-02 21:15:21 ----D---- C:\Qoobox
2010-01-02 16:30:08 ----D---- C:sit
2010-01-02 02:07:26 ----A---- C:\WINDOWS
tbtlog.txt
2010-01-01 22:54:10 ----A---- C:\WINDOWS\system32\unrar.dll
2010-01-01 22:54:10 ----A---- C:\WINDOWS\avisplitter.ini
2010-01-01 22:54:09 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-01-01 22:54:09 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-01-01 22:54:09 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-01-01 22:54:07 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-01-01 22:54:07 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-01-01 22:54:06 ----D---- C:\Program Files\K-Lite Codec Pack
2010-01-01 15:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-01-01 15:04:10 ----D---- C:\Config.Msi
2010-01-01 15:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-01-01 15:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-01-01 15:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-01-01 15:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-01-01 14:56:38 ----D---- C:\Documents and Settings\Feu Central\Application Data\Windows Search
2010-01-01 11:14:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-01-01 11:14:40 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-01-01 11:14:40 ----D---- C:\Documents and Settings\Feu Central\Application Data\Windows Desktop Search
2010-01-01 11:14:14 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-01-01 11:14:14 ----D---- C:\Program Files\Windows Desktop Search
2010-01-01 11:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-01-01 11:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-01-01 11:13:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-01 11:13:50 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-01-01 11:13:30 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-01 11:13:22 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-01-01 11:12:37 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-01-01 11:12:19 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-01 11:12:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-01-01 11:10:43 ----D---- C:\WINDOWS\system32\URTTEMP
2010-01-01 11:10:21 ----A---- C:\WINDOWS\imsins.BAK
2010-01-01 11:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-31 22:53:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-31 22:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-31 06:17:41 ----HDC---- C:\WINDOWS\ie8
2009-12-31 06:08:59 ----HD---- C:\WINDOWS\msdownld.tmp
2009-12-31 04:58:35 ----D---- C:\WINDOWS\Prefetch
2009-12-31 04:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-12-31 04:47:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-31 04:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-31 04:05:52 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-12-31 04:04:39 ----N---- C:\WINDOWS\system32\msgsvc.dll
2009-12-31 04:04:39 ----N---- C:\WINDOWS\system32\kernel32.dll
2009-12-31 04:04:39 ----N---- C:\WINDOWS\system32\comctl32.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32
tprint.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32
tlsapi.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32
tdll.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32
slookup.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\locator.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\localspl.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\ftp.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\format.com
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\cmd.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\cacls.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\autochk.exe
2009-12-31 04:04:39 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\samlib.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32shx32.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32astapi.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32asman.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32asdlg.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32asauto.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32asapi32.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\printui.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32\oleaut32.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32
wprovau.dll
2009-12-31 04:04:38 ----A---- C:\WINDOWS\system32
tvdm.exe
2009-12-31 04:04:37 ----N---- C:\WINDOWS\system32\userinit.exe
2009-12-31 04:04:37 ----N---- C:\WINDOWS\system32\services.exe
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\untfs.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\ulib.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32	cpmonui.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\smss.exe
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\schannel.dll
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-12-31 04:04:37 ----A---- C:\WINDOWS\system32\savedump.exe
2009-12-31 04:04:33 ----N---- C:\WINDOWS\system32
toskrnl.exe
2009-12-31 04:04:33 ----N---- C:\WINDOWS\system32
tkrnlpa.exe
2009-12-31 04:04:33 ----A---- C:\WINDOWS\system32\HAL.DLL
2009-12-31 02:27:48 ----D---- C:\Program Files\BlackIsle
2009-12-31 00:58:21 ----D---- C:\Program Files\DAEMON Tools Lite
2009-12-27 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-27 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-26 10:12:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-12-26 10:12:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-12-26 10:11:41 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-12-26 03:08:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-26 03:08:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-26 03:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-26 03:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-26 03:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-26 03:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-26 03:07:42 ----D---- C:\Program Files\MSXML 6.0
2009-12-26 03:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-26 03:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-26 03:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-26 03:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-26 03:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-26 03:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-26 03:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-26 03:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-26 03:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-26 03:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-26 03:06:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-26 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-26 03:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-26 03:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-26 03:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-26 03:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-26 03:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-26 03:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-26 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-26 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-26 03:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-26 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-26 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-12-26 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-26 03:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-26 03:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-26 03:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-26 03:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-26 03:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-26 03:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-26 03:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-26 03:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-26 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-26 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-26 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-26 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-26 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-26 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2009-12-26 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-26 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-26 03:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-26 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-26 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-26 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-26 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-26 03:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-26 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-26 00:31:03 ----A---- C:\WINDOWS\system32\SET180.tmp
2009-12-26 00:31:01 ----A---- C:\WINDOWS\system32\SET185.tmp
2009-12-26 00:31:01 ----A---- C:\WINDOWS\system32\SET184.tmp
2009-12-26 00:31:01 ----A---- C:\WINDOWS\system32\SET109F.tmp
2009-12-26 00:31:00 ----A---- C:\WINDOWS\system32\SET18E.tmp
2009-12-26 00:31:00 ----A---- C:\WINDOWS\system32\SET18B.tmp
2009-12-26 00:31:00 ----A---- C:\WINDOWS\system32\SET189.tmp
2009-12-26 00:31:00 ----A---- C:\WINDOWS\system32\SET187.tmp
2009-12-26 00:30:59 ----A---- C:\WINDOWS\system32\SET196.tmp
2009-12-26 00:30:59 ----A---- C:\WINDOWS\system32\SET193.tmp
2009-12-26 00:30:59 ----A---- C:\WINDOWS\system32\SET192.tmp
2009-12-26 00:30:57 ----A---- C:\WINDOWS\system32\SET1A5.tmp
2009-12-26 00:30:56 ----A---- C:\WINDOWS\system32\SET1AC.tmp
2009-12-26 00:30:56 ----A---- C:\WINDOWS\system32\SET1AB.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1C0.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1BA.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B9.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B8.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B7.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B4.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B3.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B1.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1B0.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET1AF.tmp
2009-12-26 00:30:55 ----A---- C:\WINDOWS\system32\SET10A7.tmp
2009-12-26 00:30:54 ----A---- C:\WINDOWS\system32\SET1CA.tmp
2009-12-26 00:30:54 ----A---- C:\WINDOWS\system32\SET1C9.tmp
2009-12-26 00:30:54 ----A---- C:\WINDOWS\system32\SET1C8.tmp
2009-12-26 00:30:54 ----A---- C:\WINDOWS\system32\SET1C7.tmp
2009-12-26 00:30:53 ----A---- C:\WINDOWS\system32\SET1CF.tmp
2009-12-26 00:30:53 ----A---- C:\WINDOWS\system32\SET1CD.tmp
2009-12-26 00:30:53 ----A---- C:\WINDOWS\system32\SET10A9.tmp
2009-12-26 00:30:52 ----A---- C:\WINDOWS\system32\SET1D7.tmp
2009-12-26 00:30:52 ----A---- C:\WINDOWS\system32\SET1D0.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1E4.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1E1.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1DF.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1DE.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1DD.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1DB.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1DA.tmp
2009-12-26 00:30:51 ----A---- C:\WINDOWS\system32\SET1D9.tmp
2009-12-26 00:30:50 ----A---- C:\WINDOWS\system32\SET1EA.tmp
2009-12-26 00:30:50 ----A---- C:\WINDOWS\system32\SET1E7.tmp
2009-12-26 00:30:50 ----A---- C:\WINDOWS\system32\SET1E6.tmp
2009-12-26 00:30:50 ----A---- C:\WINDOWS\system32\SET1E5.tmp
2009-12-26 00:30:49 ----A---- C:\WINDOWS\system32\SET1F0.tmp
2009-12-26 00:30:48 ----A---- C:\WINDOWS\system32\SET1F9.tmp
2009-12-26 00:30:48 ----A---- C:\WINDOWS\system32\SET1F6.tmp
2009-12-26 00:30:48 ----A---- C:\WINDOWS\system32\SET1F5.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET205.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET204.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET1FF.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET1FD.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET1FC.tmp
2009-12-26 00:30:47 ----A---- C:\WINDOWS\system32\SET10AC.tmp
2009-12-26 00:30:46 ----A---- C:\WINDOWS\system32\SET215.tmp
2009-12-26 00:30:46 ----A---- C:\WINDOWS\system32\SET214.tmp
2009-12-26 00:30:46 ----A---- C:\WINDOWS\system32\SET20A.tmp
2009-12-26 00:30:46 ----A---- C:\WINDOWS\system32\SET207.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET21F.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET21D.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET21C.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET21B.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET21A.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET218.tmp
2009-12-26 00:30:45 ----A---- C:\WINDOWS\system32\SET10AD.tmp
2009-12-26 00:30:43 ----A---- C:\WINDOWS\system32\SET238.tmp
2009-12-26 00:30:43 ----A---- C:\WINDOWS\system32\SET236.tmp
2009-12-26 00:30:43 ----A---- C:\WINDOWS\system32\SET234.tmp
2009-12-26 00:30:43 ----A---- C:\WINDOWS\system32\SET22F.tmp
2009-12-26 00:30:42 ----A---- C:\WINDOWS\system32\SET23E.tmp
2009-12-26 00:30:42 ----A---- C:\WINDOWS\system32\SET23D.tmp
2009-12-26 00:30:42 ----A---- C:\WINDOWS\system32\SET23B.tmp
2009-12-26 00:30:42 ----A---- C:\WINDOWS\system32\SET23A.tmp
2009-12-26 00:30:42 ----A---- C:\WINDOWS\system32\SET239.tmp
2009-12-26 00:30:41 ----A---- C:\WINDOWS\system32\SET248.tmp
2009-12-26 00:30:41 ----A---- C:\WINDOWS\system32\SET247.tmp
2009-12-26 00:30:41 ----A---- C:\WINDOWS\system32\SET243.tmp
2009-12-26 00:30:41 ----A---- C:\WINDOWS\system32\SET242.tmp
2009-12-26 00:30:40 ----A---- C:\WINDOWS\system32\SET250.tmp
2009-12-26 00:30:40 ----A---- C:\WINDOWS\system32\SET24F.tmp
2009-12-26 00:30:40 ----A---- C:\WINDOWS\system32\SET24E.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET26A.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET264.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET262.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET260.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET25F.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET25E.tmp
2009-12-26 00:30:39 ----A---- C:\WINDOWS\system32\SET258.tmp
2009-12-26 00:30:38 ----A---- C:\WINDOWS\system32\SET27A.tmp
2009-12-26 00:30:38 ----A---- C:\WINDOWS\system32\SET278.tmp
2009-12-26 00:30:38 ----A---- C:\WINDOWS\system32\SET276.tmp
2009-12-26 00:30:37 ----A---- C:\WINDOWS\system32\SET28B.tmp
2009-12-26 00:30:37 ----A---- C:\WINDOWS\system32\SET289.tmp
2009-12-26 00:30:37 ----A---- C:\WINDOWS\system32\SET27F.tmp
2009-12-26 00:30:37 ----A---- C:\WINDOWS\system32\SET27C.tmp
2009-12-26 00:30:37 ----A---- C:\WINDOWS\system32\SET27B.tmp
2009-12-26 00:30:36 ----A---- C:\WINDOWS\system32\SET292.tmp
2009-12-26 00:30:36 ----A---- C:\WINDOWS\system32\SET290.tmp
2009-12-26 00:30:36 ----A---- C:\WINDOWS\system32\SET28C.tmp
2009-12-26 00:30:36 ----A---- C:\WINDOWS\system32\SET10BA.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET2A0.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET29F.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET29D.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET29C.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET29B.tmp
2009-12-26 00:30:35 ----A---- C:\WINDOWS\system32\SET296.tmp
2009-12-26 00:30:34 ----A---- C:\WINDOWS\system32\SET2A9.tmp
2009-12-26 00:30:33 ----A---- C:\WINDOWS\system32\SET2B2.tmp
2009-12-26 00:30:33 ----A---- C:\WINDOWS\system32\SET2B1.tmp
2009-12-26 00:30:33 ----A---- C:\WINDOWS\system32\SET2AA.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2C5.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2C2.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2C1.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2C0.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2BE.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2BD.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2BC.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2B9.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2B8.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2B7.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2B6.tmp
2009-12-26 00:30:32 ----A---- C:\WINDOWS\system32\SET2B5.tmp
2009-12-26 00:30:31 ----A---- C:\WINDOWS\system32\SET2C8.tmp
2009-12-26 00:30:30 ----A---- C:\WINDOWS\system32\SET2CE.tmp
2009-12-26 00:30:30 ----A---- C:\WINDOWS\system32\SET2CD.tmp
2009-12-26 00:30:29 ----A---- C:\WINDOWS\system32\SET2D6.tmp
2009-12-26 00:30:29 ----A---- C:\WINDOWS\system32\SET2D5.tmp
2009-12-26 00:30:29 ----A---- C:\WINDOWS\system32\SET2D4.tmp
2009-12-26 00:30:29 ----A---- C:\WINDOWS\system32\SET2CF.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2E2.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2E1.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2DE.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2DD.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2DB.tmp
2009-12-26 00:30:28 ----A---- C:\WINDOWS\system32\SET2D8.tmp
2009-12-26 00:30:27 ----A---- C:\WINDOWS\system32\SET2F0.tmp
2009-12-26 00:30:27 ----A---- C:\WINDOWS\system32\SET2EB.tmp
2009-12-26 00:30:27 ----A---- C:\WINDOWS\system32\SET2E9.tmp
2009-12-26 00:30:27 ----A---- C:\WINDOWS\system32\SET2E8.tmp
2009-12-26 00:30:27 ----A---- C:\WINDOWS\system32\SET2E5.tmp
2009-12-26 00:30:26 ----A---- C:\WINDOWS\system32\SET304.tmp
2009-12-26 00:30:26 ----A---- C:\WINDOWS\system32\SET303.tmp
2009-12-26 00:30:26 ----A---- C:\WINDOWS\system32\SET300.tmp
2009-12-26 00:30:26 ----A---- C:\WINDOWS\system32\SET2FF.tmp
2009-12-26 00:30:26 ----A---- C:\WINDOWS\system32\SET2F7.tmp
2009-12-26 00:30:25 ----A---- C:\WINDOWS\system32\SET317.tmp
2009-12-26 00:30:25 ----A---- C:\WINDOWS\system32\SET316.tmp
2009-12-26 00:30:25 ----A---- C:\WINDOWS\system32\SET314.tmp
2009-12-26 00:30:25 ----A---- C:\WINDOWS\system32\SET311.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET336.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET332.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET32E.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET32C.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET32A.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET329.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET328.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET327.tmp
2009-12-26 00:30:23 ----A---- C:\WINDOWS\system32\SET323.tmp
2009-12-26 00:30:22 ----A---- C:\WINDOWS\system32\SET342.tmp
2009-12-26 00:30:22 ----A---- C:\WINDOWS\system32\SET33D.tmp
2009-12-26 00:30:22 ----A---- C:\WINDOWS\system32\SET33B.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET351.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET350.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET34E.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET349.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET348.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET346.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET345.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET344.tmp
2009-12-26 00:30:21 ----A---- C:\WINDOWS\system32\SET10C7.tmp
2009-12-26 00:30:20 ----A---- C:\WINDOWS\system32\SET363.tmp
2009-12-26 00:30:20 ----A---- C:\WINDOWS\system32\SET358.tmp
2009-12-26 00:30:19 ----A---- C:\WINDOWS\system32\SET368.tmp
2009-12-26 00:30:19 ----A---- C:\WINDOWS\system32\SET367.tmp
2009-12-26 00:30:19 ----A---- C:\WINDOWS\system32\SET366.tmp
2009-12-26 00:30:18 ----A---- C:\WINDOWS\system32\SET3A2.tmp
2009-12-26 00:30:18 ----A---- C:\WINDOWS\system32\SET3A0.tmp
2009-12-26 00:30:18 ----A---- C:\WINDOWS\system32\SET398.tmp
2009-12-26 00:30:18 ----A---- C:\WINDOWS\system32\SET36C.tmp
2009-12-26 00:30:14 ----A---- C:\WINDOWS\system32\SET3AA.tmp
2009-12-26 00:30:13 ----A---- C:\WINDOWS\system32\SET3AC.tmp
2009-12-26 00:30:12 ----A---- C:\WINDOWS\system32\SET3C9.tmp
2009-12-26 00:30:12 ----A---- C:\WINDOWS\system32\SET3C6.tmp
2009-12-26 00:30:11 ----A---- C:\WINDOWS\system32\SET3DB.tmp
2009-12-26 00:30:11 ----A---- C:\WINDOWS\system32\SET3D6.tmp
2009-12-26 00:30:11 ----A---- C:\WINDOWS\system32\SET3CF.tmp
2009-12-26 00:30:11 ----A---- C:\WINDOWS\system32\SET3CD.tmp
2009-12-26 00:30:11 ----A---- C:\WINDOWS\system32\SET3CB.tmp
2009-12-26 00:30:10 ----A---- C:\WINDOWS\system32\SET3F4.tmp
2009-12-26 00:30:09 ----A---- C:\WINDOWS\system32\SET3FD.tmp
2009-12-26 00:30:09 ----A---- C:\WINDOWS\system32\SET3FC.tmp
2009-12-26 00:30:09 ----A---- C:\WINDOWS\system32\SET3FA.tmp
2009-12-26 00:30:09 ----A---- C:\WINDOWS\system32\SET10E0.tmp
2009-12-26 00:30:08 ----A---- C:\WINDOWS\system32\SET403.tmp
2009-12-26 00:30:07 ----A---- C:\WINDOWS\system32\SET407.tmp
2009-12-26 00:30:07 ----A---- C:\WINDOWS\system32\SET10E6.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\system32\SET41A.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\system32\SET419.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\system32\SET418.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\system32\SET416.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\SET502.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\003138_.tmp
2009-12-26 00:30:06 ----A---- C:\WINDOWS\003131_.tmp
2009-12-26 00:30:04 ----A---- C:\WINDOWS\system32\SET43E.tmp
2009-12-26 00:30:04 ----A---- C:\WINDOWS\system32\SET433.tmp
2009-12-26 00:30:04 ----A---- C:\WINDOWS\system32\SET42D.tmp
2009-12-26 00:30:04 ----A---- C:\WINDOWS\system32\SET428.tmp
2009-12-26 00:30:04 ----A---- C:\WINDOWS\system32\SET424.tmp
2009-12-26 00:30:03 ----A---- C:\WINDOWS\system32\SET475.tmp
2009-12-26 00:30:03 ----A---- C:\WINDOWS\system32\SET472.tmp
2009-12-26 00:30:03 ----A---- C:\WINDOWS\system32\SET447.tmp
2009-12-26 00:30:03 ----A---- C:\WINDOWS\system32\SET446.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET48A.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET488.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET487.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET485.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET482.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET481.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET480.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET47E.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET47D.tmp
2009-12-26 00:30:02 ----A---- C:\WINDOWS\system32\SET47C.tmp
2009-12-26 00:30:01 ----A---- C:\WINDOWS\system32\SET495.tmp
2009-12-26 00:30:01 ----A---- C:\WINDOWS\system32\SET490.tmp
2009-12-26 00:30:01 ----A---- C:\WINDOWS\system32\SET48E.tmp
2009-12-26 00:30:00 ----A---- C:\WINDOWS\system32\SET4A4.tmp
2009-12-26 00:30:00 ----A---- C:\WINDOWS\system32\SET49E.tmp
2009-12-26 00:30:00 ----A---- C:\WINDOWS\system32\SET496.tmp
2009-12-26 00:29:59 ----A---- C:\WINDOWS\system32\SET4B7.tmp
2009-12-26 00:29:59 ----A---- C:\WINDOWS\system32\SET4B3.tmp
2009-12-26 00:29:59 ----A---- C:\WINDOWS\system32\SET4B1.tmp
2009-12-26 00:29:59 ----A---- C:\WINDOWS\system32\SET4AE.tmp
2009-12-26 00:29:59 ----A---- C:\WINDOWS\system32\SET4AA.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4CA.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4C7.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4C6.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4C2.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4C1.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4BD.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4BC.tmp
2009-12-26 00:29:57 ----A---- C:\WINDOWS\system32\SET4BA.tmp
2009-12-26 00:29:54 ----A---- C:\WINDOWS\system32\SET4D4.tmp
2009-12-26 00:29:54 ----A---- C:\WINDOWS\system32\SET4D1.tmp
2009-12-26 00:29:53 ----A---- C:\WINDOWS\system32\SET4E2.tmp
2009-12-26 00:29:53 ----A---- C:\WINDOWS\system32\SET4DE.tmp
2009-12-26 00:29:53 ----A---- C:\WINDOWS\system32\SET4DC.tmp
2009-12-26 00:29:53 ----A---- C:\WINDOWS\system32\SET4D9.tmp
2009-12-26 00:29:53 ----A---- C:\WINDOWS\system32\SET4D6.tmp
2009-12-25 21:04:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-25 21:04:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 19:57:57 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-25 19:30:16 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-25 19:30:16 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-25 19:29:58 ----RA---- C:\WINDOWS\SET8F.tmp
2009-12-25 19:29:56 ----RA---- C:\WINDOWS\SET83.tmp
2009-12-25 19:29:54 ----RA---- C:\WINDOWS\SET80.tmp
2009-12-25 01:09:09 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2009-12-22 07:05:20 ----D---- C:\Program Files\QuickTime
2009-12-22 07:05:19 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-12-17 20:59:39 ----A---- C:\WINDOWS\EditHexaUninstall.exe
2009-12-05 00:21:39 ----A---- C:\WINDOWS\ipuninst.exe

======List of files/folders modified in the last 1 months======

2010-01-03 20:50:12 ----D---- C:\Program Files\Mozilla Firefox
2010-01-03 20:33:12 ----D---- C:\WINDOWS\system32
2010-01-03 20:33:00 ----D---- C:\WINDOWS\Temp
2010-01-03 18:04:37 ----A---- C:\WINDOWS\win.ini
2010-01-03 08:48:43 ----D---- C:\WINDOWS
2010-01-03 05:54:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-03 04:00:26 ----D---- C:\WINDOWS\pss
2010-01-03 02:02:14 ----D---- C:\WINDOWS\system32\drivers
2010-01-03 02:01:09 ----A---- C:\WINDOWS\bdagent.INI
2010-01-03 02:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-01-03 01:06:02 ----RD---- C:\Program Files
2010-01-02 23:42:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-02 22:00:47 ----A---- C:\WINDOWS\system.ini
2010-01-02 21:45:38 ----D---- C:\WINDOWS\system32\config
2010-01-02 21:42:07 ----D---- C:\WINDOWS\AppPatch
2010-01-02 21:42:05 ----D---- C:\Program Files\Fichiers communs
2010-01-02 21:37:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-02 21:21:19 ----RASH---- C:\boot.ini
2010-01-01 22:09:54 ----D---- C:\WINDOWS
etwork diagnostic
2010-01-01 15:11:24 ----SHD---- C:\WINDOWS\Installer
2010-01-01 15:05:10 ----HD---- C:\WINDOWS\inf
2010-01-01 15:05:05 ----D---- C:\WINDOWS\Registration
2010-01-01 15:04:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-01 11:19:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-01 11:14:45 ----D---- C:\WINDOWS\security
2010-01-01 11:14:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-01 11:14:16 ----D---- C:\WINDOWS\system32\fr-FR
2010-01-01 11:14:14 ----D---- C:\WINDOWS\system32\wbem
2010-01-01 11:13:29 ----D---- C:\Program Files\Windows Media Player
2010-01-01 11:13:28 ----D---- C:\WINDOWS\Help
2010-01-01 11:11:48 ----RSD---- C:\WINDOWS\assembly
2010-01-01 11:10:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-31 07:26:57 ----D---- C:\WINDOWS\Debug
2009-12-31 06:20:36 ----D---- C:\Program Files\Internet Explorer
2009-12-31 06:14:01 ----D---- C:\WINDOWS\ie8updates
2009-12-31 05:08:19 ----D---- C:\Program Files\Messenger
2009-12-31 05:06:14 ----D---- C:\Program Files\Outlook Express
2009-12-31 04:58:08 ----D---- C:\WINDOWS\system32\Setup
2009-12-31 04:58:07 ----RSD---- C:\WINDOWS\Fonts
2009-12-31 04:53:43 ----D---- C:\WINDOWS\WinSxS
2009-12-31 04:53:23 ----D---- C:\WINDOWS\ime
2009-12-31 04:53:19 ----D---- C:\WINDOWS\PeerNet
2009-12-31 04:53:19 ----D---- C:\Program Files\Movie Maker
2009-12-31 04:52:16 ----D---- C:\WINDOWS\system32\Restore
2009-12-31 04:52:16 ----D---- C:\WINDOWS\system32
pp
2009-12-31 04:52:15 ----D---- C:\WINDOWS\srchasst
2009-12-31 04:52:15 ----D---- C:\WINDOWS\msagent
2009-12-31 04:52:14 ----D---- C:\WINDOWS\system32\Com
2009-12-31 04:52:14 ----D---- C:\Program Files\NetMeeting
2009-12-31 04:52:12 ----D---- C:\Program Files\Windows NT
2009-12-31 04:52:10 ----D---- C:\Program Files\Fichiers communs\System
2009-12-31 04:52:00 ----D---- C:\WINDOWS\system32\usmt
2009-12-31 04:52:00 ----D---- C:\WINDOWS\system32\oobe
2009-12-31 04:51:59 ----D---- C:\WINDOWS\system
2009-12-31 04:45:05 ----D---- C:\WINDOWS\EHome
2009-12-31 04:20:41 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-31 04:15:32 ----SD---- C:\WINDOWS\Tasks
2009-12-31 04:08:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-31 00:59:26 ----D---- C:\Documents and Settings\Feu Central\Application Data\uTorrent
2009-12-30 09:34:56 ----D---- C:\WINDOWS\Media
2009-12-26 14:47:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-26 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-25 22:04:35 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-25 20:43:11 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-25 20:22:43 ----D---- C:\WINDOWS\system32\1036
2009-12-25 20:22:11 ----D---- C:\WINDOWS	wain_32
2009-12-25 20:21:11 ----D---- C:\WINDOWS\system32\icsxml
2009-12-25 20:20:34 ----D---- C:\WINDOWS\system32\1033
2009-12-25 20:19:24 ----D---- C:\WINDOWS\Driver Cache
2009-12-25 20:05:49 ----SHD---- C:\System Volume Information
2009-12-25 19:58:49 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-25 19:58:28 ----D---- C:\WINDOWS\system32\ias
2009-12-25 19:58:00 ----RD---- C:\WINDOWS\Web
2009-12-25 19:57:51 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-25 19:30:05 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-25 15:12:43 ----D---- C:\Documents and Settings
2009-12-24 03:37:03 ----A---- C:\WINDOWS\SGTBox.INI
2009-12-24 03:20:54 ----D---- C:\Documents and Settings\Feu Central\Application Data\Canon
2009-12-23 12:40:28 ----A---- C:\WINDOWS\ChssBase.ini
2009-12-05 00:05:49 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS	cpip6.sys [2008-06-20 225856]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-13 786944]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-12-10 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS	unmp.sys [2008-04-13 12288]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys []
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 catchme;catchme; \??\C:\MDG\catchme.sys []
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32
tsim.sys []
S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner	rufos.sys []
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2009-05-23 203776]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-31 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-13 389120]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2009-10-07 413696]
R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\system32	cpsvcs.exe [2004-08-05 19456]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-11-16 1638240]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-12 516096]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 p2pgasvc;Authentification de groupe réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Réseau homologue; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

moment de grace · Answer

ange ou demon, l'avenir de ton pc en depend...

(sourire)

pour nettoyer en profondeur

fais ceci


fais ceci pour un diagnostic complet du PC :

Télécharge ZHPDiag ( de&#61656; Nicolas coolman ). 
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 

 Double clique sur le fichier d'installation, puis installe le avec les&#61656; paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
 
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista ) 

Clique sur la loupe&#61656; en haut à gauche, puis laisse l'outil scanner. 

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau. 

Rend toi sur Cjoint :&#61656; http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau 

Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message

Staro · Answer

"Ange ou demon, l'avenir de ton pc en depend... "

Haha! J'ai peur... L'icone de ZHPdiag n'est pas très rassurante... Houlàlà...

Je me tâte...

Au fait, le prince des démons est un ange déchu... Lucifer...

Mais tu as raison, j'ai certainement manqué de sobriété... 
Je vais me chercher un autre verre de vin...

Mais j'ai une question, pourquoi il faut double-cliquer sur les icônes ??
Je savais pas qu'il fallait faire comme çà...

moment de grace · Answer

comment tu faisais ?

Staro · Answer

Je cliquais sur l'icône avec mon doigt...

Sinon, Lucifer me voilà ! :

http://www.cijoint.fr/cjlink.php?file=cj201001/cijIE3AGhM.txt

Merci pour le tuyau (cijoint.fr)

moment de grace · Answer

Relance ZHPDiag ( Clic droit " Executer en tant qu'administrateur " sous vista ) , fais un scan puis cette fois-ci cliques sur l'icone en forme d'écusson vert " ZHPFix ". 

ZHPFix se lancera, clique maintenant sur le " H " bleu ( coller les lignes helper ) puis copie/colle ces lignes 

O43 - CFD:Common File Directory ----D- C:\Program Files\DAEMON Tools Toolbar 
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfc009.dat     
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfc00C.dat     
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfh009.dat     
O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfh00C.dat  
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe     
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE     
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O44 - LFC:Last File Created 03/01/2010 - 05:57:05 ---A- C:\WINDOWS\WindowsUpdate.log     
 O44 - LFC:Last File Created 03/01/2010 - 05:56:29 ---A- C:\WINDOWS\wiadebug.log     
 O44 - LFC:Last File Created 03/01/2010 - 05:55:51 ---A- C:\WINDOWS\wiaservc.log     
 O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\comsetup.log     
 O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\iis6.log     
 O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\imsins.log     
 O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS
tdtcsetup.log     
 O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\ocgen.log     
 O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS\ocmsn.log     
 O44 - LFC:Last File Created 03/01/2010 - 02:48:45 ---A- C:\WINDOWS	soc.log     
 O44 - LFC:Last File Created 03/01/2010 - 02:48:44 ---A- C:\WINDOWS\FaxSetup.log     
 O44 - LFC:Last File Created 03/01/2010 - 02:48:32 ---A- C:\WINDOWS\setupapi.log     
 O44 - LFC:Last File Created 01/01/2010 - 15:07:18 ---A- C:\WINDOWS\spupdsvc.log     
 O44 - LFC:Last File Created 01/01/2010 - 15:05:30 ---A- C:\WINDOWS\COM+.log     
 O44 - LFC:Last File Created 01/01/2010 - 15:05:10 ---A- C:\WINDOWS\KB963093.log     
 O44 - LFC:Last File Created 01/01/2010 - 15:05:10 ---A- C:\WINDOWS\updspapi.log     
 O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfc009.dat     
 O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfc00C.dat     
 O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfh009.dat     
 O44 - LFC:Last File Created 01/01/2010 - 15:04:39 ---A- C:\WINDOWS\System32\perfh00C.dat     
 O44 - LFC:Last File Created 01/01/2010 - 15:03:47 ---A- C:\WINDOWS\KB954154.log     
 O44 - LFC:Last File Created 01/01/2010 - 15:03:44 ---A- C:\WINDOWS\KB929399.log     
 O44 - LFC:Last File Created 01/01/2010 - 15:03:32 ---A- C:\WINDOWS\KB939683.log     
 O44 - LFC:Last File Created 01/01/2010 - 15:03:20 ---A- C:\WINDOWS\KB941569.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:19:20 ---A- C:\WINDOWS\KB952069.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:19:17 ---A- C:\WINDOWS\KB954155.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:19:15 ---A- C:\WINDOWS\KB968816.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:19:12 ---A- C:\WINDOWS\KB973540.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:19:12 ---A- C:\WINDOWS\wmsetup.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:14:51 ---A- C:\WINDOWS\KB971513.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:14:47 ---A- C:\WINDOWS\basecsp.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:14:39 ---A- C:\WINDOWS\KB940157.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:14:01 ---A- C:\WINDOWS\KB915800-v4.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:13:52 ---A- C:\WINDOWS\MSCompPackV1.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:13:47 ---A- C:\WINDOWS\wmp11.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:13:47 ---A- C:\WINDOWS\wmsetup10.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:13:01 ---A- C:\WINDOWS\WMFDist11.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:12:19 ---A- C:\WINDOWS\Wudf01000Inst.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:10:22 ---A- C:\WINDOWS\KB955759.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:10:21 ---A- C:\WINDOWS\setupact.log     
 O44 - LFC:Last File Created 01/01/2010 - 11:10:21 ---A- C:\WINDOWS\setuperr.log     
 O44 - LFC:Last File Created 31/12/2009 - 04:58:51 ---A- C:\WINDOWS\System32\spupdwxp.log     
 O44 - LFC:Last File Created 31/12/2009 - 04:19:51 ---A- C:\WINDOWS\System32\spdwnwxp.log     



Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ". 

Copie/Colle le rapport à l'écran dans ton prochain message

Staro · Answer

ZHPFix v1.12.24  by Nicolas Coolman - Rapport de suppression du 03/01/2010 23:06:14
Fichier d'export Registre : C:\ZHPExportRegistry-03-01-2010-23-06-14.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html


Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
(Néant)

Valeur du Registre :
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe  => Valeur supprimée avec succès
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE  => Valeur supprimée avec succès
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE  => Valeur absente

Elément de données du Registre :
(Néant)

Dossier :
C:\Program Files\DAEMON Tools Toolbar  => Supprimé et mis en quarantaine

Fichier :
c:\windows\system32\perfc009.dat  => Supprimé et mis en quarantaine
c:\windows\system32\perfc00c.dat  => Supprimé et mis en quarantaine
c:\windows\system32\perfh009.dat  => Supprimé et mis en quarantaine
c:\windows\system32\perfh00c.dat  => Supprimé et mis en quarantaine
c:\windows\system32\ctfmon.exe  => Fichier supprimé au reboot
c:\windows\windowsupdate.log  => Fichier supprimé au reboot
c:\windows\wiadebug.log  => Fichier supprimé au reboot
c:\windows\wiaservc.log  => Fichier supprimé au reboot
c:\windows\comsetup.log  => Supprimé et mis en quarantaine
c:\windows\iis6.log  => Supprimé et mis en quarantaine
c:\windows\imsins.log  => Supprimé et mis en quarantaine
c:\windows
tdtcsetup.log  => Supprimé et mis en quarantaine
c:\windows\ocgen.log  => Supprimé et mis en quarantaine
c:\windows\ocmsn.log  => Supprimé et mis en quarantaine
c:\windows	soc.log  => Supprimé et mis en quarantaine
c:\windows\faxsetup.log  => Supprimé et mis en quarantaine
c:\windows\setupapi.log  => Supprimé et mis en quarantaine
c:\windows\spupdsvc.log  => Supprimé et mis en quarantaine
c:\windows\com+.log  => Supprimé et mis en quarantaine
c:\windows\kb963093.log  => Supprimé et mis en quarantaine
c:\windows\updspapi.log  => Supprimé et mis en quarantaine
c:\windows\system32\perfc009.dat  => Fichier absent
c:\windows\system32\perfc00c.dat  => Fichier absent
c:\windows\system32\perfh009.dat  => Fichier absent
c:\windows\system32\perfh00c.dat  => Fichier absent
c:\windows\kb954154.log  => Supprimé et mis en quarantaine
c:\windows\kb929399.log  => Supprimé et mis en quarantaine
c:\windows\kb939683.log  => Supprimé et mis en quarantaine
c:\windows\kb941569.log  => Supprimé et mis en quarantaine
c:\windows\kb952069.log  => Supprimé et mis en quarantaine
c:\windows\kb954155.log  => Supprimé et mis en quarantaine
c:\windows\kb968816.log  => Supprimé et mis en quarantaine
c:\windows\kb973540.log  => Supprimé et mis en quarantaine
c:\windows\wmsetup.log  => Supprimé et mis en quarantaine
c:\windows\kb971513.log  => Supprimé et mis en quarantaine
c:\windows\basecsp.log  => Supprimé et mis en quarantaine
c:\windows\kb940157.log  => Supprimé et mis en quarantaine
c:\windows\kb915800-v4.log  => Supprimé et mis en quarantaine
c:\windows\mscomppackv1.log  => Supprimé et mis en quarantaine
c:\windows\wmp11.log  => Supprimé et mis en quarantaine
c:\windows\wmsetup10.log  => Supprimé et mis en quarantaine
c:\windows\wmfdist11.log  => Supprimé et mis en quarantaine
c:\windows\wudf01000inst.log  => Supprimé et mis en quarantaine
c:\windows\kb955759.log  => Supprimé et mis en quarantaine
c:\windows\setupact.log  => Supprimé et mis en quarantaine
c:\windows\setuperr.log  => Supprimé et mis en quarantaine
c:\windows\system32\spupdwxp.log  => Supprimé et mis en quarantaine
c:\windows\system32\spdwnwxp.log  => Supprimé et mis en quarantaine

Logiciel :
(Néant)

Script Registre :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 0
Valeur du Registre : 3
Elément de données du Registre : 0
Dossier : 1
Fichier : 48
Logiciel : 0
Autre : 0


End of the scan

Staro · Answer

Bon, moment de grace, je vais me coucher l'ami, je suis vraiment claqué là...

Je te remercie encore de tout ce que tu fais pour moi...

Je verrais çà demain... Bonne nuit à toi...

PS: A propos du double clic sur les icônes, je te charriais un peu, c'était ironique...

moment de grace · Answer

(sourire)

1)

vérifier ta Console Java ? : 
https://www.java.com/fr/download/uninstalltool.jsp

et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version). 

voici pour desinstaller : 

JavaRa 
http://raproducts.org/click/click.php?id=1

Décompresse le fichier sur le Bureau (Clic droit > Extraire tout). 
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa. 
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher). 
* Choisis Français puis clique sur Select. 
* Clique sur Recherche de mises à jour. 
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher. 
* Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes. 
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions. 
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK. 
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse. 
* Ferme l'application. 

Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log. 

...............

2)
IMPORTANT

Purger la restauration systeme XP

http://www.bibou0007.com/windows-xp-f101/purger-la-restauration-du-systeme-sous-windows-xp-t151.htm


...................

3)
ToolsCleaner2sur ton Bureau. 
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer. 
* Clique sur Recherche et laisse le scan agir. 
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options Facultatives. 
* Clique sur Quitter pour obtenir le rapport. 
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Staro · Answer

Ok, moment de grace, j'ai fais tout ce que tu m'as demandé, mais pas de TCleaner.txt, j'ai réouvert le programme et fais quitter, et là j'ai eu un log, mais bien sûr, il était vide...
Mais la suppression s'est déroulée sans problème...

Le rapport de JavaRa :

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jan 04 21:01:26 2010

Found and removed: C:\Documents and Settings\Feu Central\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Feu Central\Application Data\Sun\Java\jre1.6.0_15

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

moment de grace · Answer

avant de partir

fais ceci

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection) 

&#9654; Télécharge et installe List&Kill'em et enregistre le sur ton bureau 
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe 

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation 

coche la case "creer une icone sur le bureau" 

une fois terminée , clic sur "terminer" et le programme se lancer seul 

choisis la langue puis choisis l'option 1 = Mode Recherche 

&#9654; laisse travailler l'outil 

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué. 

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini. 

&#9654; Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED" 

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

Staro · Answer

Alors, j'ai fais ce que tu m'as dis, mais j'avais oublié de désactiver l'antivirus et le pare-feu... 

Mais il n'a pas été détecté comme infection, c'est normal ??

Sinon, j'ai vu qu'à la fin, il cherche des Cracks | Keygens | Serials ,  je me demande bien pourquoi, en plus, il n'a trouvé que cette entrée : 

C:\Program Files\BitDefender\BitDefender 2009\BDInProcPatch.exe 
Alors que j'ai des Cracks | Keygens | Serials, dans mes dossiers, bon, les logiciels ne sont pas installés mais c'est bizarre qu'il ne les ait pas listé...

Qu'en penses-tu ??

Bon, pour le pare-feu, je viens de m'apercevoir que je n'en ai pas, je croyais à tort que bitdefender en incluais un (c'est pas mon PC, mais celui de mes parents), donc, en fait, il n'y a que celui de windows (j'étais tellement sûr que les gens du magasin informatique où mes parents ont acheté le PC en avaient inclus un que je pensais qu'on avait bitdefender, la suite, avec le firewall inclus alors que c'est juste l'antivirus...) Je vais télécharger ZoneAlarm je pense, à moins que tu me préconises un autre produit...

moment de grace · Answer

fais List&Kill'em comme indiqué au post 29 et postes le rapport

il devrait y avoir des cochonneries encore

Staro · Answer

Ok, mais je ne peux pas quitter bitdefender, dois-je désactiver la protection en temps réel et le controle vie privée ?? Dois-je aussi déactiver le pare-feu Windows ??

moment de grace · Answer

coupe internet,déactives  antivirus (protection en temps réel ) pare feu le temps du scan--


Je cherche beaucoup...et parfois je trouve ! 
(sourire)

Staro · Answer

List'em by g3n-h@ckm@n 1.1.7.1 

Thx to Chiquitine29.....& CCM team 

User : Feu Central (Administrateurs) # FEUCENTRAL
Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00 
Start at: 21:29:29 | 05/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Antivirus BitDefender  12.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (47,51 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local
F:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings\Temp\12C.tmp\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
BDAgent	REG_SZ         	"C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" 
BitDefender Antiphishing Helper	REG_SZ         	"C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" 
HPDJ Taskbar Utility	REG_SZ         	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe 
Adobe ARM	REG_SZ         	"C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Java\jre6\bin\jusched.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
DisableRegistryTools	REG_DWORD      	0 (0x0) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_DWORD      	323 (0x143) 
NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff) 
NoDrives	REG_DWORD      	0 (0x0) 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
HonorAutoRunSetting	REG_DWORD      	1 (0x1) 
NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff) 
NoDriveTypeAutoRun	REG_DWORD      	323 (0x143) 
NoDrives	REG_DWORD      	0 (0x0) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify	ermsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 
{56F9679E-7826-4C84-81F3-532071A8BCC5}	REG_SZ         	 

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\uTorrent\uTorrent.exe	REG_SZ         	C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\eMule\emule.exe	REG_SZ         	C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe	REG_SZ         	C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 
EapHost : 0x3 
SharedAccess : 0x2 
wuauserv : 0x2 

=========
 
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse                 	 
    77,62 Go total,  47,52 Go libre (61%),  7% fragment‚ (fragmentation du fichier 15%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\sysReserve.ini  
C:\WINDOWS\System32\drivers\_004569_.tmp.dll  
C:\WINDOWS\System32\SET100.tmp  
C:\WINDOWS\System32\SET101.tmp  
C:\WINDOWS\System32\SET102.tmp  
C:\WINDOWS\System32\SET103.tmp  
C:\WINDOWS\System32\SET104.tmp  
C:\WINDOWS\System32\SET105.tmp  
C:\WINDOWS\System32\SET106.tmp  
C:\WINDOWS\System32\SET107.tmp  
C:\WINDOWS\System32\SET108.tmp  
C:\WINDOWS\System32\SET109.tmp  
C:\WINDOWS\System32\SET109F.tmp  
C:\WINDOWS\System32\SET10A.tmp  
C:\WINDOWS\System32\SET10A7.tmp  
C:\WINDOWS\System32\SET10A9.tmp  
C:\WINDOWS\System32\SET10AC.tmp  
C:\WINDOWS\System32\SET10AD.tmp  
C:\WINDOWS\System32\SET10B.tmp  
C:\WINDOWS\System32\SET10BA.tmp  
C:\WINDOWS\System32\SET10C.tmp  
C:\WINDOWS\System32\SET10C7.tmp  
C:\WINDOWS\System32\SET10D.tmp  
C:\WINDOWS\System32\SET10E.tmp  
C:\WINDOWS\System32\SET10E0.tmp  
C:\WINDOWS\System32\SET10E6.tmp  
C:\WINDOWS\System32\SET110.tmp  
C:\WINDOWS\System32\SET111.tmp  
C:\WINDOWS\System32\SET112.tmp  
C:\WINDOWS\System32\SET113.tmp  
C:\WINDOWS\System32\SET114.tmp  
C:\WINDOWS\System32\SET115.tmp  
C:\WINDOWS\System32\SET116.tmp  
C:\WINDOWS\System32\SET117.tmp  
C:\WINDOWS\System32\SET118.tmp  
C:\WINDOWS\System32\SET119.tmp  
C:\WINDOWS\System32\SET11A.tmp  
C:\WINDOWS\System32\SET11B.tmp  
C:\WINDOWS\System32\SET11C.tmp  
C:\WINDOWS\System32\SET11D.tmp  
C:\WINDOWS\System32\SET11E.tmp  
C:\WINDOWS\System32\SET11F.tmp  
C:\WINDOWS\System32\SET120.tmp  
C:\WINDOWS\System32\SET121.tmp  
C:\WINDOWS\System32\SET122.tmp  
C:\WINDOWS\System32\SET123.tmp  
C:\WINDOWS\System32\SET124.tmp  
C:\WINDOWS\System32\SET125.tmp  
C:\WINDOWS\System32\SET126.tmp  
C:\WINDOWS\System32\SET127.tmp  
C:\WINDOWS\System32\SET128.tmp  
C:\WINDOWS\System32\SET129.tmp  
C:\WINDOWS\System32\SET12A.tmp  
C:\WINDOWS\System32\SET12B.tmp  
C:\WINDOWS\System32\SET12C.tmp  
C:\WINDOWS\System32\SET12D.tmp  
C:\WINDOWS\System32\SET12E.tmp  
C:\WINDOWS\System32\SET12F.tmp  
C:\WINDOWS\System32\SET130.tmp  
C:\WINDOWS\System32\SET131.tmp  
C:\WINDOWS\System32\SET132.tmp  
C:\WINDOWS\System32\SET133.tmp  
C:\WINDOWS\System32\SET134.tmp  
C:\WINDOWS\System32\SET135.tmp  
C:\WINDOWS\System32\SET136.tmp  
C:\WINDOWS\System32\SET137.tmp  
C:\WINDOWS\System32\SET138.tmp  
C:\WINDOWS\System32\SET139.tmp  
C:\WINDOWS\System32\SET13A.tmp  
C:\WINDOWS\System32\SET13B.tmp  
C:\WINDOWS\System32\SET13C.tmp  
C:\WINDOWS\System32\SET13D.tmp  
C:\WINDOWS\System32\SET13E.tmp  
C:\WINDOWS\System32\SET13F.tmp  
C:\WINDOWS\System32\SET140.tmp  
C:\WINDOWS\System32\SET141.tmp  
C:\WINDOWS\System32\SET142.tmp  
C:\WINDOWS\System32\SET143.tmp  
C:\WINDOWS\System32\SET144.tmp  
C:\WINDOWS\System32\SET145.tmp  
C:\WINDOWS\System32\SET146.tmp  
C:\WINDOWS\System32\SET147.tmp  
C:\WINDOWS\System32\SET148.tmp  
C:\WINDOWS\System32\SET149.tmp  
C:\WINDOWS\System32\SET14A.tmp  
C:\WINDOWS\System32\SET14B.tmp  
C:\WINDOWS\System32\SET14C.tmp  
C:\WINDOWS\System32\SET14D.tmp  
C:\WINDOWS\System32\SET14E.tmp  
C:\WINDOWS\System32\SET14F.tmp  
C:\WINDOWS\System32\SET150.tmp  
C:\WINDOWS\System32\SET180.tmp  
C:\WINDOWS\System32\SET184.tmp  
C:\WINDOWS\System32\SET185.tmp  
C:\WINDOWS\System32\SET187.tmp  
C:\WINDOWS\System32\SET189.tmp  
C:\WINDOWS\System32\SET18B.tmp  
C:\WINDOWS\System32\SET18E.tmp  
C:\WINDOWS\System32\SET192.tmp  
C:\WINDOWS\System32\SET193.tmp  
C:\WINDOWS\System32\SET196.tmp  
C:\WINDOWS\System32\SET1A5.tmp  
C:\WINDOWS\System32\SET1AB.tmp  
C:\WINDOWS\System32\SET1AC.tmp  
C:\WINDOWS\System32\SET1AF.tmp  
C:\WINDOWS\System32\SET1B0.tmp  
C:\WINDOWS\System32\SET1B1.tmp  
C:\WINDOWS\System32\SET1B3.tmp  
C:\WINDOWS\System32\SET1B4.tmp  
C:\WINDOWS\System32\SET1B7.tmp  
C:\WINDOWS\System32\SET1B8.tmp  
C:\WINDOWS\System32\SET1B9.tmp  
C:\WINDOWS\System32\SET1BA.tmp  
C:\WINDOWS\System32\SET1C0.tmp  
C:\WINDOWS\System32\SET1C7.tmp  
C:\WINDOWS\System32\SET1C8.tmp  
C:\WINDOWS\System32\SET1C9.tmp  
C:\WINDOWS\System32\SET1CA.tmp  
C:\WINDOWS\System32\SET1CD.tmp  
C:\WINDOWS\System32\SET1CF.tmp  
C:\WINDOWS\System32\SET1D0.tmp  
C:\WINDOWS\System32\SET1D7.tmp  
C:\WINDOWS\System32\SET1D9.tmp  
C:\WINDOWS\System32\SET1DA.tmp  
C:\WINDOWS\System32\SET1DB.tmp  
C:\WINDOWS\System32\SET1DD.tmp  
C:\WINDOWS\System32\SET1DE.tmp  
C:\WINDOWS\System32\SET1DF.tmp  
C:\WINDOWS\System32\SET1E1.tmp  
C:\WINDOWS\System32\SET1E4.tmp  
C:\WINDOWS\System32\SET1E5.tmp  
C:\WINDOWS\System32\SET1E6.tmp  
C:\WINDOWS\System32\SET1E7.tmp  
C:\WINDOWS\System32\SET1EA.tmp  
C:\WINDOWS\System32\SET1F0.tmp  
C:\WINDOWS\System32\SET1F5.tmp  
C:\WINDOWS\System32\SET1F6.tmp  
C:\WINDOWS\System32\SET1F9.tmp  
C:\WINDOWS\System32\SET1FC.tmp  
C:\WINDOWS\System32\SET1FD.tmp  
C:\WINDOWS\System32\SET1FF.tmp  
C:\WINDOWS\System32\SET204.tmp  
C:\WINDOWS\System32\SET205.tmp  
C:\WINDOWS\System32\SET207.tmp  
C:\WINDOWS\System32\SET20A.tmp  
C:\WINDOWS\System32\SET214.tmp  
C:\WINDOWS\System32\SET215.tmp  
C:\WINDOWS\System32\SET218.tmp  
C:\WINDOWS\System32\SET21A.tmp  
C:\WINDOWS\System32\SET21B.tmp  
C:\WINDOWS\System32\SET21C.tmp  
C:\WINDOWS\System32\SET21D.tmp  
C:\WINDOWS\System32\SET21F.tmp  
C:\WINDOWS\System32\SET22F.tmp  
C:\WINDOWS\System32\SET234.tmp  
C:\WINDOWS\System32\SET236.tmp  
C:\WINDOWS\System32\SET238.tmp  
C:\WINDOWS\System32\SET239.tmp  
C:\WINDOWS\System32\SET23A.tmp  
C:\WINDOWS\System32\SET23B.tmp  
C:\WINDOWS\System32\SET23D.tmp  
C:\WINDOWS\System32\SET23E.tmp  
C:\WINDOWS\System32\SET242.tmp  
C:\WINDOWS\System32\SET243.tmp  
C:\WINDOWS\System32\SET247.tmp  
C:\WINDOWS\System32\SET248.tmp  
C:\WINDOWS\System32\SET24E.tmp  
C:\WINDOWS\System32\SET24F.tmp  
C:\WINDOWS\System32\SET250.tmp  
C:\WINDOWS\System32\SET258.tmp  
C:\WINDOWS\System32\SET25E.tmp  
C:\WINDOWS\System32\SET25F.tmp  
C:\WINDOWS\System32\SET260.tmp  
C:\WINDOWS\System32\SET262.tmp  
C:\WINDOWS\System32\SET264.tmp  
C:\WINDOWS\System32\SET26A.tmp  
C:\WINDOWS\System32\SET276.tmp  
C:\WINDOWS\System32\SET278.tmp  
C:\WINDOWS\System32\SET27A.tmp  
C:\WINDOWS\System32\SET27B.tmp  
C:\WINDOWS\System32\SET27C.tmp  
C:\WINDOWS\System32\SET27F.tmp  
C:\WINDOWS\System32\SET289.tmp  
C:\WINDOWS\System32\SET28B.tmp  
C:\WINDOWS\System32\SET28C.tmp  
C:\WINDOWS\System32\SET290.tmp  
C:\WINDOWS\System32\SET292.tmp  
C:\WINDOWS\System32\SET296.tmp  
C:\WINDOWS\System32\SET29B.tmp  
C:\WINDOWS\System32\SET29C.tmp  
C:\WINDOWS\System32\SET29D.tmp  
C:\WINDOWS\System32\SET29F.tmp  
C:\WINDOWS\System32\SET2A0.tmp  
C:\WINDOWS\System32\SET2A9.tmp  
C:\WINDOWS\System32\SET2AA.tmp  
C:\WINDOWS\System32\SET2B1.tmp  
C:\WINDOWS\System32\SET2B2.tmp  
C:\WINDOWS\System32\SET2B5.tmp  
C:\WINDOWS\System32\SET2B6.tmp  
C:\WINDOWS\System32\SET2B7.tmp  
C:\WINDOWS\System32\SET2B8.tmp  
C:\WINDOWS\System32\SET2B9.tmp  
C:\WINDOWS\System32\SET2BC.tmp  
C:\WINDOWS\System32\SET2BD.tmp  
C:\WINDOWS\System32\SET2BE.tmp  
C:\WINDOWS\System32\SET2C0.tmp  
C:\WINDOWS\System32\SET2C1.tmp  
C:\WINDOWS\System32\SET2C2.tmp  
C:\WINDOWS\System32\SET2C5.tmp  
C:\WINDOWS\System32\SET2C8.tmp  
C:\WINDOWS\System32\SET2CD.tmp  
C:\WINDOWS\System32\SET2CE.tmp  
C:\WINDOWS\System32\SET2CF.tmp  
C:\WINDOWS\System32\SET2D4.tmp  
C:\WINDOWS\System32\SET2D5.tmp  
C:\WINDOWS\System32\SET2D6.tmp  
C:\WINDOWS\System32\SET2D8.tmp  
C:\WINDOWS\System32\SET2DB.tmp  
C:\WINDOWS\System32\SET2DD.tmp  
C:\WINDOWS\System32\SET2DE.tmp  
C:\WINDOWS\System32\SET2E1.tmp  
C:\WINDOWS\System32\SET2E2.tmp  
C:\WINDOWS\System32\SET2E5.tmp  
C:\WINDOWS\System32\SET2E8.tmp  
C:\WINDOWS\System32\SET2E9.tmp  
C:\WINDOWS\System32\SET2EB.tmp  
C:\WINDOWS\System32\SET2F0.tmp  
C:\WINDOWS\System32\SET2F7.tmp  
C:\WINDOWS\System32\SET2FF.tmp  
C:\WINDOWS\System32\SET300.tmp  
C:\WINDOWS\System32\SET303.tmp  
C:\WINDOWS\System32\SET304.tmp  
C:\WINDOWS\System32\SET311.tmp  
C:\WINDOWS\System32\SET314.tmp  
C:\WINDOWS\System32\SET316.tmp  
C:\WINDOWS\System32\SET317.tmp  
C:\WINDOWS\System32\SET323.tmp  
C:\WINDOWS\System32\SET327.tmp  
C:\WINDOWS\System32\SET328.tmp  
C:\WINDOWS\System32\SET329.tmp  
C:\WINDOWS\System32\SET32A.tmp  
C:\WINDOWS\System32\SET32C.tmp  
C:\WINDOWS\System32\SET32E.tmp  
C:\WINDOWS\System32\SET332.tmp  
C:\WINDOWS\System32\SET336.tmp  
C:\WINDOWS\System32\SET33B.tmp  
C:\WINDOWS\System32\SET33D.tmp  
C:\WINDOWS\System32\SET342.tmp  
C:\WINDOWS\System32\SET344.tmp  
C:\WINDOWS\System32\SET345.tmp  
C:\WINDOWS\System32\SET346.tmp  
C:\WINDOWS\System32\SET348.tmp  
C:\WINDOWS\System32\SET349.tmp  
C:\WINDOWS\System32\SET34E.tmp  
C:\WINDOWS\System32\SET350.tmp  
C:\WINDOWS\System32\SET351.tmp  
C:\WINDOWS\System32\SET358.tmp  
C:\WINDOWS\System32\SET363.tmp  
C:\WINDOWS\System32\SET366.tmp  
C:\WINDOWS\System32\SET367.tmp  
C:\WINDOWS\System32\SET368.tmp  
C:\WINDOWS\System32\SET36C.tmp  
C:\WINDOWS\System32\SET370.tmp  
C:\WINDOWS\System32\SET371.tmp  
C:\WINDOWS\System32\SET372.tmp  
C:\WINDOWS\System32\SET373.tmp  
C:\WINDOWS\System32\SET374.tmp  
C:\WINDOWS\System32\SET375.tmp  
C:\WINDOWS\System32\SET376.tmp  
C:\WINDOWS\System32\SET378.tmp  
C:\WINDOWS\System32\SET379.tmp  
C:\WINDOWS\System32\SET37A.tmp  
C:\WINDOWS\System32\SET37B.tmp  
C:\WINDOWS\System32\SET37C.tmp  
C:\WINDOWS\System32\SET37D.tmp  
C:\WINDOWS\System32\SET37E.tmp  
C:\WINDOWS\System32\SET37F.tmp  
C:\WINDOWS\System32\SET380.tmp  
C:\WINDOWS\System32\SET381.tmp  
C:\WINDOWS\System32\SET382.tmp  
C:\WINDOWS\System32\SET383.tmp  
C:\WINDOWS\System32\SET384.tmp  
C:\WINDOWS\System32\SET385.tmp  
C:\WINDOWS\System32\SET386.tmp  
C:\WINDOWS\System32\SET387.tmp  
C:\WINDOWS\System32\SET388.tmp  
C:\WINDOWS\System32\SET389.tmp  
C:\WINDOWS\System32\SET38A.tmp  
C:\WINDOWS\System32\SET38B.tmp  
C:\WINDOWS\System32\SET38C.tmp  
C:\WINDOWS\System32\SET38D.tmp  
C:\WINDOWS\System32\SET38E.tmp  
C:\WINDOWS\System32\SET38F.tmp  
C:\WINDOWS\System32\SET390.tmp  
C:\WINDOWS\System32\SET391.tmp  
C:\WINDOWS\System32\SET392.tmp  
C:\WINDOWS\System32\SET393.tmp  
C:\WINDOWS\System32\SET394.tmp  
C:\WINDOWS\System32\SET398.tmp  
C:\WINDOWS\System32\SET3A0.tmp  
C:\WINDOWS\System32\SET3A2.tmp  
C:\WINDOWS\System32\SET3AA.tmp  
C:\WINDOWS\System32\SET3AC.tmp  
C:\WINDOWS\System32\SET3C6.tmp  
C:\WINDOWS\System32\SET3C9.tmp  
C:\WINDOWS\System32\SET3CB.tmp  
C:\WINDOWS\System32\SET3CD.tmp  
C:\WINDOWS\System32\SET3CF.tmp  
C:\WINDOWS\System32\SET3D6.tmp  
C:\WINDOWS\System32\SET3DB.tmp  
C:\WINDOWS\System32\SET3F4.tmp  
C:\WINDOWS\System32\SET3FA.tmp  
C:\WINDOWS\System32\SET3FC.tmp  
C:\WINDOWS\System32\SET3FD.tmp  
C:\WINDOWS\System32\SET403.tmp  
C:\WINDOWS\System32\SET407.tmp  
C:\WINDOWS\System32\SET416.tmp  
C:\WINDOWS\System32\SET418.tmp  
C:\WINDOWS\System32\SET419.tmp  
C:\WINDOWS\System32\SET41A.tmp  
C:\WINDOWS\System32\SET424.tmp  
C:\WINDOWS\System32\SET428.tmp  
C:\WINDOWS\System32\SET42D.tmp  
C:\WINDOWS\System32\SET433.tmp  
C:\WINDOWS\System32\SET43E.tmp  
C:\WINDOWS\System32\SET446.tmp  
C:\WINDOWS\System32\SET447.tmp  
C:\WINDOWS\System32\SET472.tmp  
C:\WINDOWS\System32\SET475.tmp  
C:\WINDOWS\System32\SET47C.tmp  
C:\WINDOWS\System32\SET47D.tmp  
C:\WINDOWS\System32\SET47E.tmp  
C:\WINDOWS\System32\SET480.tmp  
C:\WINDOWS\System32\SET481.tmp  
C:\WINDOWS\System32\SET482.tmp  
C:\WINDOWS\System32\SET485.tmp  
C:\WINDOWS\System32\SET487.tmp  
C:\WINDOWS\System32\SET488.tmp  
C:\WINDOWS\System32\SET48A.tmp  
C:\WINDOWS\System32\SET48E.tmp  
C:\WINDOWS\System32\SET490.tmp  
C:\WINDOWS\System32\SET495.tmp  
C:\WINDOWS\System32\SET496.tmp  
C:\WINDOWS\System32\SET49E.tmp  
C:\WINDOWS\System32\SET4A4.tmp  
C:\WINDOWS\System32\SET4AA.tmp  
C:\WINDOWS\System32\SET4AE.tmp  
C:\WINDOWS\System32\SET4B1.tmp  
C:\WINDOWS\System32\SET4B3.tmp  
C:\WINDOWS\System32\SET4B7.tmp  
C:\WINDOWS\System32\SET4BA.tmp  
C:\WINDOWS\System32\SET4BC.tmp  
C:\WINDOWS\System32\SET4BD.tmp  
C:\WINDOWS\System32\SET4C1.tmp  
C:\WINDOWS\System32\SET4C2.tmp  
C:\WINDOWS\System32\SET4C6.tmp  
C:\WINDOWS\System32\SET4C7.tmp  
C:\WINDOWS\System32\SET4CA.tmp  
C:\WINDOWS\System32\SET4D1.tmp  
C:\WINDOWS\System32\SET4D4.tmp  
C:\WINDOWS\System32\SET4D6.tmp  
C:\WINDOWS\System32\SET4D9.tmp  
C:\WINDOWS\System32\SET4DC.tmp  
C:\WINDOWS\System32\SET4DE.tmp  
C:\WINDOWS\System32\SET4E2.tmp  
C:\WINDOWS\System32\SET86.tmp  
C:\WINDOWS\System32\SET87.tmp  
C:\WINDOWS\System32\SET88.tmp  
C:\WINDOWS\System32\SET89.tmp  
C:\WINDOWS\System32\SET8A.tmp  
C:\WINDOWS\System32\SET8B.tmp  
C:\WINDOWS\System32\SET8C.tmp  
C:\WINDOWS\System32\SET8E.tmp  
C:\WINDOWS\System32\SET8F.tmp  
C:\WINDOWS\System32\SET90.tmp  
C:\WINDOWS\System32\SET91.tmp  
C:\WINDOWS\System32\SET92.tmp  
C:\WINDOWS\System32\SET93.tmp  
C:\WINDOWS\System32\SET94.tmp  
C:\WINDOWS\System32\SET95.tmp  
C:\WINDOWS\System32\SET96.tmp  
C:\WINDOWS\System32\SET97.tmp  
C:\WINDOWS\System32\SET98.tmp  
C:\WINDOWS\System32\SET99.tmp  
C:\WINDOWS\System32\SET9A.tmp  
C:\WINDOWS\System32\SET9B.tmp  
C:\WINDOWS\System32\SET9C.tmp  
C:\WINDOWS\System32\SET9D.tmp  
C:\WINDOWS\System32\SET9E.tmp  
C:\WINDOWS\System32\SET9F.tmp  
C:\WINDOWS\System32\SETA0.tmp  
C:\WINDOWS\System32\SETA1.tmp  
C:\WINDOWS\System32\SETA2.tmp  
C:\WINDOWS\System32\SETA3.tmp  
C:\WINDOWS\System32\SETA4.tmp  
C:\WINDOWS\System32\SETA5.tmp  
C:\WINDOWS\System32\SETA6.tmp  
C:\WINDOWS\System32\SETA7.tmp  
C:\WINDOWS\System32\SETA8.tmp  
C:\WINDOWS\System32\SETA9.tmp  
C:\WINDOWS\System32\SETAA.tmp  
C:\WINDOWS\System32\SETBA.tmp  
C:\WINDOWS\System32\SETBB.tmp  
C:\WINDOWS\System32\SETBC.tmp  
C:\WINDOWS\System32\SETBD.tmp  
C:\WINDOWS\System32\SETBE.tmp  
C:\WINDOWS\System32\SETBF.tmp  
C:\WINDOWS\System32\SETC0.tmp  
C:\WINDOWS\System32\SETC2.tmp  
C:\WINDOWS\System32\SETC3.tmp  
C:\WINDOWS\System32\SETC4.tmp  
C:\WINDOWS\System32\SETC5.tmp  
C:\WINDOWS\System32\SETC6.tmp  
C:\WINDOWS\System32\SETC7.tmp  
C:\WINDOWS\System32\SETC8.tmp  
C:\WINDOWS\System32\SETC9.tmp  
C:\WINDOWS\System32\SETCA.tmp  
C:\WINDOWS\System32\SETCB.tmp  
C:\WINDOWS\System32\SETCC.tmp  
C:\WINDOWS\System32\SETCD.tmp  
C:\WINDOWS\System32\SETCE.tmp  
C:\WINDOWS\System32\SETCF.tmp  
C:\WINDOWS\System32\SETD0.tmp  
C:\WINDOWS\System32\SETD1.tmp  
C:\WINDOWS\System32\SETD2.tmp  
C:\WINDOWS\System32\SETD3.tmp  
C:\WINDOWS\System32\SETD4.tmp  
C:\WINDOWS\System32\SETD5.tmp  
C:\WINDOWS\System32\SETD6.tmp  
C:\WINDOWS\System32\SETD7.tmp  
C:\WINDOWS\System32\SETD8.tmp  
C:\WINDOWS\System32\SETD9.tmp  
C:\WINDOWS\System32\SETDA.tmp  
C:\WINDOWS\System32\SETDB.tmp  
C:\WINDOWS\System32\SETDC.tmp  
C:\WINDOWS\System32\SETDD.tmp  
C:\WINDOWS\System32\SETDE.tmp  
C:\WINDOWS\System32\SETE3.tmp  
C:\WINDOWS\System32\SETE4.tmp  
C:\WINDOWS\System32\SETE5.tmp  
C:\WINDOWS\System32\SETE6.tmp  
C:\WINDOWS\System32\SETE7.tmp  
C:\WINDOWS\System32\SETE8.tmp  
C:\WINDOWS\System32\SETE9.tmp  
C:\WINDOWS\System32\SETEB.tmp  
C:\WINDOWS\System32\SETEC.tmp  
C:\WINDOWS\System32\SETED.tmp  
C:\WINDOWS\System32\SETEE.tmp  
C:\WINDOWS\System32\SETEF.tmp  
C:\WINDOWS\System32\SETF0.tmp  
C:\WINDOWS\System32\SETF1.tmp  
C:\WINDOWS\System32\SETF2.tmp  
C:\WINDOWS\System32\SETF3.tmp  
C:\WINDOWS\System32\SETF4.tmp  
C:\WINDOWS\System32\SETF5.tmp  
C:\WINDOWS\System32\SETF6.tmp  
C:\WINDOWS\System32\SETF7.tmp  
C:\WINDOWS\System32\SETF8.tmp  
C:\WINDOWS\System32\SETF9.tmp  
C:\WINDOWS\System32\SETFA.tmp  
C:\WINDOWS\System32\SETFB.tmp  
C:\WINDOWS\System32\SETFC.tmp  
C:\WINDOWS\System32\SETFD.tmp  
C:\WINDOWS\System32\SETFE.tmp  
C:\WINDOWS\System32\SETFF.tmp  
C:\Documents and Settings\Feu Central\Application Data\GDIPFONTCACHEV1.DAT  
C:\Documents and Settings\Feu Central\Application Data\wklnhst.dat  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"  
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"  
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 21:33:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules]
"H8SRTd"="\?\globalroot\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"H8SRTc"="\?\globalroot\systemroot\system32\H8SRTsrtexmobwu.dll"
"H8SRTsrcr"="\?\globalroot\systemroot\system32\H8SRTbkovkbuyxu.dat"
"h8srtserf"="\?\globalroot\systemroot\system32\H8SRTirqqqweupw.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules]
"H8SRTd"="\?\globalroot\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"H8SRTc"="\?\globalroot\systemroot\system32\H8SRTsrtexmobwu.dll"
"H8SRTsrcr"="\?\globalroot\systemroot\system32\H8SRTbkovkbuyxu.dat"
"h8srtserf"="\?\globalroot\systemroot\system32\H8SRTirqqqweupw.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\H8SRTd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules]
"H8SRTd"="\?\globalroot\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"H8SRTc"="\?\globalroot\systemroot\system32\H8SRTsrtexmobwu.dll"
"H8SRTsrcr"="\?\globalroot\systemroot\system32\H8SRTbkovkbuyxu.dat"
"h8srtserf"="\?\globalroot\systemroot\system32\H8SRTirqqqweupw.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\H8SRTd.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules]
"H8SRTd"="\?\globalroot\systemroot\system32\drivers\H8SRTkllxownswi.sys"
"H8SRTc"="\?\globalroot\systemroot\system32\H8SRTsrtexmobwu.dll"
"H8SRTsrcr"="\?\globalroot\systemroot\system32\H8SRTbkovkbuyxu.dat"
"h8srtserf"="\?\globalroot\systemroot\system32\H8SRTirqqqweupw.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

Adobe
Apple Software Update
ATI Technologies
AvRack
BitDefender
BlackIsle
Canon
CCleaner
ChessBase
ComPlus Applications
DAEMON Tools Lite
eMule
Exact Audio Copy
Fichiers communs
Hewlett-Packard
hp deskjet 840c series
InstallShield Installation Information
Internet Explorer
Inventel
Java
K-Lite Codec Pack
List_Kill'em
Malwarebytes' Anti-Malware
Messenger
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft Works
Microsoft Works Suite 2005
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
NetMeeting
Outlook Express
QuickTime
Real Alternative
Realtek Sound Manager
Reference Assemblies
Services en ligne
Softwin
Spybot - Search & Destroy
TimeAdjuster
Uninstall Information
uTorrent
VIA
VIAudioi
Windows Desktop Search
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
XnView-win

============
Lecteur C:
============

AUTOEXEC.BAT
Boot.bak
boot.ini
Bootfont.bin
cc930bf4229d606ec1207b1247
cmdcons
cmldr
CONFIG.SYS
Documents and Settings
hiberfil.sys
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
Program Files
RECYCLER
System Volume Information
WINDOWS
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\Program Files\BitDefender\BitDefender 2009\BDInProcPatch.exe 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Staro · Answer

EDIT : Oups, j'avais pas vu que le log catch me était inclus dans le log List'em... Voilà, c'est effacé...

moment de grace · Answer

&#9654; Relance List&Kill'em avec le raccourci sur ton bureau , 

mais cette fois-ci : 

&#9654; choisis l'option 2 = Mode Suppression 

laisse travailler l'outil. 

en fin de scan un rapport s'ouvre 

&#9654; colle le contenu dans ta reponse

Staro · Answer

Kill'em by g3n-h@ckm@n 1.1.7.1 
 
User : Feu Central (Administrateurs) # FEUCENTRAL
Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00 
Start at: 02:38:02 | 07/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender  12.0 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (47,48 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local
F:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings\Temp\2BE.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

"C:\Documents and Settings\All Users\Application Data\sysReserve.ini"  
C:\WINDOWS\System32\drivers\_004569_.tmp.dll  
C:\WINDOWS\System32\SET100.tmp  
C:\WINDOWS\System32\SET101.tmp  
C:\WINDOWS\System32\SET102.tmp  
C:\WINDOWS\System32\SET103.tmp  
C:\WINDOWS\System32\SET104.tmp  
C:\WINDOWS\System32\SET105.tmp  
C:\WINDOWS\System32\SET106.tmp  
C:\WINDOWS\System32\SET107.tmp  
C:\WINDOWS\System32\SET108.tmp  
C:\WINDOWS\System32\SET109.tmp  
C:\WINDOWS\System32\SET109F.tmp  
C:\WINDOWS\System32\SET10A.tmp  
C:\WINDOWS\System32\SET10A7.tmp  
C:\WINDOWS\System32\SET10A9.tmp  
C:\WINDOWS\System32\SET10AC.tmp  
C:\WINDOWS\System32\SET10AD.tmp  
C:\WINDOWS\System32\SET10B.tmp  
C:\WINDOWS\System32\SET10BA.tmp  
C:\WINDOWS\System32\SET10C.tmp  
C:\WINDOWS\System32\SET10C7.tmp  
C:\WINDOWS\System32\SET10D.tmp  
C:\WINDOWS\System32\SET10E.tmp  
C:\WINDOWS\System32\SET10E0.tmp  
C:\WINDOWS\System32\SET10E6.tmp  
C:\WINDOWS\System32\SET110.tmp  
C:\WINDOWS\System32\SET111.tmp  
C:\WINDOWS\System32\SET112.tmp  
C:\WINDOWS\System32\SET113.tmp  
C:\WINDOWS\System32\SET114.tmp  
C:\WINDOWS\System32\SET115.tmp  
C:\WINDOWS\System32\SET116.tmp  
C:\WINDOWS\System32\SET117.tmp  
C:\WINDOWS\System32\SET118.tmp  
C:\WINDOWS\System32\SET119.tmp  
C:\WINDOWS\System32\SET11A.tmp  
C:\WINDOWS\System32\SET11B.tmp  
C:\WINDOWS\System32\SET11C.tmp  
C:\WINDOWS\System32\SET11D.tmp  
C:\WINDOWS\System32\SET11E.tmp  
C:\WINDOWS\System32\SET11F.tmp  
C:\WINDOWS\System32\SET120.tmp  
C:\WINDOWS\System32\SET121.tmp  
C:\WINDOWS\System32\SET122.tmp  
C:\WINDOWS\System32\SET123.tmp  
C:\WINDOWS\System32\SET124.tmp  
C:\WINDOWS\System32\SET125.tmp  
C:\WINDOWS\System32\SET126.tmp  
C:\WINDOWS\System32\SET127.tmp  
C:\WINDOWS\System32\SET128.tmp  
C:\WINDOWS\System32\SET129.tmp  
C:\WINDOWS\System32\SET12A.tmp  
C:\WINDOWS\System32\SET12B.tmp  
C:\WINDOWS\System32\SET12C.tmp  
C:\WINDOWS\System32\SET12D.tmp  
C:\WINDOWS\System32\SET12E.tmp  
C:\WINDOWS\System32\SET12F.tmp  
C:\WINDOWS\System32\SET130.tmp  
C:\WINDOWS\System32\SET131.tmp  
C:\WINDOWS\System32\SET132.tmp  
C:\WINDOWS\System32\SET133.tmp  
C:\WINDOWS\System32\SET134.tmp  
C:\WINDOWS\System32\SET135.tmp  
C:\WINDOWS\System32\SET136.tmp  
C:\WINDOWS\System32\SET137.tmp  
C:\WINDOWS\System32\SET138.tmp  
C:\WINDOWS\System32\SET139.tmp  
C:\WINDOWS\System32\SET13A.tmp  
C:\WINDOWS\System32\SET13B.tmp  
C:\WINDOWS\System32\SET13C.tmp  
C:\WINDOWS\System32\SET13D.tmp  
C:\WINDOWS\System32\SET13E.tmp  
C:\WINDOWS\System32\SET13F.tmp  
C:\WINDOWS\System32\SET140.tmp  
C:\WINDOWS\System32\SET141.tmp  
C:\WINDOWS\System32\SET142.tmp  
C:\WINDOWS\System32\SET143.tmp  
C:\WINDOWS\System32\SET144.tmp  
C:\WINDOWS\System32\SET145.tmp  
C:\WINDOWS\System32\SET146.tmp  
C:\WINDOWS\System32\SET147.tmp  
C:\WINDOWS\System32\SET148.tmp  
C:\WINDOWS\System32\SET149.tmp  
C:\WINDOWS\System32\SET14A.tmp  
C:\WINDOWS\System32\SET14B.tmp  
C:\WINDOWS\System32\SET14C.tmp  
C:\WINDOWS\System32\SET14D.tmp  
C:\WINDOWS\System32\SET14E.tmp  
C:\WINDOWS\System32\SET14F.tmp  
C:\WINDOWS\System32\SET150.tmp  
C:\WINDOWS\System32\SET180.tmp  
C:\WINDOWS\System32\SET184.tmp  
C:\WINDOWS\System32\SET185.tmp  
C:\WINDOWS\System32\SET187.tmp  
C:\WINDOWS\System32\SET189.tmp  
C:\WINDOWS\System32\SET18B.tmp  
C:\WINDOWS\System32\SET18E.tmp  
C:\WINDOWS\System32\SET192.tmp  
C:\WINDOWS\System32\SET193.tmp  
C:\WINDOWS\System32\SET196.tmp  
C:\WINDOWS\System32\SET1A5.tmp  
C:\WINDOWS\System32\SET1AB.tmp  
C:\WINDOWS\System32\SET1AC.tmp  
C:\WINDOWS\System32\SET1AF.tmp  
C:\WINDOWS\System32\SET1B0.tmp  
C:\WINDOWS\System32\SET1B1.tmp  
C:\WINDOWS\System32\SET1B3.tmp  
C:\WINDOWS\System32\SET1B4.tmp  
C:\WINDOWS\System32\SET1B7.tmp  
C:\WINDOWS\System32\SET1B8.tmp  
C:\WINDOWS\System32\SET1B9.tmp  
C:\WINDOWS\System32\SET1BA.tmp  
C:\WINDOWS\System32\SET1C0.tmp  
C:\WINDOWS\System32\SET1C7.tmp  
C:\WINDOWS\System32\SET1C8.tmp  
C:\WINDOWS\System32\SET1C9.tmp  
C:\WINDOWS\System32\SET1CA.tmp  
C:\WINDOWS\System32\SET1CD.tmp  
C:\WINDOWS\System32\SET1CF.tmp  
C:\WINDOWS\System32\SET1D0.tmp  
C:\WINDOWS\System32\SET1D7.tmp  
C:\WINDOWS\System32\SET1D9.tmp  
C:\WINDOWS\System32\SET1DA.tmp  
C:\WINDOWS\System32\SET1DB.tmp  
C:\WINDOWS\System32\SET1DD.tmp  
C:\WINDOWS\System32\SET1DE.tmp  
C:\WINDOWS\System32\SET1DF.tmp  
C:\WINDOWS\System32\SET1E1.tmp  
C:\WINDOWS\System32\SET1E4.tmp  
C:\WINDOWS\System32\SET1E5.tmp  
C:\WINDOWS\System32\SET1E6.tmp  
C:\WINDOWS\System32\SET1E7.tmp  
C:\WINDOWS\System32\SET1EA.tmp  
C:\WINDOWS\System32\SET1F0.tmp  
C:\WINDOWS\System32\SET1F5.tmp  
C:\WINDOWS\System32\SET1F6.tmp  
C:\WINDOWS\System32\SET1F9.tmp  
C:\WINDOWS\System32\SET1FC.tmp  
C:\WINDOWS\System32\SET1FD.tmp  
C:\WINDOWS\System32\SET1FF.tmp  
C:\WINDOWS\System32\SET204.tmp  
C:\WINDOWS\System32\SET205.tmp  
C:\WINDOWS\System32\SET207.tmp  
C:\WINDOWS\System32\SET20A.tmp  
C:\WINDOWS\System32\SET214.tmp  
C:\WINDOWS\System32\SET215.tmp  
C:\WINDOWS\System32\SET218.tmp  
C:\WINDOWS\System32\SET21A.tmp  
C:\WINDOWS\System32\SET21B.tmp  
C:\WINDOWS\System32\SET21C.tmp  
C:\WINDOWS\System32\SET21D.tmp  
C:\WINDOWS\System32\SET21F.tmp  
C:\WINDOWS\System32\SET22F.tmp  
C:\WINDOWS\System32\SET234.tmp  
C:\WINDOWS\System32\SET236.tmp  
C:\WINDOWS\System32\SET238.tmp  
C:\WINDOWS\System32\SET239.tmp  
C:\WINDOWS\System32\SET23A.tmp  
C:\WINDOWS\System32\SET23B.tmp  
C:\WINDOWS\System32\SET23D.tmp  
C:\WINDOWS\System32\SET23E.tmp  
C:\WINDOWS\System32\SET242.tmp  
C:\WINDOWS\System32\SET243.tmp  
C:\WINDOWS\System32\SET247.tmp  
C:\WINDOWS\System32\SET248.tmp  
C:\WINDOWS\System32\SET24E.tmp  
C:\WINDOWS\System32\SET24F.tmp  
C:\WINDOWS\System32\SET250.tmp  
C:\WINDOWS\System32\SET258.tmp  
C:\WINDOWS\System32\SET25E.tmp  
C:\WINDOWS\System32\SET25F.tmp  
C:\WINDOWS\System32\SET260.tmp  
C:\WINDOWS\System32\SET262.tmp  
C:\WINDOWS\System32\SET264.tmp  
C:\WINDOWS\System32\SET26A.tmp  
C:\WINDOWS\System32\SET276.tmp  
C:\WINDOWS\System32\SET278.tmp  
C:\WINDOWS\System32\SET27A.tmp  
C:\WINDOWS\System32\SET27B.tmp  
C:\WINDOWS\System32\SET27C.tmp  
C:\WINDOWS\System32\SET27F.tmp  
C:\WINDOWS\System32\SET289.tmp  
C:\WINDOWS\System32\SET28B.tmp  
C:\WINDOWS\System32\SET28C.tmp  
C:\WINDOWS\System32\SET290.tmp  
C:\WINDOWS\System32\SET292.tmp  
C:\WINDOWS\System32\SET296.tmp  
C:\WINDOWS\System32\SET29B.tmp  
C:\WINDOWS\System32\SET29C.tmp  
C:\WINDOWS\System32\SET29D.tmp  
C:\WINDOWS\System32\SET29F.tmp  
C:\WINDOWS\System32\SET2A0.tmp  
C:\WINDOWS\System32\SET2A9.tmp  
C:\WINDOWS\System32\SET2AA.tmp  
C:\WINDOWS\System32\SET2B1.tmp  
C:\WINDOWS\System32\SET2B2.tmp  
C:\WINDOWS\System32\SET2B5.tmp  
C:\WINDOWS\System32\SET2B6.tmp  
C:\WINDOWS\System32\SET2B7.tmp  
C:\WINDOWS\System32\SET2B8.tmp  
C:\WINDOWS\System32\SET2B9.tmp  
C:\WINDOWS\System32\SET2BC.tmp  
C:\WINDOWS\System32\SET2BD.tmp  
C:\WINDOWS\System32\SET2BE.tmp  
C:\WINDOWS\System32\SET2C0.tmp  
C:\WINDOWS\System32\SET2C1.tmp  
C:\WINDOWS\System32\SET2C2.tmp  
C:\WINDOWS\System32\SET2C5.tmp  
C:\WINDOWS\System32\SET2C8.tmp  
C:\WINDOWS\System32\SET2CD.tmp  
C:\WINDOWS\System32\SET2CE.tmp  
C:\WINDOWS\System32\SET2CF.tmp  
C:\WINDOWS\System32\SET2D4.tmp  
C:\WINDOWS\System32\SET2D5.tmp  
C:\WINDOWS\System32\SET2D6.tmp  
C:\WINDOWS\System32\SET2D8.tmp  
C:\WINDOWS\System32\SET2DB.tmp  
C:\WINDOWS\System32\SET2DD.tmp  
C:\WINDOWS\System32\SET2DE.tmp  
C:\WINDOWS\System32\SET2E1.tmp  
C:\WINDOWS\System32\SET2E2.tmp  
C:\WINDOWS\System32\SET2E5.tmp  
C:\WINDOWS\System32\SET2E8.tmp  
C:\WINDOWS\System32\SET2E9.tmp  
C:\WINDOWS\System32\SET2EB.tmp  
C:\WINDOWS\System32\SET2F0.tmp  
C:\WINDOWS\System32\SET2F7.tmp  
C:\WINDOWS\System32\SET2FF.tmp  
C:\WINDOWS\System32\SET300.tmp  
C:\WINDOWS\System32\SET303.tmp  
C:\WINDOWS\System32\SET304.tmp  
C:\WINDOWS\System32\SET311.tmp  
C:\WINDOWS\System32\SET314.tmp  
C:\WINDOWS\System32\SET316.tmp  
C:\WINDOWS\System32\SET317.tmp  
C:\WINDOWS\System32\SET323.tmp  
C:\WINDOWS\System32\SET327.tmp  
C:\WINDOWS\System32\SET328.tmp  
C:\WINDOWS\System32\SET329.tmp  
C:\WINDOWS\System32\SET32A.tmp  
C:\WINDOWS\System32\SET32C.tmp  
C:\WINDOWS\System32\SET32E.tmp  
C:\WINDOWS\System32\SET332.tmp  
C:\WINDOWS\System32\SET336.tmp  
C:\WINDOWS\System32\SET33B.tmp  
C:\WINDOWS\System32\SET33D.tmp  
C:\WINDOWS\System32\SET342.tmp  
C:\WINDOWS\System32\SET344.tmp  
C:\WINDOWS\System32\SET345.tmp  
C:\WINDOWS\System32\SET346.tmp  
C:\WINDOWS\System32\SET348.tmp  
C:\WINDOWS\System32\SET349.tmp  
C:\WINDOWS\System32\SET34E.tmp  
C:\WINDOWS\System32\SET350.tmp  
C:\WINDOWS\System32\SET351.tmp  
C:\WINDOWS\System32\SET358.tmp  
C:\WINDOWS\System32\SET363.tmp  
C:\WINDOWS\System32\SET366.tmp  
C:\WINDOWS\System32\SET367.tmp  
C:\WINDOWS\System32\SET368.tmp  
C:\WINDOWS\System32\SET36C.tmp  
C:\WINDOWS\System32\SET370.tmp  
C:\WINDOWS\System32\SET371.tmp  
C:\WINDOWS\System32\SET372.tmp  
C:\WINDOWS\System32\SET373.tmp  
C:\WINDOWS\System32\SET374.tmp  
C:\WINDOWS\System32\SET375.tmp  
C:\WINDOWS\System32\SET376.tmp  
C:\WINDOWS\System32\SET378.tmp  
C:\WINDOWS\System32\SET379.tmp  
C:\WINDOWS\System32\SET37A.tmp  
C:\WINDOWS\System32\SET37B.tmp  
C:\WINDOWS\System32\SET37C.tmp  
C:\WINDOWS\System32\SET37D.tmp  
C:\WINDOWS\System32\SET37E.tmp  
C:\WINDOWS\System32\SET37F.tmp  
C:\WINDOWS\System32\SET380.tmp  
C:\WINDOWS\System32\SET381.tmp  
C:\WINDOWS\System32\SET382.tmp  
C:\WINDOWS\System32\SET383.tmp  
C:\WINDOWS\System32\SET384.tmp  
C:\WINDOWS\System32\SET385.tmp  
C:\WINDOWS\System32\SET386.tmp  
C:\WINDOWS\System32\SET387.tmp  
C:\WINDOWS\System32\SET388.tmp  
C:\WINDOWS\System32\SET389.tmp  
C:\WINDOWS\System32\SET38A.tmp  
C:\WINDOWS\System32\SET38B.tmp  
C:\WINDOWS\System32\SET38C.tmp  
C:\WINDOWS\System32\SET38D.tmp  
C:\WINDOWS\System32\SET38E.tmp  
C:\WINDOWS\System32\SET38F.tmp  
C:\WINDOWS\System32\SET390.tmp  
C:\WINDOWS\System32\SET391.tmp  
C:\WINDOWS\System32\SET392.tmp  
C:\WINDOWS\System32\SET393.tmp  
C:\WINDOWS\System32\SET394.tmp  
C:\WINDOWS\System32\SET398.tmp  
C:\WINDOWS\System32\SET3A0.tmp  
C:\WINDOWS\System32\SET3A2.tmp  
C:\WINDOWS\System32\SET3AA.tmp  
C:\WINDOWS\System32\SET3AC.tmp  
C:\WINDOWS\System32\SET3C6.tmp  
C:\WINDOWS\System32\SET3C9.tmp  
C:\WINDOWS\System32\SET3CB.tmp  
C:\WINDOWS\System32\SET3CD.tmp  
C:\WINDOWS\System32\SET3CF.tmp  
C:\WINDOWS\System32\SET3D6.tmp  
C:\WINDOWS\System32\SET3DB.tmp  
C:\WINDOWS\System32\SET3F4.tmp  
C:\WINDOWS\System32\SET3FA.tmp  
C:\WINDOWS\System32\SET3FC.tmp  
C:\WINDOWS\System32\SET3FD.tmp  
C:\WINDOWS\System32\SET403.tmp  
C:\WINDOWS\System32\SET407.tmp  
C:\WINDOWS\System32\SET416.tmp  
C:\WINDOWS\System32\SET418.tmp  
C:\WINDOWS\System32\SET419.tmp  
C:\WINDOWS\System32\SET41A.tmp  
C:\WINDOWS\System32\SET424.tmp  
C:\WINDOWS\System32\SET428.tmp  
C:\WINDOWS\System32\SET42D.tmp  
C:\WINDOWS\System32\SET433.tmp  
C:\WINDOWS\System32\SET43E.tmp  
C:\WINDOWS\System32\SET446.tmp  
C:\WINDOWS\System32\SET447.tmp  
C:\WINDOWS\System32\SET472.tmp  
C:\WINDOWS\System32\SET475.tmp  
C:\WINDOWS\System32\SET47C.tmp  
C:\WINDOWS\System32\SET47D.tmp  
C:\WINDOWS\System32\SET47E.tmp  
C:\WINDOWS\System32\SET480.tmp  
C:\WINDOWS\System32\SET481.tmp  
C:\WINDOWS\System32\SET482.tmp  
C:\WINDOWS\System32\SET485.tmp  
C:\WINDOWS\System32\SET487.tmp  
C:\WINDOWS\System32\SET488.tmp  
C:\WINDOWS\System32\SET48A.tmp  
C:\WINDOWS\System32\SET48E.tmp  
C:\WINDOWS\System32\SET490.tmp  
C:\WINDOWS\System32\SET495.tmp  
C:\WINDOWS\System32\SET496.tmp  
C:\WINDOWS\System32\SET49E.tmp  
C:\WINDOWS\System32\SET4A4.tmp  
C:\WINDOWS\System32\SET4AA.tmp  
C:\WINDOWS\System32\SET4AE.tmp  
C:\WINDOWS\System32\SET4B1.tmp  
C:\WINDOWS\System32\SET4B3.tmp  
C:\WINDOWS\System32\SET4B7.tmp  
C:\WINDOWS\System32\SET4BA.tmp  
C:\WINDOWS\System32\SET4BC.tmp  
C:\WINDOWS\System32\SET4BD.tmp  
C:\WINDOWS\System32\SET4C1.tmp  
C:\WINDOWS\System32\SET4C2.tmp  
C:\WINDOWS\System32\SET4C6.tmp  
C:\WINDOWS\System32\SET4C7.tmp  
C:\WINDOWS\System32\SET4CA.tmp  
C:\WINDOWS\System32\SET4D1.tmp  
C:\WINDOWS\System32\SET4D4.tmp  
C:\WINDOWS\System32\SET4D6.tmp  
C:\WINDOWS\System32\SET4D9.tmp  
C:\WINDOWS\System32\SET4DC.tmp  
C:\WINDOWS\System32\SET4DE.tmp  
C:\WINDOWS\System32\SET4E2.tmp  
C:\WINDOWS\System32\SET86.tmp  
C:\WINDOWS\System32\SET87.tmp  
C:\WINDOWS\System32\SET88.tmp  
C:\WINDOWS\System32\SET89.tmp  
C:\WINDOWS\System32\SET8A.tmp  
C:\WINDOWS\System32\SET8B.tmp  
C:\WINDOWS\System32\SET8C.tmp  
C:\WINDOWS\System32\SET8E.tmp  
C:\WINDOWS\System32\SET8F.tmp  
C:\WINDOWS\System32\SET90.tmp  
C:\WINDOWS\System32\SET91.tmp  
C:\WINDOWS\System32\SET92.tmp  
C:\WINDOWS\System32\SET93.tmp  
C:\WINDOWS\System32\SET94.tmp  
C:\WINDOWS\System32\SET95.tmp  
C:\WINDOWS\System32\SET96.tmp  
C:\WINDOWS\System32\SET97.tmp  
C:\WINDOWS\System32\SET98.tmp  
C:\WINDOWS\System32\SET99.tmp  
C:\WINDOWS\System32\SET9A.tmp  
C:\WINDOWS\System32\SET9B.tmp  
C:\WINDOWS\System32\SET9C.tmp  
C:\WINDOWS\System32\SET9D.tmp  
C:\WINDOWS\System32\SET9E.tmp  
C:\WINDOWS\System32\SET9F.tmp  
C:\WINDOWS\System32\SETA0.tmp  
C:\WINDOWS\System32\SETA1.tmp  
C:\WINDOWS\System32\SETA2.tmp  
C:\WINDOWS\System32\SETA3.tmp  
C:\WINDOWS\System32\SETA4.tmp  
C:\WINDOWS\System32\SETA5.tmp  
C:\WINDOWS\System32\SETA6.tmp  
C:\WINDOWS\System32\SETA7.tmp  
C:\WINDOWS\System32\SETA8.tmp  
C:\WINDOWS\System32\SETA9.tmp  
C:\WINDOWS\System32\SETAA.tmp  
C:\WINDOWS\System32\SETBA.tmp  
C:\WINDOWS\System32\SETBB.tmp  
C:\WINDOWS\System32\SETBC.tmp  
C:\WINDOWS\System32\SETBD.tmp  
C:\WINDOWS\System32\SETBE.tmp  
C:\WINDOWS\System32\SETBF.tmp  
C:\WINDOWS\System32\SETC0.tmp  
C:\WINDOWS\System32\SETC2.tmp  
C:\WINDOWS\System32\SETC3.tmp  
C:\WINDOWS\System32\SETC4.tmp  
C:\WINDOWS\System32\SETC5.tmp  
C:\WINDOWS\System32\SETC6.tmp  
C:\WINDOWS\System32\SETC7.tmp  
C:\WINDOWS\System32\SETC8.tmp  
C:\WINDOWS\System32\SETC9.tmp  
C:\WINDOWS\System32\SETCA.tmp  
C:\WINDOWS\System32\SETCB.tmp  
C:\WINDOWS\System32\SETCC.tmp  
C:\WINDOWS\System32\SETCD.tmp  
C:\WINDOWS\System32\SETCE.tmp  
C:\WINDOWS\System32\SETCF.tmp  
C:\WINDOWS\System32\SETD0.tmp  
C:\WINDOWS\System32\SETD1.tmp  
C:\WINDOWS\System32\SETD2.tmp  
C:\WINDOWS\System32\SETD3.tmp  
C:\WINDOWS\System32\SETD4.tmp  
C:\WINDOWS\System32\SETD5.tmp  
C:\WINDOWS\System32\SETD6.tmp  
C:\WINDOWS\System32\SETD7.tmp  
C:\WINDOWS\System32\SETD8.tmp  
C:\WINDOWS\System32\SETD9.tmp  
C:\WINDOWS\System32\SETDA.tmp  
C:\WINDOWS\System32\SETDB.tmp  
C:\WINDOWS\System32\SETDC.tmp  
C:\WINDOWS\System32\SETDD.tmp  
C:\WINDOWS\System32\SETDE.tmp  
C:\WINDOWS\System32\SETE3.tmp  
C:\WINDOWS\System32\SETE4.tmp  
C:\WINDOWS\System32\SETE5.tmp  
C:\WINDOWS\System32\SETE6.tmp  
C:\WINDOWS\System32\SETE7.tmp  
C:\WINDOWS\System32\SETE8.tmp  
C:\WINDOWS\System32\SETE9.tmp  
C:\WINDOWS\System32\SETEB.tmp  
C:\WINDOWS\System32\SETEC.tmp  
C:\WINDOWS\System32\SETED.tmp  
C:\WINDOWS\System32\SETEE.tmp  
C:\WINDOWS\System32\SETEF.tmp  
C:\WINDOWS\System32\SETF0.tmp  
C:\WINDOWS\System32\SETF1.tmp  
C:\WINDOWS\System32\SETF2.tmp  
C:\WINDOWS\System32\SETF3.tmp  
C:\WINDOWS\System32\SETF4.tmp  
C:\WINDOWS\System32\SETF5.tmp  
C:\WINDOWS\System32\SETF6.tmp  
C:\WINDOWS\System32\SETF7.tmp  
C:\WINDOWS\System32\SETF8.tmp  
C:\WINDOWS\System32\SETF9.tmp  
C:\WINDOWS\System32\SETFA.tmp  
C:\WINDOWS\System32\SETFB.tmp  
C:\WINDOWS\System32\SETFC.tmp  
C:\WINDOWS\System32\SETFD.tmp  
C:\WINDOWS\System32\SETFE.tmp  
C:\WINDOWS\System32\SETFF.tmp  
 
 
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted : 
  
Quarantine : 

SET100.tmp.Kill'em
SET101.tmp.Kill'em
SET102.tmp.Kill'em
SET103.tmp.Kill'em
SET104.tmp.Kill'em
SET105.tmp.Kill'em
SET106.tmp.Kill'em
SET107.tmp.Kill'em
SET108.tmp.Kill'em
SET109.tmp.Kill'em
SET109F.tmp.Kill'em
SET10A.tmp.Kill'em
SET10A7.tmp.Kill'em
SET10A9.tmp.Kill'em
SET10AC.tmp.Kill'em
SET10AD.tmp.Kill'em
SET10B.tmp.Kill'em
SET10BA.tmp.Kill'em
SET10C.tmp.Kill'em
SET10C7.tmp.Kill'em
SET10D.tmp.Kill'em
SET10E.tmp.Kill'em
SET10E0.tmp.Kill'em
SET10E6.tmp.Kill'em
SET110.tmp.Kill'em
SET111.tmp.Kill'em
SET112.tmp.Kill'em
SET113.tmp.Kill'em
SET114.tmp.Kill'em
SET115.tmp.Kill'em
SET116.tmp.Kill'em
SET117.tmp.Kill'em
SET118.tmp.Kill'em
SET119.tmp.Kill'em
SET11A.tmp.Kill'em
SET11B.tmp.Kill'em
SET11C.tmp.Kill'em
SET11D.tmp.Kill'em
SET11E.tmp.Kill'em
SET11F.tmp.Kill'em
SET120.tmp.Kill'em
SET121.tmp.Kill'em
SET122.tmp.Kill'em
SET123.tmp.Kill'em
SET124.tmp.Kill'em
SET125.tmp.Kill'em
SET126.tmp.Kill'em
SET127.tmp.Kill'em
SET128.tmp.Kill'em
SET129.tmp.Kill'em
SET12A.tmp.Kill'em
SET12B.tmp.Kill'em
SET12C.tmp.Kill'em
SET12D.tmp.Kill'em
SET12E.tmp.Kill'em
SET12F.tmp.Kill'em
SET130.tmp.Kill'em
SET131.tmp.Kill'em
SET132.tmp.Kill'em
SET133.tmp.Kill'em
SET134.tmp.Kill'em
SET135.tmp.Kill'em
SET136.tmp.Kill'em
SET137.tmp.Kill'em
SET138.tmp.Kill'em
SET139.tmp.Kill'em
SET13A.tmp.Kill'em
SET13B.tmp.Kill'em
SET13C.tmp.Kill'em
SET13D.tmp.Kill'em
SET13E.tmp.Kill'em
SET13F.tmp.Kill'em
SET140.tmp.Kill'em
SET141.tmp.Kill'em
SET142.tmp.Kill'em
SET143.tmp.Kill'em
SET144.tmp.Kill'em
SET145.tmp.Kill'em
SET146.tmp.Kill'em
SET147.tmp.Kill'em
SET148.tmp.Kill'em
SET149.tmp.Kill'em
SET14A.tmp.Kill'em
SET14B.tmp.Kill'em
SET14C.tmp.Kill'em
SET14D.tmp.Kill'em
SET14E.tmp.Kill'em
SET14F.tmp.Kill'em
SET150.tmp.Kill'em
SET180.tmp.Kill'em
SET184.tmp.Kill'em
SET185.tmp.Kill'em
SET187.tmp.Kill'em
SET189.tmp.Kill'em
SET18B.tmp.Kill'em
SET18E.tmp.Kill'em
SET192.tmp.Kill'em
SET193.tmp.Kill'em
SET196.tmp.Kill'em
SET1A5.tmp.Kill'em
SET1AB.tmp.Kill'em
SET1AC.tmp.Kill'em
SET1AF.tmp.Kill'em
SET1B0.tmp.Kill'em
SET1B1.tmp.Kill'em
SET1B3.tmp.Kill'em
SET1B4.tmp.Kill'em
SET1B7.tmp.Kill'em
SET1B8.tmp.Kill'em
SET1B9.tmp.Kill'em
SET1BA.tmp.Kill'em
SET1C0.tmp.Kill'em
SET1C7.tmp.Kill'em
SET1C8.tmp.Kill'em
SET1C9.tmp.Kill'em
SET1CA.tmp.Kill'em
SET1CD.tmp.Kill'em
SET1CF.tmp.Kill'em
SET1D0.tmp.Kill'em
SET1D7.tmp.Kill'em
SET1D9.tmp.Kill'em
SET1DA.tmp.Kill'em
SET1DB.tmp.Kill'em
SET1DD.tmp.Kill'em
SET1DE.tmp.Kill'em
SET1DF.tmp.Kill'em
SET1E1.tmp.Kill'em
SET1E4.tmp.Kill'em
SET1E5.tmp.Kill'em
SET1E6.tmp.Kill'em
SET1E7.tmp.Kill'em
SET1EA.tmp.Kill'em
SET1F0.tmp.Kill'em
SET1F5.tmp.Kill'em
SET1F6.tmp.Kill'em
SET1F9.tmp.Kill'em
SET1FC.tmp.Kill'em
SET1FD.tmp.Kill'em
SET1FF.tmp.Kill'em
SET204.tmp.Kill'em
SET205.tmp.Kill'em
SET207.tmp.Kill'em
SET20A.tmp.Kill'em
SET214.tmp.Kill'em
SET215.tmp.Kill'em
SET218.tmp.Kill'em
SET21A.tmp.Kill'em
SET21B.tmp.Kill'em
SET21C.tmp.Kill'em
SET21D.tmp.Kill'em
SET21F.tmp.Kill'em
SET22F.tmp.Kill'em
SET234.tmp.Kill'em
SET236.tmp.Kill'em
SET238.tmp.Kill'em
SET239.tmp.Kill'em
SET23A.tmp.Kill'em
SET23B.tmp.Kill'em
SET23D.tmp.Kill'em
SET23E.tmp.Kill'em
SET242.tmp.Kill'em
SET243.tmp.Kill'em
SET247.tmp.Kill'em
SET248.tmp.Kill'em
SET24E.tmp.Kill'em
SET24F.tmp.Kill'em
SET250.tmp.Kill'em
SET258.tmp.Kill'em
SET25E.tmp.Kill'em
SET25F.tmp.Kill'em
SET260.tmp.Kill'em
SET262.tmp.Kill'em
SET264.tmp.Kill'em
SET26A.tmp.Kill'em
SET276.tmp.Kill'em
SET278.tmp.Kill'em
SET27A.tmp.Kill'em
SET27B.tmp.Kill'em
SET27C.tmp.Kill'em
SET27F.tmp.Kill'em
SET289.tmp.Kill'em
SET28B.tmp.Kill'em
SET28C.tmp.Kill'em
SET290.tmp.Kill'em
SET292.tmp.Kill'em
SET296.tmp.Kill'em
SET29B.tmp.Kill'em
SET29C.tmp.Kill'em
SET29D.tmp.Kill'em
SET29F.tmp.Kill'em
SET2A0.tmp.Kill'em
SET2A9.tmp.Kill'em
SET2AA.tmp.Kill'em
SET2B1.tmp.Kill'em
SET2B2.tmp.Kill'em
SET2B5.tmp.Kill'em
SET2B6.tmp.Kill'em
SET2B7.tmp.Kill'em
SET2B8.tmp.Kill'em
SET2B9.tmp.Kill'em
SET2BC.tmp.Kill'em
SET2BD.tmp.Kill'em
SET2BE.tmp.Kill'em
SET2C0.tmp.Kill'em
SET2C1.tmp.Kill'em
SET2C2.tmp.Kill'em
SET2C5.tmp.Kill'em
SET2C8.tmp.Kill'em
SET2CD.tmp.Kill'em
SET2CE.tmp.Kill'em
SET2CF.tmp.Kill'em
SET2D4.tmp.Kill'em
SET2D5.tmp.Kill'em
SET2D6.tmp.Kill'em
SET2D8.tmp.Kill'em
SET2DB.tmp.Kill'em
SET2DD.tmp.Kill'em
SET2DE.tmp.Kill'em
SET2E1.tmp.Kill'em
SET2E2.tmp.Kill'em
SET2E5.tmp.Kill'em
SET2E8.tmp.Kill'em
SET2E9.tmp.Kill'em
SET2EB.tmp.Kill'em
SET2F0.tmp.Kill'em
SET2F7.tmp.Kill'em
SET2FF.tmp.Kill'em
SET300.tmp.Kill'em
SET303.tmp.Kill'em
SET304.tmp.Kill'em
SET311.tmp.Kill'em
SET314.tmp.Kill'em
SET316.tmp.Kill'em
SET317.tmp.Kill'em
SET323.tmp.Kill'em
SET327.tmp.Kill'em
SET328.tmp.Kill'em
SET329.tmp.Kill'em
SET32A.tmp.Kill'em
SET32C.tmp.Kill'em
SET32E.tmp.Kill'em
SET332.tmp.Kill'em
SET336.tmp.Kill'em
SET33B.tmp.Kill'em
SET33D.tmp.Kill'em
SET342.tmp.Kill'em
SET344.tmp.Kill'em
SET345.tmp.Kill'em
SET346.tmp.Kill'em
SET348.tmp.Kill'em
SET349.tmp.Kill'em
SET34E.tmp.Kill'em
SET350.tmp.Kill'em
SET351.tmp.Kill'em
SET358.tmp.Kill'em
SET363.tmp.Kill'em
SET366.tmp.Kill'em
SET367.tmp.Kill'em
SET368.tmp.Kill'em
SET36C.tmp.Kill'em
SET370.tmp.Kill'em
SET371.tmp.Kill'em
SET372.tmp.Kill'em
SET373.tmp.Kill'em
SET374.tmp.Kill'em
SET375.tmp.Kill'em
SET376.tmp.Kill'em
SET378.tmp.Kill'em
SET379.tmp.Kill'em
SET37A.tmp.Kill'em
SET37B.tmp.Kill'em
SET37C.tmp.Kill'em
SET37D.tmp.Kill'em
SET37E.tmp.Kill'em
SET37F.tmp.Kill'em
SET380.tmp.Kill'em
SET381.tmp.Kill'em
SET382.tmp.Kill'em
SET383.tmp.Kill'em
SET384.tmp.Kill'em
SET385.tmp.Kill'em
SET386.tmp.Kill'em
SET387.tmp.Kill'em
SET388.tmp.Kill'em
SET389.tmp.Kill'em
SET38A.tmp.Kill'em
SET38B.tmp.Kill'em
SET38C.tmp.Kill'em
SET38D.tmp.Kill'em
SET38E.tmp.Kill'em
SET38F.tmp.Kill'em
SET390.tmp.Kill'em
SET391.tmp.Kill'em
SET392.tmp.Kill'em
SET393.tmp.Kill'em
SET394.tmp.Kill'em
SET398.tmp.Kill'em
SET3A0.tmp.Kill'em
SET3A2.tmp.Kill'em
SET3AA.tmp.Kill'em
SET3AC.tmp.Kill'em
SET3C6.tmp.Kill'em
SET3C9.tmp.Kill'em
SET3CB.tmp.Kill'em
SET3CD.tmp.Kill'em
SET3CF.tmp.Kill'em
SET3D6.tmp.Kill'em
SET3DB.tmp.Kill'em
SET3F4.tmp.Kill'em
SET3FA.tmp.Kill'em
SET3FC.tmp.Kill'em
SET3FD.tmp.Kill'em
SET403.tmp.Kill'em
SET407.tmp.Kill'em
SET416.tmp.Kill'em
SET418.tmp.Kill'em
SET419.tmp.Kill'em
SET41A.tmp.Kill'em
SET424.tmp.Kill'em
SET428.tmp.Kill'em
SET42D.tmp.Kill'em
SET433.tmp.Kill'em
SET43E.tmp.Kill'em
SET446.tmp.Kill'em
SET447.tmp.Kill'em
SET472.tmp.Kill'em
SET475.tmp.Kill'em
SET47C.tmp.Kill'em
SET47D.tmp.Kill'em
SET47E.tmp.Kill'em
SET480.tmp.Kill'em
SET481.tmp.Kill'em
SET482.tmp.Kill'em
SET485.tmp.Kill'em
SET487.tmp.Kill'em
SET488.tmp.Kill'em
SET48A.tmp.Kill'em
SET48E.tmp.Kill'em
SET490.tmp.Kill'em
SET495.tmp.Kill'em
SET496.tmp.Kill'em
SET49E.tmp.Kill'em
SET4A4.tmp.Kill'em
SET4AA.tmp.Kill'em
SET4AE.tmp.Kill'em
SET4B1.tmp.Kill'em
SET4B3.tmp.Kill'em
SET4B7.tmp.Kill'em
SET4BA.tmp.Kill'em
SET4BC.tmp.Kill'em
SET4BD.tmp.Kill'em
SET4C1.tmp.Kill'em
SET4C2.tmp.Kill'em
SET4C6.tmp.Kill'em
SET4C7.tmp.Kill'em
SET4CA.tmp.Kill'em
SET4D1.tmp.Kill'em
SET4D4.tmp.Kill'em
SET4D6.tmp.Kill'em
SET4D9.tmp.Kill'em
SET4DC.tmp.Kill'em
SET4DE.tmp.Kill'em
SET4E2.tmp.Kill'em
SET86.tmp.Kill'em
SET87.tmp.Kill'em
SET88.tmp.Kill'em
SET89.tmp.Kill'em
SET8A.tmp.Kill'em
SET8B.tmp.Kill'em
SET8C.tmp.Kill'em
SET8E.tmp.Kill'em
SET8F.tmp.Kill'em
SET90.tmp.Kill'em
SET91.tmp.Kill'em
SET92.tmp.Kill'em
SET93.tmp.Kill'em
SET94.tmp.Kill'em
SET95.tmp.Kill'em
SET96.tmp.Kill'em
SET97.tmp.Kill'em
SET98.tmp.Kill'em
SET99.tmp.Kill'em
SET9A.tmp.Kill'em
SET9B.tmp.Kill'em
SET9C.tmp.Kill'em
SET9D.tmp.Kill'em
SET9E.tmp.Kill'em
SET9F.tmp.Kill'em
SETA0.tmp.Kill'em
SETA1.tmp.Kill'em
SETA2.tmp.Kill'em
SETA3.tmp.Kill'em
SETA4.tmp.Kill'em
SETA5.tmp.Kill'em
SETA6.tmp.Kill'em
SETA7.tmp.Kill'em
SETA8.tmp.Kill'em
SETA9.tmp.Kill'em
SETAA.tmp.Kill'em
SETBA.tmp.Kill'em
SETBB.tmp.Kill'em
SETBC.tmp.Kill'em
SETBD.tmp.Kill'em
SETBE.tmp.Kill'em
SETBF.tmp.Kill'em
SETC0.tmp.Kill'em
SETC2.tmp.Kill'em
SETC3.tmp.Kill'em
SETC4.tmp.Kill'em
SETC5.tmp.Kill'em
SETC6.tmp.Kill'em
SETC7.tmp.Kill'em
SETC8.tmp.Kill'em
SETC9.tmp.Kill'em
SETCA.tmp.Kill'em
SETCB.tmp.Kill'em
SETCC.tmp.Kill'em
SETCD.tmp.Kill'em
SETCE.tmp.Kill'em
SETCF.tmp.Kill'em
SETD0.tmp.Kill'em
SETD1.tmp.Kill'em
SETD2.tmp.Kill'em
SETD3.tmp.Kill'em
SETD4.tmp.Kill'em
SETD5.tmp.Kill'em
SETD6.tmp.Kill'em
SETD7.tmp.Kill'em
SETD8.tmp.Kill'em
SETD9.tmp.Kill'em
SETDA.tmp.Kill'em
SETDB.tmp.Kill'em
SETDC.tmp.Kill'em
SETDD.tmp.Kill'em
SETDE.tmp.Kill'em
SETE3.tmp.Kill'em
SETE4.tmp.Kill'em
SETE5.tmp.Kill'em
SETE6.tmp.Kill'em
SETE7.tmp.Kill'em
SETE8.tmp.Kill'em
SETE9.tmp.Kill'em
SETEB.tmp.Kill'em
SETEC.tmp.Kill'em
SETED.tmp.Kill'em
SETEE.tmp.Kill'em
SETEF.tmp.Kill'em
SETF0.tmp.Kill'em
SETF1.tmp.Kill'em
SETF2.tmp.Kill'em
SETF3.tmp.Kill'em
SETF4.tmp.Kill'em
SETF5.tmp.Kill'em
SETF6.tmp.Kill'em
SETF7.tmp.Kill'em
SETF8.tmp.Kill'em
SETF9.tmp.Kill'em
SETFA.tmp.Kill'em
SETFB.tmp.Kill'em
SETFC.tmp.Kill'em
SETFD.tmp.Kill'em
SETFE.tmp.Kill'em
SETFF.tmp.Kill'em
sysReserve.ini.Kill'em
_004569_.tmp.dll.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr  
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe  
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe  

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

moment de grace · Answer

c'est plus propre ainsi...

le pc est il ok ?

Staro · Answer

Oui, le PC est ok... Merci à toi...

moment de grace · Answer

tu peux mettre le topic en resolu 
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/


Bonne continuation et surtout , prudence et bon surf :)

gen-hackman · Answer

catchme a trouvé du TDSS dans List_Kill'em.....

moment de grace · Answer

???????????????

pourtant MBAM l'a attrapé apres combo 

mais oui je le vois maintenant sur killem...

gen-hackman · Answer

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\H8SRTd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\H8SRTd.sys

Staro · Answer

Hum... ???

Çà veut dire qu'il reste des saletés ??

moment de grace · Answer

bien

tu es revenu

Attention, avant de commencer, lit attentivement la procédure, et imprime la 

Télécharge ComboFix de sUBs  sur ton Bureau : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\ 

---> Double-clique sur ComboFix.exe 
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter 

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION 
(si il te le propose remets provisoirement internet)

---> Mets-le en langue française F 
Tape sur la touche 1 (Yes) pour démarrer le scan. 

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC 

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

Note : Le rapport se trouve également là : C:\ComboFix.txt

Staro · Answer

ComboFix 10-01-11.04 - Feu Central 12/01/2010  15:52:06.2.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.767.464 [GMT 1:00]
Lancé depuis: c:\documents and settings\Feu Central\Bureau\ComboFix.exe
AV: Antivirus BitDefender  *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\$NtUninstallKB922582$
c:\windows\$NtUninstallKB922582$\fltlib.dll
c:\windows\$NtUninstallKB922582$\fltmc.exe
c:\windows\$NtUninstallKB922582$\fltmgr.sys
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.exe
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.inf
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.txt
c:\windows\$NtUninstallKB922582$\spuninst\updspapi.dll

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-12-12 au 2010-01-12  ))))))))))))))))))))))))))))))))))))
.

2010-01-07 01:37 . 2010-01-07 01:38	--------	d-----w-	C:\Kill'em
2010-01-05 16:48 . 2010-01-05 16:48	--------	d-----w-	c:\program files\List_Kill'em
2010-01-04 19:59 . 2010-01-04 19:59	152576	----a-w-	c:\documents and settings\Feu Central\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-03 00:07 . 2010-01-03 00:07	--------	d-----w-	c:\documents and settings\Feu Central\Application Data\Malwarebytes
2010-01-03 00:07 . 2009-12-30 13:55	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 00:07 . 2010-01-03 00:07	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-03 00:06 . 2009-12-30 13:54	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-01-03 00:06 . 2010-01-03 00:07	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-01-01 21:54 . 2009-08-16 15:08	178176	----a-w-	c:\windows\system32\unrar.dll
2010-01-01 21:54 . 2009-05-29 21:37	205824	----a-w-	c:\windows\system32\xvidvfw.dll
2010-01-01 21:54 . 2009-05-29 21:31	881664	----a-w-	c:\windows\system32\xvidcore.dll
2010-01-01 21:54 . 2004-01-25 16:18	217088	----a-w-	c:\windows\system32\yv12vfw.dll
2010-01-01 21:54 . 2009-12-11 18:00	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2010-01-01 21:54 . 2010-01-01 21:54	--------	d-----w-	c:\program files\K-Lite Codec Pack
2010-01-01 14:05 . 2010-01-01 14:05	134	----a-w-	c:\documents and settings\Feu Central\Local Settings\Application Data\fusioncache.dat
2010-01-01 14:04 . 2010-01-01 14:08	--------	d-----w-	c:\documents and settings\Feu Central\Local Settings\Application Data\ApplicationHistory
2010-01-01 13:56 . 2010-01-01 13:56	--------	d-----w-	c:\documents and settings\Feu Central\Application Data\Windows Search
2010-01-01 10:19 . 2010-01-01 10:19	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-01 10:14 . 2010-01-01 10:14	--------	d-----w-	c:\documents and settings\Feu Central\Application Data\Windows Desktop Search
2010-01-01 10:14 . 2010-01-01 14:06	--------	d-----w-	c:\program files\Windows Desktop Search
2010-01-01 10:14 . 2010-01-01 10:14	--------	d-----w-	c:\windows\system32\GroupPolicy
2010-01-01 10:13 . 2008-03-07 17:02	98304	-c----w-	c:\windows\system32\dllcache
lhtml.dll
2010-01-01 10:13 . 2008-03-07 17:02	29696	-c----w-	c:\windows\system32\dllcache\mimefilt.dll
2010-01-01 10:13 . 2008-03-07 17:02	192000	-c----w-	c:\windows\system32\dllcache\offfilt.dll
2010-01-01 10:13 . 2010-01-01 10:13	--------	d-----w-	c:\program files\Windows Media Connect 2
2010-01-01 10:12 . 2010-01-01 10:12	--------	d-----w-	c:\windows\system32\drivers\UMDF
2010-01-01 10:12 . 2010-01-01 10:12	--------	d-----w-	c:\windows\system32\LogFiles
2010-01-01 10:10 . 2010-01-01 10:10	--------	d-----w-	c:\windows\system32\URTTEMP
2010-01-01 10:03 . 2009-11-21 15:58	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2009-12-31 05:17 . 2009-12-31 05:18	--------	dc-h--w-	c:\windows\ie8
2009-12-31 05:08 . 2009-12-31 05:19	--------	d--h--w-	c:\windows\msdownld.tmp
2009-12-31 03:04 . 2009-09-11 14:18	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-12-31 01:37 . 2009-10-29 07:42	594432	-c----w-	c:\windows\system32\dllcache\msfeeds.dll
2009-12-31 01:37 . 2009-10-29 07:42	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2009-12-31 01:37 . 2009-10-29 07:42	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-31 01:37 . 2009-10-29 07:42	1985536	-c----w-	c:\windows\system32\dllcache\iertutil.dll
2009-12-31 01:37 . 2009-10-29 07:42	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2009-12-31 01:37 . 2009-10-29 07:42	11069952	-c----w-	c:\windows\system32\dllcache\ieframe.dll
2009-12-31 01:36 . 2009-10-02 04:44	92160	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2009-12-31 01:27 . 2009-12-31 01:27	--------	d-----w-	c:\program files\BlackIsle
2009-12-30 23:58 . 2009-12-30 23:58	--------	d-----w-	c:\program files\DAEMON Tools Lite
2009-12-26 02:07 . 2009-12-26 02:07	--------	d-----w-	c:\program files\MSXML 6.0
2009-12-25 23:30 . 2004-08-05 12:00	403	-c----w-	c:\windows\system32\dllcache
pdrmv2.zip
2009-12-25 23:30 . 2004-08-05 12:00	22060	-c----w-	c:\windows\system32\dllcache
pds.zip
2009-12-25 23:30 . 2009-07-31 09:03	1372672	-c----w-	c:\windows\system32\dllcache\msxml6.dll
2009-12-25 23:30 . 2008-04-14 02:04	93184	-c----w-	c:\windows\system32\dllcache\msxml6r.dll
2009-12-25 23:30 . 2008-04-14 02:34	294912	-c----w-	c:\windows\system32\dllcache\dlimport.exe
2009-12-25 22:16 . 2009-08-25 09:18	354816	-c----w-	c:\windows\system32\dllcache\winhttp.dll
2009-12-25 22:12 . 2008-04-21 21:15	219136	-c----w-	c:\windows\system32\dllcache\wordpad.exe
2009-12-25 21:58 . 2008-06-14 17:33	272768	-c----w-	c:\windows\system32\dllcache\bthport.sys
2009-12-25 21:55 . 2009-03-06 14:20	286720	-c----w-	c:\windows\system32\dllcache\pdh.dll
2009-12-25 21:55 . 2009-02-06 10:10	227840	-c----w-	c:\windows\system32\dllcache\wmiprvse.exe
2009-12-25 21:55 . 2009-06-25 08:26	736768	-c----w-	c:\windows\system32\dllcache\lsasrv.dll
2009-12-25 21:55 . 2009-02-09 11:23	111104	-c----w-	c:\windows\system32\dllcache\services.exe
2009-12-25 21:55 . 2009-02-09 10:53	685568	-c----w-	c:\windows\system32\dllcache\advapi32.dll
2009-12-25 21:55 . 2009-02-09 10:53	473600	-c----w-	c:\windows\system32\dllcache\fastprox.dll
2009-12-25 21:55 . 2009-02-09 10:53	453120	-c----w-	c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-25 21:55 . 2009-02-09 10:53	401408	-c----w-	c:\windows\system32\dllcachepcss.dll
2009-12-25 21:55 . 2009-02-09 10:53	739840	-c----w-	c:\windows\system32\dllcache
tdll.dll
2009-12-25 21:45 . 2008-05-08 14:02	203136	-c----w-	c:\windows\system32\dllcachemcast.sys
2009-12-25 21:44 . 2008-12-11 10:57	333952	-c----w-	c:\windows\system32\dllcache\srv.sys
2009-12-25 21:43 . 2009-07-10 13:27	1315328	-c----w-	c:\windows\system32\dllcache\msoe.dll
2009-12-25 21:42 . 2008-10-15 16:35	337408	-c----w-	c:\windows\system32\dllcache
etapi32.dll
2009-12-25 21:17 . 2008-10-24 11:21	455296	-c----w-	c:\windows\system32\dllcache\mrxsmb.sys
2009-12-25 21:16 . 2008-04-11 19:05	691712	-c----w-	c:\windows\system32\dllcache\inetcomm.dll
2009-12-25 21:15 . 2009-08-04 17:27	2147328	-c----w-	c:\windows\system32\dllcache
tkrnlmp.exe
2009-12-25 21:15 . 2009-08-04 17:27	2025984	-c----w-	c:\windows\system32\dllcache
tkrpamp.exe
2009-12-25 21:15 . 2009-08-04 17:28	2068096	-c----w-	c:\windows\system32\dllcache
tkrnlpa.exe
2009-12-25 20:04 . 2010-01-02 22:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 20:04 . 2010-01-02 21:44	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-12-25 19:02 . 2004-08-05 12:00	41600	-c--a-w-	c:\windows\system32\dllcache\weitekp9.dll
2009-12-25 19:02 . 2004-08-05 12:00	31360	-c--a-w-	c:\windows\system32\dllcache\weitekp9.sys
2009-12-25 19:00 . 2004-08-05 12:00	98304	-c--a-w-	c:\windows\system32\dllcache\msir3jp.dll
2009-12-25 18:59 . 2008-04-14 02:31	198656	-c--a-w-	c:\windows\system32\dllcache\cintime.dll
2009-12-25 18:57 . 2004-08-05 12:00	16384	-c--a-w-	c:\windows\system32\dllcache\isignup.exe
2009-12-25 18:30 . 2004-08-05 12:00	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll
2009-12-25 18:30 . 2004-08-05 12:00	24661	----a-w-	c:\windows\system32\spxcoins.dll
2009-12-25 18:30 . 2004-08-05 12:00	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll
2009-12-25 18:30 . 2004-08-05 12:00	13312	----a-w-	c:\windows\system32\irclass.dll
2009-12-25 18:29 . 2009-12-25 18:29	--------	d-s---w-	c:\windows\system32\config\systemprofile\Historique
2009-12-25 14:15 . 2009-12-25 14:15	--------	d-----w-	c:\documents and settings\Administrateur\Application Data\Bitdefender
2009-12-22 06:05 . 2009-12-22 06:05	--------	d-----w-	c:\program files\QuickTime
2009-12-22 06:05 . 2009-12-22 06:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-17 19:59 . 2008-04-12 16:32	310272	----a-w-	c:\windows\EditHexaUninstall.exe
2009-12-15 22:30 . 2010-01-04 19:58	79488	----a-w-	c:\documents and settings\Feu Central\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 14:46 . 2009-05-23 20:48	43504	----a-w-	c:\documents and settings\Feu Central\Application Data\wklnhst.dat
2010-01-12 00:26 . 2009-05-23 16:42	81984	----a-w-	c:\windows\system32\bdod.bin
2010-01-04 20:00 . 2009-05-23 23:14	--------	d-----w-	c:\program files\Java
2009-12-31 03:55 . 2009-05-23 16:09	76507	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-31 01:29 . 2009-12-04 23:21	53248	----a-w-	c:\windows\ipuninst.exe
2009-12-30 23:59 . 2009-06-07 18:57	--------	d-----w-	c:\documents and settings\Feu Central\Application Data\uTorrent
2009-12-30 23:58 . 2009-10-14 08:57	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-12-26 08:51 . 2009-05-23 16:32	36936	----a-w-	c:\documents and settings\Feu Central\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 18:56 . 2009-05-23 16:06	23032	----a-w-	c:\windows\system32\emptyregdb.dat
2009-12-24 02:20 . 2009-08-04 21:02	--------	d-----w-	c:\documents and settings\Feu Central\Application Data\Canon
2009-12-04 23:05 . 2009-10-14 09:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-11-21 15:58 . 2004-08-05 12:00	471552	----a-w-	c:\windows\AppPatch\aclayers.dll
2009-11-18 19:47 . 2009-05-28 15:13	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2009-11-13 20:43 . 2009-11-13 20:43	--------	d-----w-	c:\program files\Real Alternative
2009-11-01 14:07 . 2009-05-24 12:58	36864	----a-w-	c:\documents and settings\Feu Central	imeseal.exe
2009-10-29 07:42 . 2004-08-05 12:00	916480	------w-	c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-05 12:00	75776	----a-w-	c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-05 12:00	25088	----a-w-	c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2009-12-31 03:05	265728	----a-w-	c:\windows\system32\drivers\http.sys
2010-01-04 16:40 . 2009-05-27 05:39	65536	----a-w-	c:\program files\mozilla firefox\components\FFComm.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-16 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VIA RAID TOOL.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\VIA RAID TOOL.lnk
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Readereader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 06:36	2521464	----a-w-	c:\program files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-12 19:10	339968	----a-w-	c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2009-05-23 22:37	454656	----a-w-	c:\program files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08	417792	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-11-15 10:20	77824	----a-w-	c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=
"c:\Program Files\eMule\emule.exe"=
"c:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11:09 111112]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 18:16 172032]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/10/2009 09:57 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx	REG_MULTI_SZ   	scan
p2psvc	REG_MULTI_SZ   	p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2009-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
FF - ProfilePath - c:\documents and settings\Feu Central\Application Data\Mozilla\Firefox\Profilesw4vvc86.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 15:59
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2010-01-12  16:02:09
ComboFix-quarantined-files.txt  2010-01-12 15:02

Avant-CF: 49 663 631 360 octets libres
Après-CF: 49 721 860 096 octets libres

Current=3 Default=3 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 5E53C8897B78C8FE351495D1DB71E79A

moment de grace · Answer

si tu as toujours MalwareByte's Anti-Malware
mets le à jour
examen complet
suppression
rapport

si tu ne l'as plus


http://www.malwarebytes.org/mbam/program/mbam-setup.exe

gen-hackman · Answer

sinon fais retelecharger L-K et option 2 je l ai mis a jour pour les cles H8SRTd.sys

moment de grace · Answer

recu gen..

Staro

desinstalle et retélecharge Killem

&#9654; Relance List&Kill'em avec le raccourci sur ton bureau , 

mais cette fois-ci : 

&#9654; choisis l'option 2 = Mode Suppression 

laisse travailler l'outil. 

en fin de scan un rapport s'ouvre 

&#9654; colle le contenu dans ta reponse

Staro · Answer

Ok, désolé pour ma réponse tardive...

Bon, bitdefender a trouvé plusieurs virus (bagle) lorsque j'ai réinstallé list_killem...

Le programme ne fonctionne donc pas...

moment de grace · Answer

supprimes le et fais ceci

• Téléchargez FindyKill sur le Bureau. 

http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe 

Mirroir : 

http://findykill.changelog.fr/Setup.exe 

• Double-cliquez sur FindyKill présent sur le Bureau. 

• Choisissez l'option 1 (Recherche). 

• Laissez travailler l'outil. 

• Ensuite postez le rapport FindyKill.txt qui apparaîtra (si vous avez créé un sujet sur un forum pour vous faire aider). 

• Note : Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\FindyKill.txt). 

(CTRL+A pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller)

gen-hackman · Answer

normal il est conseillé de desactiver l antivirus

bitdefender le detecte comme bagle , car c'est dans sa base de données pour la recherche heuristique , il me le fait a moi aussi

moment de grace · Answer

salut gen-hackman,

je ne connaissais pas la particularité...on me dis rien à moi !
(sourire)

donc Staro, on refait le post 49 en désactivant bien toutes les protections

gen-hackman · Answer

bha je savais pas que tu le savais pas ^^

Staro · Answer

Ok, moment de grace, re-désolé pour le retard... Voilà le rapport kill'em :

Kill'em by g3n-h@ckm@n 1.1.8.4 
 
User : Feu Central (Administrateurs) 
Update on 17/01/2010 by g3n-h@ckm@n ::::: 00:10 
Start at: 20:30:48 | 24/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender  12.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (45,18 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
F:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings	emp\174.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\WINDOWS\002681_.tmp 
Quarantined & Deleted !! : C:\WINDOWS\003131_.tmp 
Quarantined & Deleted !! : C:\WINDOWS\003138_.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET502.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET80.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET83.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET8F.tmp 
Quarantined & Deleted !! : C:\WINDOWS\mbr.exe 
 
 
==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe  
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe  
Deleted : HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys  
Deleted : HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys  
Deleted : HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys  
Deleted : HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys  

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

moment de grace · Answer

salut

&#9654; Relance List&Kill'em avec le raccourci sur ton bureau , 

mais cette fois-ci : 

&#9654; choisis l'option 2 = Mode Suppression 

laisse travailler l'outil. 

en fin de scan un rapport s'ouvre 

&#9654; colle le contenu dans ta reponse

Staro · Answer

Salut Moment de grace, 

C'est ce que j'avais déjà fait au post 54, mais peut-être vois tu une raison de recommencer...

Donc, le rapport kill'em :

Kill'em by g3n-h@ckm@n 1.1.8.4 
 
User : Feu Central (Administrateurs) 
Update on 17/01/2010 by g3n-h@ckm@n ::::: 00:10 
Start at: 11:24:17 | 25/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender  12.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (45,46 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
F:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings	emp\2B.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

 
 
==============
host file OK !
==============

========
Registry
========

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

moment de grace · Answer

(sourire)

non en effet, un moment d'égarement, j'avais un peu décroché sur ton sujet

comment va le pc ?

Staro · Answer

Le PC va pas très bien, il a tendance à ramer parfois...

Ma mère m'a dit qu'il ramait grave ce matin, elle a fait un scan bitdefender puis un scan en ligne...

Le scan en ligne a trouvé 5 virus, supprimé 2, les 3 autres ne pouvant être supprimé...

Bon, elle m'a dit qu'elle avait sauvegardé le scan, mais bien sûr je n'arrive pas à mettre la main dessus, je ne sais pas où elle à pu le mettre...

Je te tiens au courant...

Staro · Answer

Bon, j'ai trouvé le rapport de scan, et à priori, c'est une fausse alerte... Les virus listés concernent List_kill'em je pense...

Mais je le poste à tout hasard...

BitDefender Online Scanner
  
  
 
Rapport d'analyse gnr : Tue, Jan 26, 2010 - 09:43:11
 
 
  
  
 
Voie d'analyse: C:\Documents and Settings\Feu Central\Mes documents;C:\;D:\;E:\;C:\Documents and Settings\Feu Central\Mes documents;
  
  
 
 
  
  
 
Statistiques
 
Temps
 00:27:57
 
Fichiers
 42101
 
Directoires
 5285
 
Secteurs de boot
 0
 
Archives
 721
 
Paquets programmes
 1768
 
  
  
 
Rsultats
 
Virus identifis
 2
 
Fichiers infects
 3
 
Fichiers suspects
 0
 
Avertissements
 0
 
Dsinfects
 0
 
Fichiers effacs
 3
 
  
  
 
Info sur les moteurs
 
Dfinition virus
 4897140
 
Version des moteurs
 AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009)
 
Analyse des plugins
 17
 
Archive des plugins
 44
 
Unpack des plugins
 8
 
E-mail plugins
 6
 
Systme plugins
 4
 
  
  
 
Paramtres d'analyse
 
Premire action
 DÃ©sinfectÃ©
 
Seconde Action
 SupprimÃ©s
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analyses
 exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analys
  Statut
 
C:\Documents and Settings\Feu Central\Bureau\List_Killem_Install(2).exe=>(Instyler o)=>(Instyler Module 0)
 InfectÃ© par: DeepScan:Generic.Bagle.2.96E5C887
 
C:\Documents and Settings\Feu Central\Bureau\List_Killem_Install(2).exe=>(Instyler o)=>(Instyler Module 0)
 Echec de la dÃ©sinfection
 
C:\Documents and Settings\Feu Central\Bureau\List_Killem_Install(2).exe=>(Instyler o)=>(Instyler Module 0)
 SupprimÃ©
 
C:\Documents and Settings\Feu Central\Bureau\List_Killem_Install(2).exe=>(Instyler o)
 Echec de la mise Ã  jour
 
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP32\A0013032.exe=>(Instyler o)=>(Instyler Module 0)
 InfectÃ© par: DeepScan:Generic.Bagle.2.B676718A
 
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP32\A0013032.exe=>(Instyler o)=>(Instyler Module 0)
 Echec de la dÃ©sinfection
 
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP32\A0013032.exe=>(Instyler o)=>(Instyler Module 0)
 SupprimÃ©
 
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP32\A0013032.exe=>(Instyler o)
 Echec de la mise Ã  jour
 
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP33\A0013194.exe=>(Instyler o)=>(Instyler Module 0)
 InfectÃ© par: DeepScan:Generic.Bagle.2.B676718A
 
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP33\A0013194.exe=>(Instyler o)=>(Instyler Module 0)
 Echec de la dÃ©sinfection
 
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP33\A0013194.exe=>(Instyler o)=>(Instyler Module 0)
 SupprimÃ©
 
C:\System Volume Information\_restore{537509E0-6000-4F4E-A78F-C0655BB9AE8F}\RP33\A0013194.exe=>(Instyler o)
 Echec de la mise Ã  jour 


Bon, du coup, je m'explique pas le fait que le PC rame toujours...

PS: Si çà t'ennuie trop de continuer sur ce topic, je comprendrais parfaitement, j'avoue que moi aussi j'avais un peu lâché l'affaire... Et puis le PC marche, même si çà rame un peu parfois...

moment de grace · Answer

effectivement, supprimes killem

de plus tu n'as pas purger la restauration systemes et il y en a dedans

Purger la restauration systeme XP

http://www.bibou0007.com/windows-xp-f101/purger-la-restauration-du-systeme-sous-windows-xp-t151.htm

.................


/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\ 


&#9654; Télécharge : Gmer (by Przemyslaw Gmerek) 

http://www.gmer.net/



&#9654; Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre. 

&#9654; Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le) 

Ensuite 

&#9654; sur les lignes rouge: 

&#9654; Services:cliques droit delete service 
&#9654; Process:cliques droit kill process 
&#9654; Adl ,file:cliques droit delete files

Staro · Answer

Ok, voilà le rapport Gmer (pas de lignes rouges en vue) :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 22:52:10
Windows 5.1.2600 Service Pack 3
Running: v4q9tpsh.exe; Driver: C:\DOCUME~1\FEUCEN~1\LOCALS~1\Temp\uxldruog.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.)  ZwOpenProcess [0xB224CC90]
SSDT            \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.)  ZwOpenThread [0xB224CD7E]
SSDT            \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.)  ZwTerminateProcess [0xB224CBF4]
SSDT            \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.)  ZwTerminateThread [0xB224CEC4]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\SearchIndexer.exe[1476] kernel32.dll!WriteFile                                                      7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtCreateFile + 5                                           7C91D0B3 10 Bytes  [68, 78, 2F, 40, 60, E9, C3, ...] {PUSH 0x60402f78; JMP 0xffffffffe36ef4cd}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtCreateKey + 5                                            7C91D0F3 10 Bytes  [68, 70, 7E, 41, 60, E9, 83, ...] {PUSH 0x60417e70; JMP 0xffffffffe36ef48d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtCreateSection + 5                                        7C91D183 10 Bytes  [68, F0, 12, 41, 60, E9, F3, ...] {PUSH 0x604112f0; JMP 0xffffffffe36ef3fd}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtDeleteValueKey + 5                                       7C91D273 10 Bytes  [68, 78, 40, 42, 60, E9, 03, ...] {PUSH 0x60424078; JMP 0xffffffffe36ef30d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtLoadDriver + 5                                           7C91D473 10 Bytes  [68, 60, 81, 40, 60, E9, 03, ...] {PUSH 0x60408160; JMP 0xffffffffe36ef10d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtMapViewOfSection + 5                                     7C91D523 10 Bytes  [68, D0, 73, 41, 60, E9, 53, ...] {PUSH 0x604173d0; JMP 0xffffffffe36ef05d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtOpenFile + 5                                             7C91D5A3 10 Bytes  [68, 10, 08, 41, 60, E9, D3, ...] {PUSH 0x60410810; JMP 0xffffffffe36eefdd}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtOpenKey + 5                                              7C91D5D3 10 Bytes  [68, E0, 83, 41, 60, E9, A3, ...] {PUSH 0x604183e0; JMP 0xffffffffe36eefad}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtOpenProcess + 5                                          7C91D603 10 Bytes  [68, F0, 68, 41, 60, E9, 73, ...] {PUSH 0x604168f0; JMP 0xffffffffe36eef7d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtQueueApcThread + 5                                       7C91D9A3 10 Bytes  [68, 60, 6E, 41, 60, E9, D3, ...] {PUSH 0x60416e60; JMP 0xffffffffe36eebdd}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtSetValueKey + 5                                          7C91DDD3 10 Bytes  [68, 50, 71, 40, 60, E9, A3, ...] {PUSH 0x60407150; JMP 0xffffffffe36ee7ad}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtWriteFile + 5                                            7C91DF83 10 Bytes  [68, 80, 0D, 41, 60, E9, F3, ...] {PUSH 0x60410d80; JMP 0xffffffffe36ee5fd}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!LdrLoadDll + 1                                             7C9263C4 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!RtlCreateProcessParameters                                 7C932E99 10 Bytes  [68, A0, C3, 40, 60, E9, DD, ...] {PUSH 0x6040c3a0; JMP 0xffffffffe36d96e7}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!LoadLibraryExW                                          7C801AF5 10 Bytes  CALL 65E05D3F 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!GetStartupInfoW                                         7C801E54 10 Bytes  [68, 40, A4, 41, 60, E9, 22, ...] {PUSH 0x6041a440; JMP 0xffffffffe380a72c}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!GetStartupInfoA                                         7C801EF2 10 Bytes  [68, D0, 9E, 41, 60, E9, 84, ...] {PUSH 0x60419ed0; JMP 0xffffffffe380a68e}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!WriteProcessMemory                                      7C802213 10 Bytes  [68, 10, 5E, 41, 60, E9, 63, ...] {PUSH 0x60415e10; JMP 0xffffffffe380a36d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CloseHandle                                             7C809BE7 10 Bytes  [68, 58, 3A, 40, 60, E9, 8F, ...] {PUSH 0x60403a58; JMP 0xffffffffe3802999}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!SetEvent                                                7C80A0B7 10 Bytes  [68, A8, 5B, 42, 60, E9, BF, ...] {PUSH 0x60425ba8; JMP 0xffffffffe38024c9}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateEventW                                            7C80A749 10 Bytes  [68, B0, 8F, 40, 60, E9, 2D, ...] {PUSH 0x60408fb0; JMP 0xffffffffe3801e37}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!FreeLibrary                                             7C80AC7E 10 Bytes  [68, 38, 56, 42, 60, E9, F8, ...] {PUSH 0x60425638; JMP 0xffffffffe3801902}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!GetModuleFileNameA + DF                                 7C80B64E 10 Bytes  CALL 65E0F687 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateMutexW                                            7C80E957 10 Bytes  [68, E0, 98, 40, 60, E9, 1F, ...] {PUSH 0x604098e0; JMP 0xffffffffe37fdc29}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!FindFirstFileExW                                        7C80EB1D 10 Bytes  CALL 65E12CAD 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateRemoteThread + 1                                  7C8104CD 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateThread                                            7C8106D7 10 Bytes  [68, B0, A9, 41, 60, E9, 9F, ...] {PUSH 0x6041a9b0; JMP 0xffffffffe37fbea9}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateFileW                                             7C810800 10 Bytes  [68, 58, 79, 40, 60, E9, 76, ...] {PUSH 0x60407958; JMP 0xffffffffe37fbd80}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateProcessInternalW + 1                              7C8197B1 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!ExitProcess                                             7C81CB12 10 Bytes  [68, C8, 50, 42, 60, E9, 64, ...] {PUSH 0x604250c8; JMP 0xffffffffe37efa6e}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CopyFileExW                                             7C827B32 10 Bytes  [68, C8, 3F, 40, 60, E9, 44, ...] {PUSH 0x60403fc8; JMP 0xffffffffe37e4a4e}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!PulseEvent                                              7C82C06E 10 Bytes  [68, 18, 61, 42, 60, E9, 08, ...] {PUSH 0x60426118; JMP 0xffffffffe37e0512}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CheckRemoteDebuggerPresent                              7C85AAF2 10 Bytes  [68, 00, B9, 40, 60, E9, 84, ...] {PUSH 0x6040b900; JMP 0xffffffffe37b1a8e}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!SetThreadContext                                        7C863C09 10 Bytes  [68, 80, 63, 41, 60, E9, 6D, ...] {PUSH 0x60416380; JMP 0xffffffffe37a8977}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!ReadConsoleA                                            7C872B5D 10 Bytes  [68, D0, F2, 40, 60, E9, 19, ...] {PUSH 0x6040f2d0; JMP 0xffffffffe3799a23}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!ReadConsoleW                                            7C872BAC 10 Bytes  [68, 40, F8, 40, 60, E9, CA, ...] {PUSH 0x6040f840; JMP 0xffffffffe37999d4}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!ReadConsoleInputA                                       7C874613 10 Bytes  [68, F0, E7, 40, 60, E9, 63, ...] {PUSH 0x6040e7f0; JMP 0xffffffffe3797f6d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!ReadConsoleInputW                                       7C874636 10 Bytes  [68, 60, ED, 40, 60, E9, 40, ...] {PUSH 0x6040ed60; JMP 0xffffffffe3797f4a}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!RegQueryValueExW + 10C                                  77DA710B 10 Bytes  [68, 80, A3, 40, 60, E9, 6B, ...] {PUSH 0x6040a380; JMP 0xffffffffe8265475}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!OpenServiceW                                            77DB6FFD 10 Bytes  [68, F8, 1A, 41, 60, E9, 79, ...] {PUSH 0x60411af8; JMP 0xffffffffe8255583}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!ControlService                                          77DC4A09 10 Bytes  [68, 70, 28, 41, 60, E9, 6D, ...] {PUSH 0x60412870; JMP 0xffffffffe8247b77}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!OpenServiceA                                            77DC4C66 10 Bytes  [68, 68, 20, 41, 60, E9, 10, ...] {PUSH 0x60412068; JMP 0xffffffffe824791a}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!ChangeServiceConfigA                                    77E06E69 10 Bytes  [68, 50, 33, 41, 60, E9, 0D, ...] {PUSH 0x60413350; JMP 0xffffffffe8205717}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!ChangeServiceConfigW                                    77E07001 10 Bytes  [68, E0, 2D, 41, 60, E9, 75, ...] {PUSH 0x60412de0; JMP 0xffffffffe820557f}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!CreateServiceA                                          77E07211 10 Bytes  [68, F0, A8, 40, 60, E9, 65, ...] {PUSH 0x6040a8f0; JMP 0xffffffffe820536f}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!CreateServiceW                                          77E073A9 10 Bytes  [68, 60, AE, 40, 60, E9, CD, ...] {PUSH 0x6040ae60; JMP 0xffffffffe82051d7}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] WS2_32.dll!WEP + FFFEF156                                            719F1273 10 Bytes  [68, F0, 93, 41, 60, E9, 03, ...] {PUSH 0x604193f0; JMP 0xffffffffee61b30d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] WS2_32.dll!connect                                                   719F4A07 10 Bytes  [68, 50, C6, 41, 60, E9, 6F, ...] {PUSH 0x6041c650; JMP 0xffffffffee617b79}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] WS2_32.dll!send                                                      719F4C27 10 Bytes  [68, 48, BE, 41, 60, E9, 4F, ...] {PUSH 0x6041be48; JMP 0xffffffffee617959}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] WS2_32.dll!WSAStartup                                                719F6A55 10 Bytes  [68, 60, 99, 41, 60, E9, 21, ...] {PUSH 0x60419960; JMP 0xffffffffee615b2b}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!GetMessageW                                               7E3991C6 10 Bytes  [68, A0, D7, 40, 60, E9, B0, ...] {PUSH 0x6040d7a0; JMP 0xffffffffe1c733ba}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!PeekMessageW                                              7E39929B 10 Bytes  [68, 80, E2, 40, 60, E9, DB, ...] {PUSH 0x6040e280; JMP 0xffffffffe1c732e5}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!GetMessageA                                               7E3A772B 10 Bytes  [68, 30, D2, 40, 60, E9, 4B, ...] {PUSH 0x6040d230; JMP 0xffffffffe1c64e55}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!SetWindowsHookExW                                         7E3A820F 10 Bytes  [68, 50, 48, 41, 60, E9, 67, ...] {PUSH 0x60414850; JMP 0xffffffffe1c64371}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!PeekMessageA                                              7E3AA340 10 Bytes  [68, 10, DD, 40, 60, E9, 36, ...] {PUSH 0x6040dd10; JMP 0xffffffffe1c62240}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!SetWindowsHookExA                                         7E3B1211 10 Bytes  [68, C0, 4D, 41, 60, E9, 65, ...] {PUSH 0x60414dc0; JMP 0xffffffffe1c5b36f}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtCreateFile + 5                                  7C91D0B3 10 Bytes  [68, B0, 2F, 40, 60, E9, C3, ...] {PUSH 0x60402fb0; JMP 0xffffffffe36ef4cd}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtCreateKey + 5                                   7C91D0F3 10 Bytes  [68, C8, 7E, 41, 60, E9, 83, ...] {PUSH 0x60417ec8; JMP 0xffffffffe36ef48d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtCreateSection + 5                               7C91D183 10 Bytes  [68, 48, 13, 41, 60, E9, F3, ...] {PUSH 0x60411348; JMP 0xffffffffe36ef3fd}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtDeleteValueKey + 5                              7C91D273 10 Bytes  [68, D0, 39, 42, 60, E9, 03, ...] {PUSH 0x604239d0; JMP 0xffffffffe36ef30d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtLoadDriver + 5                                  7C91D473 10 Bytes  [68, C8, 81, 40, 60, E9, 03, ...] {PUSH 0x604081c8; JMP 0xffffffffe36ef10d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtMapViewOfSection + 5                            7C91D523 10 Bytes  [68, 28, 74, 41, 60, E9, 53, ...] {PUSH 0x60417428; JMP 0xffffffffe36ef05d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtOpenFile + 5                                    7C91D5A3 10 Bytes  [68, 68, 08, 41, 60, E9, D3, ...] {PUSH 0x60410868; JMP 0xffffffffe36eefdd}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtOpenKey + 5                                     7C91D5D3 10 Bytes  [68, 38, 84, 41, 60, E9, A3, ...] {PUSH 0x60418438; JMP 0xffffffffe36eefad}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtOpenProcess + 5                                 7C91D603 10 Bytes  [68, 48, 69, 41, 60, E9, 73, ...] {PUSH 0x60416948; JMP 0xffffffffe36eef7d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtQueueApcThread + 5                              7C91D9A3 10 Bytes  [68, B8, 6E, 41, 60, E9, D3, ...] {PUSH 0x60416eb8; JMP 0xffffffffe36eebdd}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtSetValueKey + 5                                 7C91DDD3 10 Bytes  [68, B8, 71, 40, 60, E9, A3, ...] {PUSH 0x604071b8; JMP 0xffffffffe36ee7ad}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtWriteFile + 5                                   7C91DF83 10 Bytes  [68, D8, 0D, 41, 60, E9, F3, ...] {PUSH 0x60410dd8; JMP 0xffffffffe36ee5fd}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!LdrLoadDll + 1                                    7C9263C4 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!RtlCreateProcessParameters                        7C932E99 10 Bytes  [68, F8, C3, 40, 60, E9, DD, ...] {PUSH 0x6040c3f8; JMP 0xffffffffe36d96e7}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!LoadLibraryExW                                 7C801AF5 10 Bytes  [68, 40, 3F, 42, 60, E9, 81, ...] {PUSH 0x60423f40; JMP 0xffffffffe380aa8b}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!GetStartupInfoW                                7C801E54 10 Bytes  [68, 18, A1, 41, 60, E9, 22, ...] {PUSH 0x6041a118; JMP 0xffffffffe380a72c}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!GetStartupInfoA                                7C801EF2 10 Bytes  [68, A8, 9B, 41, 60, E9, 84, ...] {PUSH 0x60419ba8; JMP 0xffffffffe380a68e}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!WriteProcessMemory                             7C802213 10 Bytes  [68, 68, 5E, 41, 60, E9, 63, ...] {PUSH 0x60415e68; JMP 0xffffffffe380a36d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CloseHandle                                    7C809BE7 10 Bytes  [68, 90, 3A, 40, 60, E9, 8F, ...] {PUSH 0x60403a90; JMP 0xffffffffe3802999}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!SetEvent                                       7C80A0B7 2 Bytes  [68, 00]
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!SetEvent + 3                                   7C80A0BA 7 Bytes  JMP 6000C57E C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateEventW                                   7C80A749 10 Bytes  [68, 18, 90, 40, 60, E9, 2D, ...] {PUSH 0x60409018; JMP 0xffffffffe3801e37}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!FreeLibrary                                    7C80AC7E 10 Bytes  [68, 90, 4F, 42, 60, E9, F8, ...] {PUSH 0x60424f90; JMP 0xffffffffe3801902}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!GetModuleFileNameA + DF                        7C80B64E 10 Bytes  [68, 20, 35, 40, 60, E9, 28, ...] {PUSH 0x60403520; JMP 0xffffffffe3800f32}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateMutexW                                   7C80E957 10 Bytes  [68, 38, 99, 40, 60, E9, 1F, ...] {PUSH 0x60409938; JMP 0xffffffffe37fdc29}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!FindFirstFileExW                               7C80EB1D 10 Bytes  [68, 40, 8C, 41, 60, E9, 59, ...] {PUSH 0x60418c40; JMP 0xffffffffe37fda63}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateRemoteThread + 1                         7C8104CD 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateThread                                   7C8106D7 10 Bytes  [68, 88, A6, 41, 60, E9, 9F, ...] {PUSH 0x6041a688; JMP 0xffffffffe37fbea9}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateFileW                                    7C810800 10 Bytes  [68, C0, 79, 40, 60, E9, 76, ...] {PUSH 0x604079c0; JMP 0xffffffffe37fbd80}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateProcessInternalW + 1                     7C8197B1 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!ExitProcess                                    7C81CB12 10 Bytes  [68, 20, 4A, 42, 60, E9, 64, ...] {PUSH 0x60424a20; JMP 0xffffffffe37efa6e}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CopyFileExW                                    7C827B32 10 Bytes  [68, 08, 40, 40, 60, E9, 44, ...] {PUSH 0x60404008; JMP 0xffffffffe37e4a4e}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!PulseEvent                                     7C82C06E 10 Bytes  [68, 70, 5A, 42, 60, E9, 08, ...] {PUSH 0x60425a70; JMP 0xffffffffe37e0512}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CheckRemoteDebuggerPresent                     7C85AAF2 10 Bytes  [68, 58, B9, 40, 60, E9, 84, ...] {PUSH 0x6040b958; JMP 0xffffffffe37b1a8e}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!SetThreadContext                               7C863C09 10 Bytes  [68, D8, 63, 41, 60, E9, 6D, ...] {PUSH 0x604163d8; JMP 0xffffffffe37a8977}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!ReadConsoleA                                   7C872B5D 10 Bytes  [68, 28, F3, 40, 60, E9, 19, ...] {PUSH 0x6040f328; JMP 0xffffffffe3799a23}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!ReadConsoleW                                   7C872BAC 10 Bytes  [68, 98, F8, 40, 60, E9, CA, ...] {PUSH 0x6040f898; JMP 0xffffffffe37999d4}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!ReadConsoleInputA                              7C874613 10 Bytes  CALL E070A658 
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!ReadConsoleInputW                              7C874636 10 Bytes  [68, B8, ED, 40, 60, E9, 40, ...] {PUSH 0x6040edb8; JMP 0xffffffffe3797f4a}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!GetMessageW                                      7E3991C6 10 Bytes  [68, F8, D7, 40, 60, E9, B0, ...] {PUSH 0x6040d7f8; JMP 0xffffffffe1c733ba}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!PeekMessageW                                     7E39929B 10 Bytes  [68, D8, E2, 40, 60, E9, DB, ...] {PUSH 0x6040e2d8; JMP 0xffffffffe1c732e5}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!GetMessageA                                      7E3A772B 10 Bytes  [68, 88, D2, 40, 60, E9, 4B, ...] {PUSH 0x6040d288; JMP 0xffffffffe1c64e55}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!SetWindowsHookExW                                7E3A820F 10 Bytes  [68, A8, 48, 41, 60, E9, 67, ...] {PUSH 0x604148a8; JMP 0xffffffffe1c64371}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!PeekMessageA                                     7E3AA340 10 Bytes  [68, 68, DD, 40, 60, E9, 36, ...] {PUSH 0x6040dd68; JMP 0xffffffffe1c62240}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!SetWindowsHookExA                                7E3B1211 10 Bytes  [68, 18, 4E, 41, 60, E9, 65, ...] {PUSH 0x60414e18; JMP 0xffffffffe1c5b36f}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!RegQueryValueExW + 10C                         77DA710B 10 Bytes  [68, D8, A3, 40, 60, E9, 6B, ...] {PUSH 0x6040a3d8; JMP 0xffffffffe8265475}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!OpenServiceW                                   77DB6FFD 10 Bytes  [68, 50, 1B, 41, 60, E9, 79, ...] {PUSH 0x60411b50; JMP 0xffffffffe8255583}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!ControlService                                 77DC4A09 10 Bytes  [68, C8, 28, 41, 60, E9, 6D, ...] {PUSH 0x604128c8; JMP 0xffffffffe8247b77}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!OpenServiceA                                   77DC4C66 10 Bytes  [68, C0, 20, 41, 60, E9, 10, ...] {PUSH 0x604120c0; JMP 0xffffffffe824791a}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!ChangeServiceConfigA                           77E06E69 10 Bytes  [68, A8, 33, 41, 60, E9, 0D, ...] {PUSH 0x604133a8; JMP 0xffffffffe8205717}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!ChangeServiceConfigW                           77E07001 10 Bytes  [68, 38, 2E, 41, 60, E9, 75, ...] {PUSH 0x60412e38; JMP 0xffffffffe820557f}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!CreateServiceA                                 77E07211 10 Bytes  [68, 48, A9, 40, 60, E9, 65, ...] {PUSH 0x6040a948; JMP 0xffffffffe820536f}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!CreateServiceW                                 77E073A9 10 Bytes  [68, B8, AE, 40, 60, E9, CD, ...] {PUSH 0x6040aeb8; JMP 0xffffffffe82051d7}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                               bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                               bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                             bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x71 0x8A 0xB5 0x98 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x71 0x8A 0xB5 0x98 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x26 0x5A 0x78 0xF7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                               
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x97 0xD8 0x48 0xBB ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x39 0xB3 0xD2 0x5F ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x26 0x5A 0x78 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x97 0xD8 0x48 0xBB ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x39 0xB3 0xD2 0x5F ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x26 0x5A 0x78 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x97 0xD8 0x48 0xBB ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x39 0xB3 0xD2 0x5F ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x26 0x5A 0x78 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x97 0xD8 0x48 0xBB ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x39 0xB3 0xD2 0x5F ...

---- EOF - GMER 1.0.15 ----

moment de grace · Answer

je ne vois pas ce qui pourrait le faire ramer au point de vue infection

néanmois


Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Clique sur parcourir et cherche ce fichier : 

c:\windows\pchealth\helpctr\OfflineCache\index.dat
c:\windows\ipuninst.exe
c:\program files\Mozilla Firefox\plugins
p-mswmp.dll


Clique sur Send File. 

Un rapport va s'élaborer ligne à ligne. 

Attends la fin. Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copie le dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers : 

Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK

Staro · Answer

Alors, voilà les rapports :

np-mswmp.dll : 

 Fichier np-mswmp.dll reçu le 2010.01.30 23:18:37 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared 	4.5.0.50 	2010.01.30 	-
AhnLab-V3 	5.0.0.2 	2010.01.30 	-
AntiVir 	7.9.1.154 	2010.01.29 	-
Antiy-AVL 	2.0.3.7 	2010.01.28 	-
Authentium 	5.2.0.5 	2010.01.30 	-
Avast 	4.8.1351.0 	2010.01.30 	-
AVG 	9.0.0.730 	2010.01.31 	-
BitDefender 	7.2 	2010.01.30 	-
CAT-QuickHeal 	10.00 	2010.01.30 	-
ClamAV 	0.96.0.0-git 	2010.01.30 	-
Comodo 	3765 	2010.01.30 	-
DrWeb 	5.0.1.12222 	2010.01.30 	-
eSafe 	7.0.17.0 	2010.01.28 	-
eTrust-Vet 	35.2.7271 	2010.01.29 	-
F-Prot 	4.5.1.85 	2010.01.30 	-
F-Secure 	9.0.15370.0 	2010.01.30 	-
Fortinet 	4.0.14.0 	2010.01.30 	-
GData 	19 	2010.01.30 	-
Ikarus 	T3.1.1.80.0 	2010.01.30 	-
Jiangmin 	13.0.900 	2010.01.28 	-
K7AntiVirus 	7.10.960 	2010.01.29 	-
Kaspersky 	7.0.0.125 	2010.01.31 	-
McAfee 	5877 	2010.01.30 	-
McAfee+Artemis 	5877 	2010.01.30 	-
McAfee-GW-Edition 	6.8.5 	2010.01.30 	-
Microsoft 	1.5406 	2010.01.31 	-
NOD32 	4821 	2010.01.30 	-
Norman 	6.04.03 	2010.01.30 	-
nProtect 	2009.1.8.0 	2010.01.30 	-
Panda 	10.0.2.2 	2010.01.30 	-
PCTools 	7.0.3.5 	2010.01.30 	-
Rising 	22.32.05.04 	2010.01.30 	-
Sophos 	4.50.0 	2010.01.30 	-
Sunbelt 	3.2.1858.2 	2010.01.30 	-
Symantec 	20091.2.0.41 	2010.01.30 	-
TheHacker 	6.5.1.0.173 	2010.01.30 	-
TrendMicro 	9.120.0.1004 	2010.01.30 	-
VBA32 	3.12.12.1 	2010.01.29 	-
ViRobot 	2010.1.30.2164 	2010.01.30 	-
VirusBuster 	5.0.21.0 	2010.01.30 	-
Information additionnelle
File size: 163256 bytes
MD5   : 99f97c9fe748c37528c338a423577fcb
SHA1  : 40d76ef18e457868d3e3695b8901f41db517c09d
SHA256: 8b688cc16cb9c64f30c42a844a92b49d76b9601cfb99b533da96f91aa0844fdf
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x41AD47
timedatestamp.....: 0x461C294A (Wed Apr 11 02:18:18 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1FF0F 0x20000 6.42 c548af63ecc94034f35a497bd6646e7a
.data 0x21000 0x24F0 0x2000 2.68 7f5817b74946141e1c477c186bc4a307
.rsrc 0x24000 0x5C8 0x600 3.31 2b2533c15671c6e7336cfa728d39f7fa
.reloc 0x25000 0x2CA0 0x2E00 5.78 04797e3e674983a2d0c696c7911804a9

( 0 imports )


( 0 exports )
TrID  : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ssdeep: 3072:FpAHqv1/4MZomNAJeS9dpdhI1UP2x4rgaHb60RYv24IkyERB5y/paSy/EW:7AHqv1/4MZomMM48aHO0ehIjiBay5
PEiD  : -
RDS   : NSRL Reference Data Set


ipuninst.exe :

 Fichier ipuninst.exe reçu le 2010.02.01 14:23:56 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared 	4.5.0.50 	2010.02.01 	-
AhnLab-V3 	5.0.0.2 	2010.01.31 	-
AntiVir 	7.9.1.154 	2010.02.01 	-
Antiy-AVL 	2.0.3.7 	2010.02.01 	-
Authentium 	5.2.0.5 	2010.01.31 	-
Avast 	4.8.1351.0 	2010.01.31 	-
AVG 	9.0.0.730 	2010.02.01 	-
BitDefender 	7.2 	2010.02.01 	-
CAT-QuickHeal 	10.00 	2010.02.01 	-
ClamAV 	0.96.0.0-git 	2010.02.01 	-
Comodo 	3783 	2010.02.01 	-
DrWeb 	5.0.1.12222 	2010.02.01 	-
eSafe 	7.0.17.0 	2010.01.31 	-
eTrust-Vet 	35.2.7274 	2010.02.01 	-
F-Prot 	4.5.1.85 	2010.01.31 	-
F-Secure 	9.0.15370.0 	2010.02.01 	-
Fortinet 	4.0.14.0 	2010.02.01 	-
GData 	19 	2010.02.01 	-
Ikarus 	T3.1.1.80.0 	2010.02.01 	-
Jiangmin 	13.0.900 	2010.01.28 	-
K7AntiVirus 	7.10.960 	2010.01.29 	-
Kaspersky 	7.0.0.125 	2010.02.01 	-
McAfee 	5878 	2010.01.31 	-
McAfee+Artemis 	5878 	2010.01.31 	-
McAfee-GW-Edition 	6.8.5 	2010.02.01 	-
Microsoft 	1.5406 	2010.02.01 	-
NOD32 	4824 	2010.02.01 	-
Norman 	6.04.03 	2010.01.31 	-
nProtect 	2009.1.8.0 	2010.02.01 	-
Panda 	10.0.2.2 	2010.01.31 	-
PCTools 	7.0.3.5 	2010.02.01 	-
Rising 	22.33.00.04 	2010.02.01 	-
Sophos 	4.50.0 	2010.02.01 	-
Sunbelt 	3.2.1858.2 	2010.01.31 	-
Symantec 	20091.2.0.41 	2010.02.01 	-
TheHacker 	6.5.1.0.175 	2010.02.01 	-
TrendMicro 	9.120.0.1004 	2010.02.01 	-
VBA32 	3.12.12.1 	2010.02.01 	-
ViRobot 	2010.2.1.2166 	2010.02.01 	-
VirusBuster 	5.0.21.0 	2010.02.01 	-
Information additionnelle
File size: 53248 bytes
MD5   : a2c8c9cccda4e2ec402e26c072a7f78b
SHA1  : 517b471eb6f8dc66bea96b1fbb273140f345bb33
SHA256: cbea5e1e1e78dcf975c9e0420fbf37809aab2130277c502c1a03cebae682aa19
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2590
timedatestamp.....: 0x3498B207 (Thu Dec 18 06:17:59 1997)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5E50 0x6000 6.33 86fcb884a79e60f221e2760b1e9ee8e5
.rdata 0x7000 0x3B7 0x400 4.91 4128707251e1e41df2c9ef7f34585ed2
.data 0x8000 0x2A28 0x1400 1.19 67aaaa34d51121ffdf354fb4e81c7a89
.idata 0xB000 0x726 0x800 4.76 8542db9f6298d99c179ee667114f984e
.rsrc 0xC000 0x4370 0x4400 4.39 5cf8e82fc60c0ab86794eb5185588adc
.reloc 0x11000 0x74A 0x800 5.50 cf0ee5bfcb468a872bd51ff90abd1437

( 4 imports )

> advapi32.dll: RegDeleteKeyA, RegEnumKeyA, RegOpenKeyExA, RegCloseKey
> comctl32.dll: -
> kernel32.dll: GetModuleHandleA, GetLastError, DeleteFileA, RemoveDirectoryA, GetVersion, WideCharToMultiByte, GetStringTypeW, LoadLibraryA, GetProcAddress, SetEndOfFile, ReadFile, LCMapStringW, CreateFileA, FlushFileBuffers, SetStdHandle, LCMapStringA, WriteFile, GetStdHandle, SetFilePointer, SetHandleCount, GetOEMCP, GetFileType, HeapAlloc, HeapReAlloc, HeapFree, GetStartupInfoA, GetCommandLineA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, CloseHandle, GetStringTypeA, UnhandledExceptionFilter, GetModuleFileNameA, MultiByteToWideChar, ExitProcess, TerminateProcess, GetCurrentProcess, RtlUnwind, GetCPInfo, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetACP
> user32.dll: SendMessageA, LoadIconA, MessageBoxA, GetWindowLongA, SetClassLongA, wsprintfA, EndDialog, ShowWindow, PostMessageA, SetWindowTextA, DialogBoxParamA, EnableWindow, SetFocus, GetDlgItem, SetDlgItemTextA, LoadStringA

( 0 exports )
TrID  : File type identification
Win32 Executable MS Visual C++ 4.x (48.0%)
Win64 Executable Generic (30.5%)
Win32 Executable MS Visual C++ (generic) (13.4%)
Win32 Executable Generic (3.0%)
Win32 Dynamic Link Library (generic) (2.7%)
ssdeep: 768:uvZO8rQVekzZsFGNW1LhCg9woZdWgtBoZ0OkiAjm6h4:uhNlkziINreZjtBzwAS
PEiD  : -
RDS   : NSRL Reference Data Set

index.dat : 

 Fichier index.dat reçu le 2010.02.01 14:16:06 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared 	4.5.0.50 	2010.02.01 	-
AhnLab-V3 	5.0.0.2 	2010.01.31 	-
AntiVir 	7.9.1.154 	2010.02.01 	-
Antiy-AVL 	2.0.3.7 	2010.02.01 	-
Authentium 	5.2.0.5 	2010.01.31 	-
Avast 	4.8.1351.0 	2010.01.31 	-
AVG 	9.0.0.730 	2010.02.01 	-
BitDefender 	7.2 	2010.02.01 	-
CAT-QuickHeal 	10.00 	2010.02.01 	-
ClamAV 	0.96.0.0-git 	2010.02.01 	-
Comodo 	3783 	2010.02.01 	-
DrWeb 	5.0.1.12222 	2010.02.01 	-
eSafe 	7.0.17.0 	2010.01.31 	-
eTrust-Vet 	35.2.7274 	2010.02.01 	-
F-Prot 	4.5.1.85 	2010.01.31 	-
F-Secure 	9.0.15370.0 	2010.02.01 	-
Fortinet 	4.0.14.0 	2010.02.01 	-
GData 	19 	2010.02.01 	-
Ikarus 	T3.1.1.80.0 	2010.02.01 	-
Jiangmin 	13.0.900 	2010.01.28 	-
K7AntiVirus 	7.10.960 	2010.01.29 	-
Kaspersky 	7.0.0.125 	2010.02.01 	-
McAfee 	5878 	2010.01.31 	-
McAfee+Artemis 	5878 	2010.01.31 	-
McAfee-GW-Edition 	6.8.5 	2010.02.01 	-
Microsoft 	1.5406 	2010.02.01 	-
NOD32 	4824 	2010.02.01 	-
Norman 	6.04.03 	2010.01.31 	-
nProtect 	2009.1.8.0 	2010.02.01 	-
Panda 	10.0.2.2 	2010.01.31 	-
PCTools 	7.0.3.5 	2010.02.01 	-
Rising 	22.33.00.04 	2010.02.01 	-
Sophos 	4.50.0 	2010.02.01 	-
Sunbelt 	3.2.1858.2 	2010.01.31 	-
Symantec 	20091.2.0.41 	2010.02.01 	-
TheHacker 	6.5.1.0.175 	2010.02.01 	-
TrendMicro 	9.120.0.1004 	2010.02.01 	-
VBA32 	3.12.12.1 	2010.02.01 	-
ViRobot 	2010.2.1.2166 	2010.02.01 	-
VirusBuster 	5.0.21.0 	2010.02.01 	-
Information additionnelle
File size: 76507 bytes
MD5   : dbfb34e5665876390ad554f5b8dcb45d
SHA1  : 4fc00afb67ec81f2782f87d294e78d05176c7649
SHA256: 9f62d01827b50c5c9e0c2217c24415f26445938c3a1c6afbd6cfb61fdfee3699
TrID  : File type identification
Unknown!
ssdeep: 768:M2HHG9yEKvRtd23wpW8QTX9AH7eHkZV3+FKBMHr0SQoGuS/:1HG9yEY23wu9AHzbBMHrQuu
PEiD  : -
RDS   : NSRL Reference Data Set

Voilà, pas de malware à l'horizon...

Sinon, en ce qui concerne les ralentissements du PC, j'ai compris d'où çà vient, c'est Bitdefender qui fait çà, svchost.exe qui pompe toute l'UC parfois... (D'ailleurs, dans le gestionnaire des tâches, ce processus apparait pas moins de 8 fois, c'est normal ??)

PS: Désolé de pas avoir répondu plus tôt, je suis pas très dispo ces derniers temps...

moment de grace · Answer

bonjour

alors plus de problèmes ?

Staro · Answer

Non, plus de problèmes de sécurité.

Merci vraiment moment de grace... Je mets le topic en résolu... Bonne continuation, et merci encore...

moment de grace · Answer

résolu

bonne continuation...

gen-hackman · Answer

salut il manque un coup de findykill pour retablir un service et je preconise ceci : crée un nouveau document texte et colle ceci dedans : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\H8SRTd.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\H8SRTd.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\H8SRTd.sys enregistre-le sous le nom "rajout changelog.txt" à la racine de ton systeme (donc dans C:\ ) ensuite : __________________________________________________________ =>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<= =>il est fort déconseillé de le transposer sur un autre ordinateur !<=====| --------------------------------------------------------------- Toujours avec toutes les protections désactivées, fais ceci : ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) ▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) : ---------------------------------------------------------- KillAll:: Collect::[4] c:\rajout changelog.txt ------------------------------------------------------------------ ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt ▶ Quitte le Bloc Notes ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix que tu n'as renommé ! ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu. ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

Staro · Answer

Salut Gen, voilà le rapport combofix.txt, il était dans C:\CF\Combofix.txt (J'avais effacé Combofix, je l'ai donc retéléchargé sous CF.exe)

C'est bien vide, j'éspère que j'ai bien fais comme il fallait...

ComboFix 10-02-03.04 - Feu Central 03/02/2010  21:58:00.3.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1023.574 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Feu Central\Bureau\CF.exe
Commutateurs utilisés :: C:\Documents and Settings\Feu Central\Bureau\CFScript.txt
AV: Antivirus BitDefender  *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

file zipped: c:\rajout changelog.txt
.

gen-hackman · Answer

ok c est bien court comme tu dis....

c'est bon

Staro · Answer

Ok, super... Merci encore à la CCM team =)

gen-hackman · Answer

moi je ne suis pas satisfait..... ^^

desinstalle List_Kill'em , retelecharge-le , et refais l'option 1 stp....y'a un truc qui m'interpelle encore

lien :

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

moment de grace · Answer

gen-hackman est de confiance....tu peux suivre ses instructions

(sourire)

Staro · Answer

"Gen-hackman est de confiance....tu peux suivre ses instructions"

Mais je n'en doute pas... =)

Alors, voilà le rapport catch me : 

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 21:42:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

gen-hackman · Answer

c'est pas ce rapport qui nous interesse

c'est : C:\List'em.txt

Staro · Answer

Oops, dézzzolé...

Voilà List'em.txt :

List'em by g3n-h@ckm@n 1.2.4.0

User : Feu Central (Administrateurs) 
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40 
Start at: 21:22:02 | 06/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender  12.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (46,63 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
F:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings	emp\189.tmp\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
BDAgent	REG_SZ         	"C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" 
BitDefender Antiphishing Helper	REG_SZ         	"C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" 
HPDJ Taskbar Utility	REG_SZ         	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe 
Adobe ARM	REG_SZ         	"C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" 
QuickTime Task	REG_SZ         	"C:\Program Files\QuickTime\qttask.exe" -atboottime 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
DisableRegistryTools	REG_DWORD      	0 (0x0) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_DWORD      	323 (0x143) 
NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff) 
NoDrives	REG_DWORD      	0 (0x0) 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
HonorAutoRunSetting	REG_DWORD      	1 (0x1) 
NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff) 
NoDriveTypeAutoRun	REG_DWORD      	323 (0x143) 
NoDrives	REG_DWORD      	0 (0x0) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 AutoRestartShell	REG_DWORD      	1 (0x1) 
 DefaultDomainName	REG_SZ         	FEUCENTRAL 
 DefaultUserName	REG_SZ         	Feu Central 
 LegalNoticeCaption	REG_SZ         	 
 LegalNoticeText	REG_SZ         	 
 PowerdownAfterShutdown	REG_SZ         	0 
 ReportBootOk	REG_SZ         	1 
 Shell	REG_SZ         	Explorer.exe 
 ShutdownWithoutLogon	REG_SZ         	0 
 System	REG_SZ         	 
 Userinit	REG_SZ         	C:\WINDOWS\system32\userinit.exe, 
 VmApplet	REG_SZ         	rundll32 shell32,Control_RunDLL "sysdm.cpl" 
 SfcQuota	REG_DWORD      	-1 (0xffffffff) 
 allocatecdroms	REG_SZ         	0 
 allocatedasd	REG_SZ         	0 
 allocatefloppies	REG_SZ         	0 
 cachedlogonscount	REG_SZ         	10 
 forceunlocklogon	REG_DWORD      	0 (0x0) 
 passwordexpirywarning	REG_DWORD      	14 (0xe) 
 scremoveoption	REG_SZ         	0 
 AllowMultipleTSSessions	REG_DWORD      	0 (0x0) 
 UIHost	REG_EXPAND_SZ  	logonui.exe 
 LogonType	REG_DWORD      	1 (0x1) 
 DebugServerCommand	REG_SZ         	no 
 SFCDisable	REG_DWORD      	0 (0x0) 
 WinStationsDisabled	REG_SZ         	0 
 HibernationPreviouslyEnabled	REG_DWORD      	1 (0x1) 
 ShowLogonOptions	REG_DWORD      	1 (0x1) 
 AltDefaultUserName	REG_SZ         	Feu Central 
 AltDefaultDomainName	REG_SZ         	FEUCENTRAL 
 ChangePasswordUseKerberos	REG_DWORD      	1 (0x1) 
 AutoAdminLogon	REG_SZ         	0 
 Background	REG_SZ         	0 0 0 

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify	ermsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 
{56F9679E-7826-4C84-81F3-532071A8BCC5}	REG_SZ         	 

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\uTorrent\uTorrent.exe	REG_SZ         	C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\eMule\emule.exe	REG_SZ         	C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe	REG_SZ         	C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Feu Central\Local Settings	emp\189.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Feu Central\Local Settings	emp\189.tmp
## C:\> hashdeep C:\WINDOWS\System32\DllCache\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\DllCache\atapi.sys

Sources
======= 
 
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys  
C:\WINDOWS\ERDNT\cache\atapi.sys  
C:\WINDOWS\ServicePackFiles\i386\atapi.sys  
C:\WINDOWS\system32\dllcache\atapi.sys  
C:\WINDOWS\system32\drivers\atapi.sys  

Référence :
==========

Win XP_32b     : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b      : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b  : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
 
=======
Drive :
=======

Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse                 	 
    77,62 Go total,  46,64 Go libre (60%),  11% fragmenté (fragmentation du fichier 23%)

Vous devriez défragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\WINDOWS\mbr.exe  
Present !! : C:\Documents and Settings\Feu Central\Application Data\GDIPFONTCACHEV1.DAT  
Present !! : C:\Documents and Settings\Feu Central\Application Data\wklnhst.dat  
Present !! : C:\Documents and Settings\Feu Central\Application Data\GDIPFONTCACHEV1.DAT  
Present !! : C:\Documents and Settings\Feu Central\Application Data\wklnhst.dat  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 21:42:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS 
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

Adobe
Apple Software Update
ATI Technologies
AvRack
BitDefender
Canon
CCleaner
ChessBase
ComPlus Applications
DAEMON Tools Lite
eMule
Exact Audio Copy
Fichiers communs
Hewlett-Packard
hp deskjet 840c series
InstallShield Installation Information
Internet Explorer
Inventel
Java
K-Lite Codec Pack
List_Kill'em
Malwarebytes' Anti-Malware
Messenger
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft Works
Microsoft Works Suite 2005
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
NetMeeting
Outlook Express
QuickTime
Real Alternative
Realtek Sound Manager
Reference Assemblies
Services en ligne
Softwin
Spybot - Search & Destroy
TimeAdjuster
Uninstall Information
uTorrent
VIA
VIAudioi
Windows Desktop Search
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
XnView-win

============
Drive C:
============

AUTOEXEC.BAT
Boot.bak
boot.ini
Bootfont.bin
cc930bf4229d606ec1207b1247
CF
cmdcons
cmldr
CONFIG.SYS
Documents and Settings
hiberfil.sys
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
Program Files
Qoobox
RECYCLER
System Volume Information
WINDOWS
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\Program Files\BitDefender\BitDefender 2009\BDInProcPatch.exe 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

option 2

Staro · Answer

Ok, option 2 :

Kill'em by g3n-h@ckm@n 1.2.4.0 
 
User : Feu Central (Administrateurs) 
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40 
Start at: 10:46:00 | 08/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender  12.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (46,58 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
F:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings	emp\C4.tmp\ERUNT.EXE
C:\Documents and Settings\Feu Central\Local Settings	emp\C4.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\WINDOWS\mbr.exe 
 
Quarantined & Deleted !! : C:\Documents and Settings\Feu Central\Application Data\GDIPFONTCACHEV1.DAT 
Quarantined & Deleted !! : C:\Documents and Settings\Feu Central\Application Data\wklnhst.dat 
Quarantined & Deleted !! : C:\Documents and Settings\Feu Central\LOCAL Settings\Tempeport.dat 
 
==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

gen-hackman · Answer

manque un bout ^^

Staro · Answer

J'ai vérifié, kill'em.txt est complet, mais peut-être que c'est mon père qui a interrompu kill'em, il m'a juré ses grands dieux que non, mais çà m'étonnerait pas...

Staro · Answer

Ok, voilà le nouveau rapport kill'em :

Kill'em by g3n-h@ckm@n 1.2.4.0 
 
User : Feu Central (Administrateurs) 
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40 
Start at: 08:22:27 | 09/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender  12.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (46,55 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
F:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings	emp\8E.tmp\ERUNT.EXE
C:\Documents and Settings\Feu Central\Local Settings	emp\8E.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

 
 
==============
host file OK !
==============

========
Registry
========

========
Services
=========

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Ip6Fw : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

ok tu peux continuer avec moment de grace ^^

Staro · Answer

Ok, alors c'est fini ??

moment de grace · Answer

décidement

j'aurais décroché deux fois sur ton sujet...

si le pc va bien et puisque Gen a terminé

on peut je pense en rester là...

Staro · Answer

Ok, merci... Bonne continuation...

Trojan.generic.291379, Comment le supprimer ? - Page 5

Discussions similaires

Newsletters