Énorme plantage suite à un erreur du système

Salut,

Tu as même de la chance qu'il démarre.

1/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

* Redémarre ton ordinateur.
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

* En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le script.
* Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

2/ * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

3/ Edite les 2 rapports précédents et un rapport Hijackthis. Je regarde cela demain.

FillPCA
Pas de demande d'aide par mp SVP.

Merci beaucoup de ta réponse, les 2 rapports ont été fait les voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:59 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1\notepad.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tiqs] C:\WINDOWS\system32\s?stem\?ttrib.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1\notepad.exe" -vt ndrv (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: wvurrrq - wvurrrq.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html
-
End of file - 7436 bytes





SDFix: Version 1.140

Run by Administrator on Sun 02/10/2008 at 05:33 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001634

COM+ Messages - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\FDECAREW.DLL - Deleted
C:\WINDOWS\SYSTEM32\QDVIEWFE.DLL - Deleted
C:\WINDOWS\SYSTEM32\RASWENRT.DLL - Deleted
C:\WINDOWS\system32\tmpmpt1.tmp - Deleted
C:\WINDOWS\system32\cmd.com - Deleted
C:\WINDOWS\system32\cmnocfg.xml - Deleted
C:\WINDOWS\system32\drivers\etc\hosts.tim - Deleted
C:\WINDOWS\system32\explorer.exe - Deleted
C:\WINDOWS\system32\ping.com - Deleted
C:\WINDOWS\system32\regedit.com - Deleted
C:\WINDOWS\system32\tasklist.com - Deleted
C:\WINDOWS\system32\tracert.com - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s) 637,944 bytes - Deleted
C:\WINDOWS\Fonts\'\*.zip - 1 File(s) 637,945 bytes - Deleted



Folder C:\Program Files\Ipwindows - Removed
Folder C:\WINDOWS\Fonts\' - Removed


Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 17:52:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 17


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\gymjlfga.exe"="C:\\WINDOWS\\system32\\gym"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe"="C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 29 Dec 2006 1,056 A.SH. --- "C:\xlnjaw3o.sys"
Sat 12 Jan 2008 24 ..SH. --- "C:\WINDOWS\S2E57DA41.tmp"
Thu 26 Jan 2006 40,960 ..SH. --- "C:\Program Files\Common Files\services.exe"
Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\MSN Messenger\winmm.dll"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 16 Aug 2003 579,584 A.SHR --- "C:\WINDOWS\system32\cd.exe"
Sun 10 Feb 2008 20,612 ..SH. --- "C:\WINDOWS\system32\odjjvpmz.dllbox"
Mon 27 Jun 2005 2,045 A..H. --- "C:\WINDOWS\system32\whlb32f.dll"
Tue 8 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\Windows Live\Messenger\winmm.dll"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe"
Wed 11 Aug 2004 73,728 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002 390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002 574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Tue 20 Aug 2002 430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Tue 23 Jul 2002 390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Mon 2 Dec 2002 431,616 A..HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Finished!





ComboFix 08-02.05.3 - User 2008-02-10 18:43:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.421 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\odjjvpmz.dll
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\User\Application Data\ASKS~1
C:\Documents and Settings\User\Application Data\CROSOF~1
C:\Documents and Settings\User\Application Data\FNTS~1
C:\Documents and Settings\User\Application Data\FNTS~2
C:\Documents and Settings\User\Application Data\ICROSO~1
C:\Documents and Settings\User\Application Data\MBOLS~1
C:\Documents and Settings\User\Application Data\PPATCH~1
C:\Documents and Settings\User\Application Data\RACLE~1
C:\Documents and Settings\User\Application Data\SKS~1
C:\Documents and Settings\User\Application Data\SKS~2
C:\Documents and Settings\User\Application Data\storageprotector
C:\Documents and Settings\User\Application Data\storageprotector\Logs\update.log
C:\Documents and Settings\User\Application Data\TSKS~1
C:\Documents and Settings\User\Application Data\WNSXS~1
C:\Documents and Settings\User\Application Data\YSTEM3~1
C:\Documents and Settings\User\My Documents\MBOLS~1
C:\Documents and Settings\User\My Documents\SSTEM3~1
C:\Documents and Settings\User\My Documents\STEM32~1
C:\Documents and Settings\User\Start Menu\Programs\Uninstall.lnk
C:\Program Files\asks~1
C:\Program Files\Common Files\{34A68~1
C:\Program Files\Common Files\{34A68~1\toolbardll.lzma
C:\Program Files\Common Files\{34A68~2
C:\Program Files\Common Files\{A4A68~1
C:\Program Files\Common Files\{A4A68~2
C:\Program Files\Common Files\{A4A68~3
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\inetget
C:\Program Files\Common Files\inetget\
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\services.exe
C:\Program Files\Common Files\smbols~1
C:\Program Files\Common Files\uninstall information
C:\Program Files\Common Files\vcclient
C:\Program Files\Common Files\vcclient\ClientUpdater.bat
C:\Program Files\Common Files\vcclient\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\vcclient\temp.txt
C:\Program Files\Common Files\vcclient\VCClient.exe.config
C:\Program Files\Common Files\vcclient\VCUpdate.exe
C:\Program Files\Common Files\vcclient\VCUpdate.exe.config
C:\Program Files\Common Files\vcclient\Version.txt
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\crosof~1.net
C:\Program Files\dns
C:\Program Files\dns\affid.dat
C:\Program Files\dns\cwebpage.dll
C:\Program Files\dns\uid.dat
C:\Program Files\dns\urls.dat
C:\Program Files\dns\version.txt
C:\Program Files\dns\x.bmp
C:\Program Files\fnts~1
C:\Program Files\internet optimizer\
C:\Program Files\msupdate
C:\Program Files\pasystem
C:\Program Files\pasystem\support.dat
C:\Program Files\pasystem\Uninstall.exe
C:\Program Files\pscastor
C:\Program Files\racle~1
C:\Program Files\screensavers.com
C:\Program Files\sembly~1
C:\Program Files\sks~1
C:\Program Files\smbols~1
C:\Program Files\ssembl~1
C:\Program Files\stem~1
C:\Program Files\toolbar888\
C:\Program Files\windows
C:\Program Files\winupdate
C:\Program Files\winupdates
C:\Program Files\wmplayer
C:\Program Files\wnsxs~1
C:\Program Files\ymante~1
C:\Program Files\ystem~1
C:\WINDOWS\drsmartload.dat
C:\WINDOWS\fnts~1
C:\WINDOWS\gimmygames.dat
C:\WINDOWS\gimmygames101.dat
C:\WINDOWS\gimmygames91.dat
C:\WINDOWS\icroso~1
C:\WINDOWS\icroso~2
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\keyboard101.dat
C:\WINDOWS\keyboard11.dat
C:\WINDOWS\keyboard111.dat
C:\WINDOWS\keyboard121.dat
C:\WINDOWS\keyboard131.dat
C:\WINDOWS\keyboard141.dat
C:\WINDOWS\keyboard151.dat
C:\WINDOWS\keyboard161.dat
C:\WINDOWS\keyboard171.dat
C:\WINDOWS\keyboard181.dat
C:\WINDOWS\keyboard191.dat
C:\WINDOWS\keyboard201.dat
C:\WINDOWS\keyboard21.dat
C:\WINDOWS\keyboard211.dat
C:\WINDOWS\keyboard221.dat
C:\WINDOWS\keyboard231.dat
C:\WINDOWS\keyboard31.dat
C:\WINDOWS\keyboard41.dat
C:\WINDOWS\keyboard51.dat
C:\WINDOWS\keyboard61.dat
C:\WINDOWS\keyboard71.dat
C:\WINDOWS\keyboard81.dat
C:\WINDOWS\keyboard91.dat
C:\WINDOWS\mbols~1
C:\WINDOWS\mcroso~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~1\??pPatch\
C:\WINDOWS\racle~1
C:\WINDOWS\racle~2
C:\WINDOWS\rising28.exe
C:\WINDOWS\rising640.exe
C:\WINDOWS\rising845.exe
C:\WINDOWS\rising991.exe
C:\WINDOWS\ssembl~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\battyrun.dll
C:\WINDOWS\system32\cplvaibu.ini
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~2
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\gjvtckbi.dll
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\mcroso~1.net
C:\WINDOWS\system32\odjjvpmz.dll
C:\WINDOWS\system32\odjjvpmz.dllbox
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\RCX3A.tmp
C:\WINDOWS\system32\rk.bin
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\sfvqdhhn.ini
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\ubiavlpc.dll
C:\WINDOWS\system32\vdmbyyxj.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\winsysupd1.dat
C:\WINDOWS\winsysupd101.dat
C:\WINDOWS\winsysupd111.dat
C:\WINDOWS\winsysupd121.dat
C:\WINDOWS\winsysupd21.dat
C:\WINDOWS\winsysupd31.dat
C:\WINDOWS\winsysupd41.dat
C:\WINDOWS\winsysupd51.dat
C:\WINDOWS\winsysupd61.dat
C:\WINDOWS\winsysupd71.dat
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem3~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NPF
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK


((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-02-10 18:23 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-02-09 10:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-10 17:09 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
2008-02-02 13:02 . 2008-02-02 13:03 <DIR> d-------- C:\Program Files\CCleaner
2008-01-26 22:53 . 2008-01-26 22:53 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 22:52 . 2008-01-26 22:54 <DIR> d-------- C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-01-26 22:52 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-01-26 22:52 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\WGPUSB.dll
2008-01-26 22:52 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-01-26 22:52 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-01-26 22:52 . 2006-06-26 11:23 123 --a------ C:\WINDOWS\system32\ucuiinfo.ini
2008-01-26 10:55 . 2008-01-26 10:55 <DIR> d-------- C:\Documents and Settings\User\RadiantSettings
2008-01-25 23:20 . 2008-01-26 11:35 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-01-25 23:20 . 2008-01-26 11:35 <DIR> d-------- C:\Program Files\GtkRadiant-1.4
2008-01-20 16:29 . 2008-01-22 20:32 <DIR> d----c--- C:\vdp
2008-01-20 11:15 . 2008-01-20 11:20 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\Data
2008-01-19 12:08 . 2008-01-19 12:08 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-19 10:22 . 2008-01-19 10:26 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-01-19 10:08 . 2008-01-19 10:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 09:11 . 2008-01-19 09:11 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 09:08 . 2008-01-19 09:08 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-01-13 16:26 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-13 16:26 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-13 16:26 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-13 16:26 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-13 14:01 . 2008-01-13 14:01 <DIR> d-------- C:\Program Files\RaGEZONE
2008-01-12 15:56 . 2008-01-12 15:56 20,480 --a------ C:\WINDOWS\quit.exe
2008-01-12 12:56 . 2008-01-12 18:39 24 ---hs---- C:\WINDOWS\S2E57DA41.tmp
2008-01-12 12:48 . 2008-01-12 12:48 <DIR> d-------- C:\Program Files\SlySoft
2008-01-11 19:54 . 2008-01-19 08:57 <DIR> d-------- C:\Documents and Settings\User\Application Data\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 21:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-09 04:18 103,936 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-07 00:43 800,768 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp
2008-02-06 23:41 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-01-27 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 03:00 1,920,512 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:52 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-20 02:26 --------- d-----w C:\Documents and Settings\User\Application Data\exitglue
2008-01-20 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\heart wave amok film
2008-01-19 14:07 --------- d-----w C:\Program Files\LocalCooling
2008-01-19 12:58 133,120 ----a-w C:\WINDOWS\Internet Logs\xDB43D.tmp
2008-01-19 12:58 1,861,632 ----a-w C:\WINDOWS\Internet Logs\xDB43E.tmp
2008-01-18 01:33 1,854,976 ----a-w C:\WINDOWS\Internet Logs\xDB3053.tmp
2008-01-18 01:33 1,336,320 ----a-w C:\WINDOWS\Internet Logs\xDB2E60.tmp
2008-01-18 00:42 1,849,344 ----a-w C:\WINDOWS\Internet Logs\xDB2E59.tmp
2008-01-17 01:22 508,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-01-16 22:13 508,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
2008-01-14 01:07 1,831,936 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp
2008-01-13 23:39 1,830,400 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp
2008-01-13 20:07 1,834,496 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp
2008-01-13 15:59 50,176 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2008-01-13 15:24 1,806,336 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp
2008-01-12 23:51 378,880 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp
2008-01-12 23:05 728,576 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp
2008-01-12 22:40 2,988,032 ----a-w C:\WINDOWS\Internet Logs\xDB87.tmp
2008-01-12 22:40 1,795,584 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 16:15 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-01-05 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer
2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 04:18 2,905,600 ----a-w C:\WINDOWS\Internet Logs\xDB86.tmp
2008-01-05 03:57 --------- d-----w C:\Program Files\MSN Messenger
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2008-01-05 01:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-02 21:14 --------- d-----w C:\Program Files\LimeWire
2008-01-02 19:44 369,664 ----a-w C:\WINDOWS\Internet Logs\xDB84.tmp
2008-01-02 19:44 1,688,576 ----a-w C:\WINDOWS\Internet Logs\xDB85.tmp
2007-12-31 23:48 1,644,032 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp
2007-12-31 23:48 1,092,096 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp
2007-12-31 18:29 1,624,576 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp
2007-12-29 20:50 --------- d-----w C:\Documents and Settings\User\Application Data\ma-config.com
2007-12-29 03:24 --------- d-----w C:\Program Files\Pure Networks
2007-12-29 03:23 --------- d-----w C:\Program Files\DIFX
2007-12-29 03:22 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2007-12-29 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-29 03:12 77,824 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp
2007-12-29 01:56 154,112 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp
2007-12-28 21:35 --------- d-----w C:\Program Files\Voice Studio
2007-12-28 21:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-28 05:08 1,584,640 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2007-12-28 05:08 1,020,416 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp
2007-12-27 23:46 --------- d-----w C:\Program Files\Common Files\DirectX
2007-12-27 23:45 --------- d-----w C:\Documents and Settings\User\Application Data\NHN Corporation
2007-12-27 23:35 --------- d-----w C:\Program Files\NHN USA
2007-12-27 05:21 1,548,800 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2007-12-27 05:21 1,158,144 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2007-12-27 04:16 --------- d-----w C:\Program Files\ma-config.com
2007-12-26 19:25 1,528,832 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2007-12-26 19:25 1,222,656 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2007-12-24 23:09 2,085,888 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2007-12-24 23:09 1,519,616 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2007-12-24 05:18 1,522,688 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2007-12-23 23:39 230,400 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2007-12-23 23:39 1,516,032 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2007-12-23 04:50 403,456 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2007-12-22 20:54 137,728 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2007-12-22 06:03 2,945,024 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2007-12-21 04:05 --------- d-----w C:\Documents and Settings\User\Application Data\DivX
2007-12-16 01:05 --------- d-----w C:\Program Files\DivX
2007-12-14 00:42 1,482,240 -c--a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2007-12-12 02:16 2,757,632 -c--a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-09 15:39 862,208 -c--a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2007-12-09 15:39 1,467,392 -c--a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
2007-12-08 03:37 3,501,056 -c--a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2007-12-08 03:37 1,449,472 -c--a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2007-11-19 01:55 1,346,560 -c--a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2007-11-17 04:29 509,440 -c--a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2007-11-16 01:01 52,736 -c--a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2007-11-16 01:01 1,278,464 -c--a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2007-11-15 02:39 427,008 -c--a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2007-11-11 05:55 722,944 -c--a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2007-11-11 05:55 2,227,712 -c--a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2007-11-11 05:54 2,227,712 -c--a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2007-11-10 04:37 2,226,688 -c--a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
2003-08-16 18:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe
.
[code]<pre>
----a-w 307,200 2008-01-09 22:30:10 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 79,224 2008-01-14 02:48:09 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w 451,896 2008-01-09 22:29:57 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
----a-w 98,304 2008-01-09 22:29:57 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder .exe
----a-w 36,975 2008-01-09 22:29:39 C:\Program Files\Java\jre1.5.0_01\bin\jusched .exe
----a-w 36,975 2008-01-09 01:12:07 C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w 2,056,875 2008-01-13 17:28:16 C:\Program Files\LocalCooling\localcooling .exe
----a-w 190,024 2008-01-20 16:13:32 C:\Program Files\MessengerPlus! 3\MsgPlus .exe
----a-w 5,674,352 2008-01-05 01:05:02 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 536,576 2008-01-09 22:30:11 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
----a-w 451,896 2008-01-09 22:29:59 C:\Program Files\Pure Networks\Network Magic\nmapp .exe
----a-w 57,344 2008-01-13 16:04:07 C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 02:12:44 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 919,280 2008-01-20 16:21:59 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 508,928 2008-01-17 01:22:45 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-01-20 16:12:31 C:\WINDOWS\system32\ctfmon .exe
----a-w 1,622,016 2008-01-13 16:04:02 C:\WINDOWS\system32\rlvknlg .exe
</pre>/code


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe" [2008-01-20 11:21 919280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Seoe"="C:\WINDOWS\PPATCH~1\notepad.exe" [ ]
"Tiqs"="C:\WINDOWS\system32\s?stem\?ttrib.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurrrq]
wvurrrq.dll

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amok film nurb meal]
C:\Documents and Settings\All Users\Application Data\heart wave amok film\openace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a--c--- 2007-12-04 08:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockChecker]
C:\Program Files\Block Checker\block-checker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\creative barb]
C:\DOCUME~1\User\APPLIC~1\exitglue\Upload Five Dale.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\errorhandler]
C:\WINDOWS\errorhandler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H005RPbFR]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
C:\Program Files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaSystem]
C:\Program Files\pasystem\pasystem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QMusic2]
C:\Program Files\BenQ\QMusic2\QMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageProtector]
C:\Program Files\StorageProtector\SysRep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe]
C:\Program Files\TClock\tclock_install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheTurtle]
C:\Program Files\TheTurtle\TheTurtle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0513-1033-0519-031213200001}]
C:\Program Files\Common Files\{A4A68187-0513-1033-0519-031213200001}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0514-1033-0519-031213200001}]
C:\Program Files\Common Files\{A4A68187-0514-1033-0519-031213200001}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0515-1033-0519-031213200001}]
C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S2 MsaSvc;Microsoft authenticate service;C:\WINDOWS\system32\msasvc.exe []
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-11 00:00:01 C:\WINDOWS\Tasks\A1DF315A9184B062.job"
- c:\docume~1\user\applic~1\exitglue\bleh file eq.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 19:12:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-10 19:21:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-11 00:21:22
.
2008-02-10 19:30:19 --- E O F ---


J'espère que toutes les procédures ont été bien fait, merci d'avance de ton aide.

Salut,

Il faut toujours faire Hijackthis en dernier, ce qui permet de faire l'état des lieux suite au passage des outils de nettoyage. Il en reste encore énormément.

1/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

* "appliquer" et "ok"

2/ * Peux-tu tester ceci : C:\Program Files\MSN Messenger\winmm.dll
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

Fais la même chose avec ces fichiers :
C:\Program Files\Windows Live\Messenger\winmm.dll

et

C:\WINDOWS\system32\cd.exe

2/ Merci à Lazzzy

* Télécharger lopxpMH : http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
* Dézippe-le au moyen d'un clic droit et extrais-le sur le bureau.
* Edite le rapport généré.

3/ # Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
# Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
# Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
# Clique sur "smart scan".
# Clique sur le bouton "scan".
# Quand l'analyse est terminée, clique sur le bouton "save reports".
# Sauvegarde alors le rapport sur ton bureau.
# Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

4/ Edite ces 5 rapports (rapports virustotal, LopXPMH2, SREng) et un nouveau rapport Hijackthis.

FillPCA Pas de demande d'aide par mp SVP.

Salut, je te remercie de ta réponse et du temps accorder

Voila les rapports :
Celui de virustotal :

C:\Program Files\MSN Messenger\winmm.dll
Rapport :
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.12.10 2008.02.11 -
AntiVir 7.6.0.62 2008.02.11 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.11 -
AVG 7.5.0.516 2008.02.11 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.11 -
ClamAV 0.92 2008.02.11 -
DrWeb 4.44.0.09170 2008.02.11 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5529 2008.02.11 -
Ewido 4.0 2008.02.11 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.11 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.11 -
Ikarus T3.1.1.20 2008.02.11 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5227 2008.02.11 -
Microsoft 1.3204 2008.02.11 -
NOD32v2 2866 2008.02.11 -
Norman 5.80.02 2008.02.11 -
Panda 9.0.0.4 2008.02.11 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.11 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.11 -
TheHacker 6.2.9.217 2008.02.11 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.11 -
Webwasher-Gateway 6.6.2 2008.02.11 -


Pour
C:\Program Files\Windows Live\Messenger\winmm.dll
AhnLab-V3 2008.2.12.10 2008.02.11 -
AntiVir 7.6.0.62 2008.02.11 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.11 -
AVG 7.5.0.516 2008.02.11 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.11 -
ClamAV 0.92 2008.02.11 -
DrWeb 4.44.0.09170 2008.02.11 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5529 2008.02.11 -
Ewido 4.0 2008.02.11 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.11 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.11 -
Ikarus T3.1.1.20 2008.02.11 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5227 2008.02.11 -
Microsoft 1.3204 2008.02.11 -
NOD32v2 2866 2008.02.11 -
Norman 5.80.02 2008.02.11 -
Panda 9.0.0.4 2008.02.11 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.11 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.11 -
TheHacker 6.2.9.217 2008.02.11 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.11 -
Webwasher-Gateway 6.6.2 2008.02.11 -


Et pour
C:\WINDOWS\system32\cd.exe
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.12.10 2008.02.11 -
AntiVir 7.6.0.62 2008.02.11 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.11 -
AVG 7.5.0.516 2008.02.11 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.11 -
ClamAV 0.92 2008.02.11 -
DrWeb 4.44.0.09170 2008.02.11 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5529 2008.02.11 -
Ewido 4.0 2008.02.11 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.11 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.11 -
Ikarus T3.1.1.20 2008.02.11 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5227 2008.02.11 -
Microsoft 1.3204 2008.02.11 -
NOD32v2 2866 2008.02.11 -
Norman 5.80.02 2008.02.11 -
Panda 9.0.0.4 2008.02.11 -
Prevx1 V2 2008.02.12 Generic.Malware
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.11 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.11 -
TheHacker 6.2.9.217 2008.02.11 -
VBA32 3.12.6.0 2008.02.11 suspected of Backdoor.XiaoBird.31
VirusBuster 4.3.26:9 2008.02.11 -
Webwasher-Gateway 6.6.2 2008.02.11 Win32.Malware.gen!88 (suspicious)


Rapport lopxpMH2 version 2.0 fait à 18:54:56.37 le Mon 02/11/2008
C:\Documents and Settings\User\Desktop\lopxpMH2

******************************************
## Répertoires Application Data

Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\Administrator\Application Data

01/13/2008 03:10 PM <DIR> .
01/13/2008 03:10 PM <DIR> ..
01/19/2008 12:08 PM <DIR> Macromedia
01/13/2008 03:10 PM <DIR> Microsoft
01/19/2008 10:07 AM <DIR> Mozilla
01/19/2008 10:08 AM <DIR> Talkback
01/13/2008 03:10 PM 62 desktop.ini
1 File(s) 62 bytes
6 Dir(s) 17,650,475,008 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data

01/13/2008 03:10 PM <DIR> .
01/13/2008 03:10 PM <DIR> ..
01/13/2008 03:10 PM <DIR> Microsoft
01/19/2008 10:07 AM <DIR> Mozilla
01/19/2008 10:09 AM 42,288 GDIPFONTCACHEV1.DAT
01/13/2008 03:26 PM 3,712,656 IconCache.db
2 File(s) 3,754,944 bytes
4 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\All Users\Application Data

07/11/2005 11:28 AM <DIR> .
07/11/2005 11:28 AM <DIR> ..
05/27/2006 11:01 AM <DIR> Adobe
03/04/2006 11:51 PM <DIR> Apple Computer
01/20/2008 11:15 AM <DIR> Data
07/26/2007 11:42 AM <DIR> ENJOY Plus!
07/25/2007 05:28 PM <DIR> FLEXnet
09/12/2006 06:07 PM <DIR> Google
08/29/2005 02:15 PM <DIR> heart wave amok film
08/28/2005 05:39 PM <DIR> Messenger Plus!
07/11/2005 11:28 AM <DIR> Microsoft
03/25/2006 05:21 PM <DIR> muvee Technologies
08/05/2005 07:58 AM <DIR> Newsoft
12/28/2007 09:32 PM <DIR> Pure Networks
01/19/2008 09:11 AM <DIR> SalesMon
01/05/2008 11:09 AM <DIR> Someplayer
12/02/2006 11:18 PM <DIR> Spybot - Search & Destroy
08/14/2005 01:07 PM <DIR> Symantec
12/31/2007 06:25 PM <DIR> TEMP
08/14/2005 02:28 PM <DIR> Ulead Systems
07/23/2005 08:49 PM <DIR> vidctrl
07/12/2006 10:30 AM <DIR> Windows Genuine Advantage
01/04/2008 10:20 PM <DIR> WLInstaller
01/12/2008 06:38 PM 41 .zreglib
05/27/2006 03:19 PM 305 addr_file.html
07/11/2005 11:29 AM 62 desktop.ini
03/05/2006 11:58 AM 1,377 QTSBandwidthCache
4 File(s) 1,785 bytes
23 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\Default User\Application Data

07/11/2005 11:28 AM <DIR> .
07/11/2005 11:28 AM <DIR> ..
07/11/2005 11:28 AM <DIR> Microsoft
07/11/2005 11:29 AM 62 desktop.ini
1 File(s) 62 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\Default User\Local Settings\Application Data

07/11/2005 11:29 AM <DIR> .
07/11/2005 11:29 AM <DIR> ..
07/11/2005 04:00 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\LocalService\Application Data

07/11/2005 04:09 PM <DIR> .
07/11/2005 04:09 PM <DIR> ..
09/15/2005 05:51 PM <DIR> exitglue
09/15/2005 06:02 PM <DIR> Macromedia
07/11/2005 04:09 PM <DIR> Microsoft
12/28/2007 04:28 PM <DIR> Xfire
0 File(s) 0 bytes
6 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\LocalService\Local Settings\Application Data

07/11/2005 04:09 PM <DIR> .
07/11/2005 04:09 PM <DIR> ..
07/11/2005 04:09 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\NetworkService\Application Data

07/11/2005 04:07 PM <DIR> .
07/11/2005 04:07 PM <DIR> ..
07/11/2005 04:07 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\NetworkService\Local Settings\Application Data

07/11/2005 04:07 PM <DIR> .
07/11/2005 04:07 PM <DIR> ..
07/11/2005 04:07 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\User\Application Data

07/11/2005 04:10 PM <DIR> .
07/11/2005 04:10 PM <DIR> ..
04/13/2006 12:12 PM <DIR> Adobe
05/27/2006 11:27 AM <DIR> AdobeUM
03/04/2006 11:57 PM <DIR> Apple Computer
09/29/2007 11:59 AM <DIR> ArcSoft
09/16/2005 05:11 PM <DIR> Block Checker
09/18/2005 05:10 PM <DIR> Canon
04/17/2006 02:33 PM <DIR> Dev-Cpp
12/15/2007 08:06 PM <DIR> DivX
07/26/2007 11:42 AM <DIR> ENJOY Plus!
09/16/2005 05:16 PM <DIR> exitglue
01/12/2006 08:05 PM <DIR> Google
03/25/2007 10:57 AM <DIR> GreatMemo
10/01/2005 05:26 PM <DIR> Help
07/04/2007 09:34 PM <DIR> ijjigame
04/17/2006 08:24 PM <DIR> Jasc
09/03/2006 08:12 PM <DIR> Lavasoft
09/17/2006 07:26 PM <DIR> Leadertech
07/27/2007 05:09 PM <DIR> ma-config.com
09/16/2005 05:11 PM <DIR> Macromedia
04/10/2007 05:48 PM <DIR> MailFrontier
07/11/2005 04:10 PM <DIR> Microsoft
03/18/2006 10:04 PM <DIR> Mozilla
07/12/2005 05:57 PM <DIR> MSNInstaller
12/27/2007 06:45 PM <DIR> NHN Corporation
03/18/2006 09:53 PM <DIR> Notepad++
01/27/2007 09:44 AM <DIR> Nvu
02/07/2008 07:36 PM <DIR> OpenOffice.org2
02/03/2008 09:13 PM <DIR> RadiantSettings
10/16/2006 03:11 PM <DIR> Real
01/22/2006 10:00 AM <DIR> Registry Cleaner
11/16/2007 11:04 PM <DIR> Screaming Bee
03/08/2007 01:45 PM <DIR> Screenshot Sender
05/20/2006 11:49 AM <DIR> Sixthviewblue
01/05/2008 11:15 AM <DIR> Someplayer
07/19/2005 11:11 AM <DIR> Sun
08/14/2005 01:08 PM <DIR> Symantec
10/05/2006 05:45 PM <DIR> System Requirements Lab
01/11/2008 07:54 PM <DIR> SystemRequirementsLab
05/23/2006 07:24 PM <DIR> Talkback
04/09/2006 05:42 PM <DIR> teamspeak2
04/20/2007 07:39 PM <DIR> Thunderbird
08/14/2005 02:30 PM <DIR> Ulead Systems
06/30/2006 02:04 PM <DIR> Visicom Media
05/27/2006 10:53 AM 875 AdobeDLM.log
07/11/2005 04:10 PM 62 desktop.ini
05/27/2006 10:53 AM 0 dm.ini
3 File(s) 937 bytes
45 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\User\Local Settings\Application Data

07/11/2005 04:10 PM <DIR> .
07/11/2005 04:10 PM <DIR> ..
07/16/2005 06:18 PM <DIR> Adobe
03/04/2006 11:57 PM <DIR> Apple Computer
01/15/2006 04:47 PM <DIR> Google
08/23/2005 07:18 PM <DIR> Help
07/17/2005 07:50 PM <DIR> Identities
08/14/2007 09:35 PM <DIR> Logitech-LS
07/11/2005 04:10 PM <DIR> Microsoft
03/18/2006 10:05 PM <DIR> Mozilla
08/05/2005 08:12 AM <DIR> NewSoft
04/01/2006 05:43 PM <DIR> RcIncidents
07/16/2005 01:23 PM <DIR> Skype
11/15/2006 07:10 PM <DIR> Stardock
04/20/2007 07:39 PM <DIR> Thunderbird
03/25/2006 07:08 PM <DIR> WMTools Downloaded Files
07/11/2005 04:26 PM 74,240 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
07/13/2005 07:18 AM 43,104 GDIPFONTCACHEV1.DAT
12/02/2006 12:45 AM 5,863,276 IconCache.db
3 File(s) 5,980,620 bytes
16 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\WINDOWS\system32\config\systemprofile\Application Data

07/11/2005 04:05 PM <DIR> .
07/11/2005 04:05 PM <DIR> ..
07/11/2005 04:05 PM <DIR> Microsoft
07/11/2005 04:05 PM 62 desktop.ini
1 File(s) 62 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

07/11/2005 04:05 PM <DIR> .
07/11/2005 04:05 PM <DIR> ..
07/11/2005 04:05 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 17,650,409,472 bytes free

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\A1DF315A9184B062.job


k5$ŸôÔFŽîŽdÃi¬F Î <
> 4 c : \ d o c u m e ~ 1 \ u s e r \ a p p l i c ~ 1 \ e x i t g l u e \ b l e h f i l e e q . e x e  U s e r  H€
0 Ë   <


******************************************
## Répertoires de C:\Program Files

Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Program Files

02/10/2008 06:46 PM <DIR> .
02/10/2008 06:46 PM <DIR> ..
07/19/2007 03:42 PM <DIR> Adobe
02/05/2006 07:18 PM <DIR> Alwil Software
12/16/2006 08:43 PM <DIR> Audacity
05/04/2006 07:37 PM <DIR> AVPersonal
08/24/2007 10:14 AM <DIR> BitComet
07/19/2007 03:10 PM <DIR> Bonjour
09/23/2006 01:58 PM <DIR> CamStudio
09/04/2005 11:52 AM <DIR> Canon
02/02/2008 01:03 PM <DIR> CCleaner
02/10/2008 07:07 PM <DIR> Common Files
12/28/2007 10:23 PM <DIR> DIFX
12/15/2007 08:05 PM <DIR> DivX
01/26/2008 10:54 PM <DIR> Dynex Wireless G Enhanced Adapter
01/20/2008 12:29 PM <DIR> e-anim701
01/20/2008 12:39 PM <DIR> EasyPHP1-8
01/19/2008 11:07 PM <DIR> Exolon
03/07/2007 04:04 PM <DIR> FileZilla
11/19/2005 08:16 PM <DIR> Freeze.com
02/03/2008 09:43 AM <DIR> Google
02/03/2008 09:11 PM <DIR> GtkRadiant 1.5.0
01/26/2008 11:35 AM <DIR> GtkRadiant-1.4
07/27/2007 05:10 PM <DIR> HardwareDetection
08/18/2007 12:17 PM <DIR> Hewlett-Packard
03/08/2006 06:25 PM <DIR> INAC
12/14/2007 06:38 PM <DIR> Internet Explorer
04/17/2006 08:22 PM <DIR> Jasc Software Inc
02/07/2008 07:27 PM <DIR> Java
06/16/2006 06:08 PM <DIR> JCalc
12/19/2005 05:51 PM <DIR> Kjzxhr
09/03/2006 08:12 PM <DIR> Lavasoft
02/18/2007 07:07 PM <DIR> LEGO Media
01/02/2008 04:14 PM <DIR> LimeWire
01/19/2008 09:07 AM <DIR> LocalCooling
08/18/2007 08:55 AM <DIR> Logitech
12/26/2007 11:16 PM <DIR> ma-config.com
08/17/2007 09:42 PM <DIR> ManyCam 2.1
09/03/2006 08:29 PM <DIR> Messenger
01/04/2008 08:04 PM <DIR> Messenger Plus! Live
01/20/2008 11:52 AM <DIR> MessengerPlus! 3
07/11/2005 04:28 PM <DIR> microsoft frontpage
07/11/2005 04:51 PM <DIR> Microsoft Office
06/11/2006 03:48 PM <DIR> Movie Maker
02/11/2008 06:23 PM <DIR> Mozilla Firefox
07/16/2007 10:25 AM <DIR> Mozilla Thunderbird
07/12/2005 05:56 PM <DIR> MSN
09/17/2006 07:29 PM <DIR> MSN Games
07/11/2005 03:55 PM <DIR> MSN Gaming Zone
01/04/2008 10:57 PM <DIR> MSN Messenger
07/23/2005 07:58 PM <DIR> MsnMusic
06/18/2006 07:54 PM <DIR> NetMeeting
12/09/2007 11:31 AM <DIR> NewSoft
12/27/2007 06:35 PM <DIR> NHN USA
09/25/2005 07:44 PM <DIR> Norton AntiVirus
03/03/2007 12:50 PM <DIR> Notepad++
08/17/2007 04:51 PM <DIR> Nvu
11/05/2006 09:44 PM <DIR> Octatec
05/28/2006 09:16 AM <DIR> Online Services
07/01/2006 09:26 AM <DIR> OpenLibraries
02/07/2008 07:30 PM <DIR> OpenOffice.org 2.3
06/14/2007 11:50 AM <DIR> Outlook Express
01/28/2006 08:16 PM <DIR> Panicware
05/23/2006 06:07 PM <DIR> PhotoFiltre
01/02/2007 07:46 PM <DIR> Project64 v1.5
01/19/2008 11:17 PM <DIR> psdriver
12/28/2007 10:24 PM <DIR> Pure Networks
05/21/2006 05:21 PM <DIR> QuickTime
01/13/2008 02:01 PM <DIR> RaGEZONE
01/10/2008 07:17 PM <DIR> RaGEZONE GunZ C4.7
09/29/2007 06:45 PM <DIR> Ref Hotkey
09/29/2007 11:50 AM <DIR> SanDisk
01/12/2008 12:48 PM <DIR> SlySoft
02/04/2008 10:22 AM <DIR> SnIco Edit
02/10/2008 04:03 PM <DIR> Spybot - Search & Destroy
05/22/2006 08:50 AM <DIR> Spyware Nuker 2004
09/25/2005 07:47 PM <DIR> Symantec
01/19/2008 09:08 AM <DIR> SystemRequirementsLab
06/24/2006 11:17 AM <DIR> TClock
11/20/2005 10:17 AM <DIR> The Weather Channel FW
01/19/2008 11:20 PM <DIR> themexp
01/07/2008 12:33 PM <DIR> TheTurtle
08/21/2007 03:20 PM <DIR> TRELLIAN
07/16/2007 10:25 AM <DIR> Tremulous
06/19/2006 01:58 PM <DIR> Virtools Web Player 3.0
09/03/2006 04:55 PM <DIR> Visicom Media
12/28/2007 04:35 PM <DIR> Voice Studio
07/24/2006 02:47 PM <DIR> Web Media Player
07/24/2006 02:45 PM <DIR> WebcamFirst Mail
07/24/2006 02:46 PM <DIR> WhoIs
01/04/2008 10:20 PM <DIR> Windows Live
09/29/2007 12:00 PM <DIR> Windows Media Player
04/09/2006 07:36 PM <DIR> Windows NT
03/24/2007 09:55 AM <DIR> WinRAR
12/17/2006 12:41 PM <DIR> WinZip
01/26/2008 11:35 AM <DIR> Wolfenstein - Enemy Territory
07/11/2005 04:01 PM <DIR> xerox
01/02/2007 10:00 PM <DIR> Zone Labs
0 File(s) 0 bytes
98 Dir(s) 17,650,470,912 bytes free

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
www.musiqueplus.com REG_BINARY
PopupMgr REG_SZ yes

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IPXX929Z.DEFAULT\HOSTPERM.1
host popup 1 codesauxcliques.com
host popup 1 www.masseurox.com
host popup 1 foud.piczo.com
host popup 1 www.jippii.fr
host popup 1 www.msntrucastuce.fr
host popup 1 darhan.be.cx
host popup 1 www.alalettre.com
host popup 1 www.maxicodes.com
host popup 1 www.gameplaymaniak.piczo.com
host popup 1 maxicodes.com
host popup 1 www.trafic-booster.com

******************************************
## Registre

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Amok film nurb meal REG_SZ ; C:\Documents and Settings\All Users\Application Data\heart wave amok film\openace.exe

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
creative barb REG_SZ ; C:\DOCUME~1\User\APPLIC~1\exitglue\Upload Five Dale.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************

Celui de SREng

[CODE]

2008-02-11,18:49:22

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe"> [(Verified)Check Point Software Technologies Ltd.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<CDBurn><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Curren