Message erreur msn : cmsetac.dll (résolu)

Bonjour,

Depuis deux, j\'ai ce message d\'erreur msn, à peine connecté, qu\'une fenêtre s\'ouvre pour me dire que msn va se fermer :






C\'est quoi ce problème s\'il vous plaît ? Je crois que je suis infecté par ce cmsetac.dll, comment faire pour le virer ?
Merci

Bonjour,

Tu es bien infecté par un virus polymorphe, fais ceci pour commencer :

• Télécharge Malwarebytes
  
• Tu auras un tutoriel à ta disposition pour l\'installer et l\'utiliser correctement.
  
• Fais la mise à jour du logiciel (elle se fait normalement à l\'installation)
  
• Lance une analyse complète en cliquant sur \"Exécuter un examen complet\"
  
• Sélectionnes les disques que tu veux analyser et cliques sur \"Lancer l\'examen\"
  
• L\'analyse peut durer un bon moment.....
  
• Une fois l\'analyse terminée, cliques sur \"OK\" puis sur \"Afficher les résultats\"
  
• Vérifies que tout est bien coché et cliques sur \"Supprimer la sélection\" => et ensuite sur \"OK\"
  
• Un rapport va s\'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
  
  
• Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur \"oui\" à la question posée

Bonjour,

VOilà le dernier rapport Malwarebyte :
Malwarebytes\' Anti-Malware 1.41
Version de la base de données: 3126
Windows 5.1.2600 Service Pack 3

09/11/2009 12:36:56
mbam-log-2009-11-09 (12-36-56).txt

Type de recherche: Examen rapide
Eléments examinés: 95851
Temps écoulé: 4 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\\WINDOWS\\cmsetac.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\\WINDOWS\\cmsetac.dll (Trojan.Agent) -> Delete on reboot.
C:\\WINDOWS\\ntdtcstp.dll (Trojan.Agent) -> Delete on reboot.

Bonjour,

Malwarebytes a bien détecté l\'infection par le virus polymorphe, il fallait cependant redémarrer ton ordinateur tout de suite après pour que la suppression du virus soit effective.

Supprime la quarantaine de malwarebytes, refais un scan en mode rapide, s\'il y a lieu coche toute la sélection et redémarre ton ordinateur.

Envoies moi le nouveau rapport généré pas malwarebytes et aussi ceci pour faire une vérification :

• Télécharge Random\'s system information tool (RSIT) et enregistre le sur ton bureau.
  
• Double clique sur RSIT.exe pour lancer l\'outil.
  
• Clique sur \' continue \' à l\'écran Disclaimer.
  
• Si l\'outil HIjackThis (version à jour) n\'est pas présent ou non détecté sur l\'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.

(C:\\RSIT\\log.txt & C:\\RSIT\\info.txt )

(CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


Penses aussi à prévenir tous tes contacts de passer malwarebytes, change de mot de passe msn rapidement, c\'est-à-dire maintenant.

Bonjour,

I/Rapport Malwarebyte
Malwarebytes\' Anti-Malware 1.41
Version de la base de données: 3126
Windows 5.1.2600 Service Pack 3

09/11/2009 17:21:01
mbam-log-2009-11-09 (17-21-01).txt

Type de recherche: Examen rapide
Eléments examinés: 95575
Temps écoulé: 4 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\\WINDOWS\\cmsetac.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\\WINDOWS\\cmsetac.dll (Trojan.Agent) -> Delete on reboot.
C:\\WINDOWS\\ntdtcstp.dll (Trojan.Agent) -> Delete on reboot.

II/ Rapport RSIT[u][/u]
a/Logfile of random\'s system information tool 1.06 (written by random/random)
Run by HAMID at 2009-11-09 17:22:51
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (38%) free of 20 GB
Total RAM: 991 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:21, on 09/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\csrss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\victima.exe
C:\\WINDOWS\\system32\\dllhost.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe
C:\\WINDOWS\\System32\\alg.exe
C:\\WINDOWS\\system32\\CAP3RSK.EXE
C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\CAP3SWK.EXE
C:\\Program Files\\Opera\\opera.exe
C:\\Program Files\\Internet Download Manager\\IDMan.exe
C:\\Program Files\\Internet Download Manager\\IEMonitor.exe
C:\\Documents and Settings\\HAMID\\Bureau\\RSIT.exe
C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe
C:\\Program Files\\trend micro\\HAMID.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Window Title = Windows Internet Explorer
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [Malwarebytes Anti-Malware (reboot)] \"C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe\" /runcleanupscript
O4 - HKLM\\..\\Run: [egui] \"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [victima] C:\\WINDOWS\\victima.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE RÉSEAU\')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252268257859
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe

--
End of file - 6216 bytes

======Scheduled tasks folder======

C:\\WINDOWS\\tasks\\DriverCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll [2009-09-09 173488]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-11-05 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-11-05 73728]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98}

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SunJavaUpdateSched\"=C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-11-05 149280]
\"Malwarebytes Anti-Malware (reboot)\"=C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe [2009-09-10 1312080]
\"egui\"=C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe [2009-03-19 2029640]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]
\"victima\"=C:\\WINDOWS\\victima.exe [2009-11-05 404652]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ADPHONE]
C:\\Program Files\\ADPHONE3\\ADPHONE.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AudioDeck]
C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe [2007-08-09 528384]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\CAP3ON]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3ONN.EXE [2002-07-29 22528]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IMJPMIG8.1]
C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes Anti-Malware (reboot)]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes\' Anti-Malware]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe [2009-09-10 420176]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSPY2002]
C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002A]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002ASync]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminator]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminatorUpdate]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-11-05 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessenger]
C:\\Program Files\\TTMessenger\\ttmessenger2.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessengerPDF]
C:\\Program Files\\TTMessenger\\spool\\PDFSaver.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTPreset]
C:\\WINDOWS\\system32\\VTPreset.exe [2004-02-24 45056]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d\'état de Canon LASER SHOT LBP-1120.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=128
\"NoDriveAutoRun\"=128
\"HonorAutoRunSetting\"=1

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=
\"NoDriveAutoRun\"=
\"NoDriveTypeAutoRun\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE\"=\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe\"=\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe:*:Enabled:Java(TM) Platform SE binary\"
\"C:\\Program Files\\TTMessenger\\ttmessenger2.exe\"=\"C:\\Program Files\\TTMessenger\\ttmessenger2.exe:*:Enabled:ttmessenger2\"
\"C:\\Program Files\\Internet Download Manager\\IDMan.exe\"=\"C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM)\"
\"C:\\Program Files\\ma-config.com\\maconfservice.exe\"=\"C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice\"
\"C:\\Program Files\\ADPHONE3\\ADPHONE.exe\"=\"C:\\Program Files\\ADPHONE3\\ADPHONE.exe:*:Enabled:ADPHONE\"
\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe\"=\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

======List of files/folders created in the last 1 months======

2009-11-09 17:22:52 ----D---- C:\\Program Files\\trend micro
2009-11-09 17:22:51 ----D---- C:\\rsit
2009-11-09 16:55:29 ----N---- C:\\WINDOWS\\ntdtcstp.dll
2009-11-09 16:55:29 ----N---- C:\\WINDOWS\\cmsetac.dll
2009-11-09 13:47:33 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ESET
2009-11-09 13:34:11 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files
2009-11-09 13:21:25 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-08 23:54:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab
2009-11-08 21:47:41 ----A---- C:\\UsbFix.txt
2009-11-08 21:27:59 ----D---- C:\\UsbFix
2009-11-08 18:01:02 ----D---- C:\\Program Files\\ESET
2009-11-07 23:51:02 ----A---- C:\\WINDOWS\\system32\\VB6FR.DLL
2009-11-07 23:51:01 ----D---- C:\\Program Files\\RapidLetters
2009-11-07 15:17:31 ----A---- C:\\WINDOWS\\system32\\hidserv.dll
2009-11-07 00:20:44 ----D---- C:\\Program Files\\eMule
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\java.exe
2009-11-05 01:01:00 ----A---- C:\\WINDOWS\\victima.exe
2009-11-05 00:09:32 ----D---- C:\\Music
2009-11-05 00:06:27 ----D---- C:\\Program Files\\Sagasoft
2009-11-04 23:35:45 ----A---- C:\\WINDOWS\\Mp3CutterJoiner.ini
2009-11-04 23:35:06 ----D---- C:\\My Music
2009-11-04 00:59:51 ----D---- C:\\Program Files\\AskBarDis
2009-11-02 20:57:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\vlc
2009-11-01 18:12:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Real
2009-10-29 19:49:09 ----D---- C:\\WINDOWS\\Sun
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\rmoc3260.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5032.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5016.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pncrt.dll
2009-10-28 17:03:57 ----A---- C:\\WINDOWS\\avisplitter.ini
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\yv12vfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidvfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidcore.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\qt-dx331.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\dpl100.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\divx.dll
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll
2009-10-28 17:03:51 ----D---- C:\\Program Files\\K-Lite Codec Pack
2009-10-24 00:15:16 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer
2009-10-17 13:31:59 ----D---- C:\\WINDOWS\\system32\\Silabs
2009-10-17 13:31:53 ----A---- C:\\WINDOWS\\system32\\InfUnltd.dll_tmp
2009-10-14 11:14:52 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DriverCure
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ParetoLogic
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\DriverCure
2009-10-14 00:53:26 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Software
2009-10-13 15:45:05 ----D---- C:\\Program Files\\NCH Software
2009-10-13 15:43:48 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Program Files\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\NCH Swift Sound

======List of files/folders modified in the last 1 months======

2009-11-09 17:22:55 ----D---- C:\\WINDOWS\\Temp
2009-11-09 17:22:52 ----RD---- C:\\Program Files
2009-11-09 17:22:51 ----D---- C:\\WINDOWS\\Prefetch
2009-11-09 17:10:52 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DMCache
2009-11-09 16:55:38 ----D---- C:\\WINDOWS
2009-11-09 16:55:29 ----D---- C:\\WINDOWS\\Registration
2009-11-09 13:48:31 ----SHD---- C:\\WINDOWS\\Installer
2009-11-09 13:48:24 ----HD---- C:\\WINDOWS\\inf
2009-11-09 13:48:24 ----D---- C:\\WINDOWS\\system32\\drivers
2009-11-09 13:48:01 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-09 13:31:00 ----D---- C:\\WINDOWS\\system32
2009-11-09 13:29:08 ----AD---- C:\\Documents and Settings\\All Users\\Application Data\\TEMP
2009-11-09 01:03:41 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-08 22:03:07 ----SHD---- C:\\RECYCLER
2009-11-08 18:01:04 ----SD---- C:\\WINDOWS\\Downloaded Program Files
2009-11-07 15:17:36 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-05 11:50:38 ----A---- C:\\WINDOWS\\system32\\deploytk.dll
2009-11-05 01:01:13 ----D---- C:\\WINDOWS\\ie8updates
2009-11-05 01:01:00 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-05 01:01:00 ----D---- C:\\WINDOWS\\system32\\CatRoot
2009-11-05 00:10:46 ----A---- C:\\WINDOWS\\powermp3cutterjoiner.ini
2009-11-04 01:14:28 ----D---- C:\\Program Files\\Foxit Software
2009-11-02 23:51:45 ----SD---- C:\\WINDOWS\\Tasks
2009-11-01 01:15:30 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\IDM
2009-10-28 19:23:28 ----D---- C:\\Program Files\\Opera
2009-10-27 23:29:46 ----SH---- C:\\boot.ini
2009-10-27 23:29:46 ----A---- C:\\WINDOWS\\win.ini
2009-10-27 23:29:46 ----A---- C:\\WINDOWS\\system.ini
2009-10-26 16:02:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Microsoft Help
2009-10-24 18:14:24 ----D---- C:\\Program Files\\Fichiers communs\\Microsoft Shared
2009-10-24 18:14:22 ----D---- C:\\WINDOWS\\WinSxS
2009-10-24 17:55:33 ----D---- C:\\Program Files\\Messenger Plus! Live
2009-10-24 00:20:13 ----SD---- C:\\Documents and Settings\\HAMID\\Application Data\\Microsoft
2009-10-22 10:17:28 ----A---- C:\\WINDOWS\\system32\\mshtml.dll
2009-10-21 11:28:53 ----D---- C:\\WINDOWS\\Help
2009-10-17 13:02:55 ----D---- C:\\WINDOWS\\Microsoft.NET
2009-10-17 13:02:50 ----RSD---- C:\\WINDOWS\\assembly
2009-10-17 01:06:27 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-10-17 01:03:47 ----D---- C:\\Program Files\\Internet Explorer
2009-10-16 14:53:43 ----D---- C:\\WINDOWS\\Debug
2009-10-15 18:50:19 ----D---- C:\\WINDOWS\\system32\\wbem
2009-10-14 11:14:45 ----D---- C:\\Program Files\\Fichiers communs
2009-10-13 00:00:43 ----D---- C:\\Program Files\\VIA
2009-10-13 00:00:32 ----D---- C:\\WINDOWS\\system32\\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\\WINDOWS\\system32\\DRIVERS\\ehdrv.sys [2009-03-19 107256]
R1 epfwtdir;epfwtdir; C:\\WINDOWS\\system32\\DRIVERS\\epfwtdir.sys [2009-03-19 93848]
R1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2002-09-07 12032]
R2 eamon;eamon; C:\\WINDOWS\\system32\\DRIVERS\\eamon.sys [2009-03-19 113960]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5bv.sys [2009-06-16 46592]
R3 MBAMProtector;MBAMProtector; \\??\\C:\\WINDOWS\\system32\\drivers\\mbam.sys []
R3 mf;mf; C:\\WINDOWS\\system32\\DRIVERS\\mf.sys [2008-04-13 63744]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\\WINDOWS\\system32\\drivers\\msmpu401.sys [2001-08-17 2944]
R3 S3Psddr;S3Psddr; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC\'97 Audio Controller (WDM); C:\\WINDOWS\\system32\\drivers\\vinyl97.sys [2007-06-27 207488]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software); C:\\WINDOWS\\system32\\DRIVERS\\evsbc.sys [2007-06-12 26448]
R3 vusbbus;Virtual Usb Bus Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vusbbus.sys [2005-09-22 11520]
S1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
S3 driverhardwarev2;driverhardwarev2; \\??\\C:\\Program Files\\ma-config.com\\Drivers\\driverhardwarev2.sys []
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate); C:\\WINDOWS\\System32\\DRIVERS\\evserial.sys [2007-06-12 52944]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2001-08-23 12288]
S3 S3SavageNB;S3SavageNB; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\\WINDOWS\\system32\\DRIVERS\\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\\WINDOWS\\system32\\drivers\\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe [2009-03-19 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-11-05 153376]
R2 MBAMService;MBAMService; C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe [2009-09-10 269648]
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe [2009-03-19 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\\Program Files\\ma-config.com\\maconfservice.exe [2009-09-23 238960]
S3 odserv;Microsoft Office Diagnostics Service; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\OFFICE12\\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Source Engine\\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
b/ info.txt logfile of random\'s system information tool 1.06 2009-11-09 17:29:23

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\\WINDOWS\\INF\\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Adobe Flash Player 10 ActiveX-->C:\\WINDOWS\\system32\\Macromed\\Flash\\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\\WINDOWS\\system32\\Macromed\\Flash\\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->\"C:\\WINDOWS\\system32\\Adobe\\Shockwave 11\\uninstaller.exe\"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Canon LASER SHOT LBP-1120-->C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3UNIK.EXE
CCleaner-->\"C:\\Program Files\\CCleaner\\uninst.exe\"
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
EasyRecovery Professional-->C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\Driver\\7\\INTEL3~1\\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1036
eMule-->\"C:\\Program Files\\eMule\\Uninstall.exe\"
ESET Online Scanner v3-->C:\\Program Files\\ESET\\ESET Online Scanner\\OnlineScannerUninstaller.exe
EVEREST Ultimate Edition v5.30-->\"C:\\Program Files\\Lavalys\\EVEREST Ultimate Edition\\unins000.exe\"
Foxit Reader-->C:\\Program Files\\Foxit Software\\Foxit Reader\\Uninstall.exe
Foxit Toolbar-->\"C:\\Program Files\\AskBarDis\\unins000.exe\"
HijackThis 2.0.2-->\"C:\\Program Files\\trend micro\\HijackThis.exe\" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=\"\"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=\"\"
HP USB Disk Storage Format Tool-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\\Setup.exe\" -l0x9 anything
Installation Windows Live-->C:\\Program Files\\Windows Live\\Installer\\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Internet Download Manager-->C:\\Program Files\\Internet Download Manager\\Uninstall.exe
IrfanView (remove only)-->C:\\Program Files\\IrfanView\\iv_uninstall.exe
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
K-Lite Mega Codec Pack 5.4.0-->\"C:\\Program Files\\K-Lite Codec Pack\\unins000.exe\"
Lecteur Windows Media 11-->\"C:\\Program Files\\Windows Media Player\\Setup_wm.exe\" /Uninstall
Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}
Malwarebytes\' Anti-Malware-->\"C:\\Program Files\\Malwarebytes\' Anti-Malware\\unins000.exe\"
Messenger Plus! Live-->\"C:\\Program Files\\Messenger Plus! Live\\Uninstall.exe\"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Microsoft .NET Framework 3.5 SP1\\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->\"C:\\Program Files\\Fichiers communs\\Microsoft Shared\\OFFICE12\\Office Setup Controller\\setup.exe\" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->\"C:\\WINDOWS\\ie8updates\\KB971961-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->\"C:\\WINDOWS\\ie8updates\\KB972260-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->\"C:\\WINDOWS\\ie8updates\\KB974455-IE8\\spuninst\\spuninst.exe\"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->\"C:\\WINDOWS\\ie8updates\\KB976749-IE8\\spuninst\\spuninst.exe\"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\\setup.exe
Mozilla Firefox (3.5.5)-->C:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NCH Toolbox-->C:\\Program Files\\NCH Swift Sound\\ToolBox\\uninst.exe
Opera 10.01-->MsiExec.exe /X{4B296228-DF7C-43EA-8DED-76027355B219}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Power MP3 Cutter Joiner 1.11-->\"C:\\Program Files\\Sagasoft\\Power MP3 Cutter Joiner\\unins000.exe\"
Prism Video Converter-->C:\\Program Files\\NCH Software\\Prism\\uninst.exe
ProSavageDDR and Utilities-->C:\\PROGRA~1\\S3Inc\\P4M266\\s3setvga.exe -s -fC:\\PROGRA~1\\S3Inc\\P4M266\\P4M266.uns
RapidLetters v3.0.2-->\"C:\\Program Files\\RapidLetters\\unins000.exe\"
S3Display-->s3uninst.exe -reg 5 \'HKLM\\Software\\S3\\S3Uninst\\S3Display\'
S3Gamma2-->s3uninst.exe -reg 5 \'HKLM\\Software\\S3\\S3Uninst\\S3Gamma2\'
S3Info2-->s3uninst.exe -reg 5 \'HKLM\\Software\\S3\\S3Uninst\\S3Info2\'
S3Overlay-->s3uninst.exe -reg 5 \'HKLM\\Software\\S3\\S3Uninst\\S3Overlay\'
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Switch Sound File Converter-->C:\\Program Files\\NCH Swift Sound\\Switch\\uninst.exe
The KMPlayer v2.9.4.1434 FR-->\"C:\\Program Files\\The KMPlayer FR\\unins000.exe\"
Total Video Converter 3.21 090220-->\"C:\\Program Files\\Total Video Converter\\unins000.exe\"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=\"\"
Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}
VeryPDF PDF2Word v3.0-->\"C:\\Program Files\\VeryPDF PDF2Word v3.0\\unins000.exe\"
VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\\WINDOWS\\IsUninst.exe -f\"C:\\PROGRA~1\\VIAudioi\\SBASetup\\Uninst.isu\"
VIA Gestionnaire de périphériques de plate-forme-->C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\Driver\\7\\INTEL3~1\\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VLC media player 1.0.3-->C:\\Program Files\\VideoLAN\\VLC\\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Format 11 runtime-->\"C:\\Program Files\\Windows Media Player\\wmsetsdk.exe\" /UninstallAll
Windows XP Service Pack 3-->\"C:\\WINDOWS\\$NtServicePackUninstall$\\spuninst\\spuninst.exe\"
WinRAR archiver-->C:\\Program Files\\WinRAR\\uninstall.exe

======Hosts File======

127.0.0.1 mpa.one.microsoft.com

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: HAMID-DD51DAF0F
Event Code: 7036
Message: Le service Windows Installer est entré dans l\'état : arrêté.

Record Number: 4891
Source Name: Service Control Manager
Time Written: 20091013000108.000000+060
Event Type: Informations
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 7036
Message: Le service Windows Installer est entré dans l\'état : en cours d\'exécution.

Record Number: 4890
Source Name: Service Control Manager
Time Written: 20091013000012.000000+060
Event Type: Informations
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Windows Installer.

Record Number: 4889
Source Name: Service Control Manager
Time Written: 20091013000012.000000+060
Event Type: Informations
User: AUTORITE NT\\SYSTEM

Computer Name: HAMID-DD51DAF0F
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service cpuz132.

Record Number: 4888
Source Name: Service Control Manager
Time Written: 20091012235149.000000+060
Event Type: Informations
User: AUTORITE NT\\SYSTEM

Computer Name: HAMID-DD51DAF0F
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service driverhardwarev2.

Record Number: 4887
Source Name: Service Control Manager
Time Written: 20091012235149.000000+060
Event Type: Informations
User: AUTORITE NT\\SYSTEM

=====Application event log=====

Computer Name: HAMID-DD51DAF0F
Event Code: 5000
Message:
Record Number: 441
Source Name: MPSampleSubmission
Time Written: 20091007211451.000000+060
Event Type: erreur
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 5000
Message:
Record Number: 440
Source Name: MPSampleSubmission
Time Written: 20091007211439.000000+060
Event Type: erreur
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 5000
Message:
Record Number: 439
Source Name: MPSampleSubmission
Time Written: 20091007211429.000000+060
Event Type: erreur
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 5000
Message:
Record Number: 438
Source Name: MPSampleSubmission
Time Written: 20091007211409.000000+060
Event Type: erreur
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 5000
Message:
Record Number: 437
Source Name: MPSampleSubmission
Time Written: 20091007211349.000000+060
Event Type: erreur
User:

======Environment variables======

\"ComSpec\"=%SystemRoot%\\system32\\cmd.exe
\"Path\"=%SystemRoot%\\system32;%SystemRoot%;%SystemRoot%\\System32\\Wbem
\"windir\"=%SystemRoot%
\"FP_NO_HOST_CHECK\"=NO
\"OS\"=Windows_NT
\"PROCESSOR_ARCHITECTURE\"=x86
\"PROCESSOR_LEVEL\"=15
\"PROCESSOR_IDENTIFIER\"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
\"PROCESSOR_REVISION\"=0401
\"NUMBER_OF_PROCESSORS\"=1
\"PATHEXT\"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
\"TEMP\"=%SystemRoot%\\TEMP
\"TMP\"=%SystemRoot%\\TEMP

-----------------EOF-----------------
Merci pour tout...j\'attends ton analyse

Bonjour,

I/ Rapport Malwarebyte
Malwarebytes\' Anti-Malware 1.41
Version de la base de données: 3126
Windows 5.1.2600 Service Pack 3

09/11/2009 17:21:01
mbam-log-2009-11-09 (17-21-01).txt

Type de recherche: Examen rapide
Eléments examinés: 95575
Temps écoulé: 4 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\\WINDOWS\\cmsetac.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\\WINDOWS\\cmsetac.dll (Trojan.Agent) -> Delete on reboot.
C:\\WINDOWS\\ntdtcstp.dll (Trojan.Agent) -> Delete on reboot.

II/ Rapport RSIT
1°/
Logfile of random\'s system information tool 1.06 (written by random/random)
Run by HAMID at 2009-11-09 17:22:51
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (38%) free of 20 GB
Total RAM: 991 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:21, on 09/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\csrss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\victima.exe
C:\\WINDOWS\\system32\\dllhost.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe
C:\\WINDOWS\\System32\\alg.exe
C:\\WINDOWS\\system32\\CAP3RSK.EXE
C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\CAP3SWK.EXE
C:\\Program Files\\Opera\\opera.exe
C:\\Program Files\\Internet Download Manager\\IDMan.exe
C:\\Program Files\\Internet Download Manager\\IEMonitor.exe
C:\\Documents and Settings\\HAMID\\Bureau\\RSIT.exe
C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe
C:\\Program Files\\trend micro\\HAMID.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Window Title = Windows Internet Explorer
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [Malwarebytes Anti-Malware (reboot)] \"C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe\" /runcleanupscript
O4 - HKLM\\..\\Run: [egui] \"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [victima] C:\\WINDOWS\\victima.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE LOCAL\')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SERVICE RÉSEAU\')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252268257859
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe

--
End of file - 6216 bytes

======Scheduled tasks folder======

C:\\WINDOWS\\tasks\\DriverCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll [2009-09-09 173488]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-11-05 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-11-05 73728]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98}

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SunJavaUpdateSched\"=C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-11-05 149280]
\"Malwarebytes Anti-Malware (reboot)\"=C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe [2009-09-10 1312080]
\"egui\"=C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe [2009-03-19 2029640]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]
\"victima\"=C:\\WINDOWS\\victima.exe [2009-11-05 404652]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ADPHONE]
C:\\Program Files\\ADPHONE3\\ADPHONE.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AudioDeck]
C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe [2007-08-09 528384]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\CAP3ON]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3ONN.EXE [2002-07-29 22528]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IMJPMIG8.1]
C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes Anti-Malware (reboot)]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes\' Anti-Malware]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe [2009-09-10 420176]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSPY2002]
C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002A]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002ASync]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminator]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminatorUpdate]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-11-05 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessenger]
C:\\Program Files\\TTMessenger\\ttmessenger2.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessengerPDF]
C:\\Program Files\\TTMessenger\\spool\\PDFSaver.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTPreset]
C:\\WINDOWS\\system32\\VTPreset.exe [2004-02-24 45056]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d\'état de Canon LASER SHOT LBP-1120.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=128
\"NoDriveAutoRun\"=128
\"HonorAutoRunSetting\"=1

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=
\"NoDriveAutoRun\"=
\"NoDriveTypeAutoRun\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE\"=\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe\"=\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe:*:Enabled:Java(TM) Platform SE binary\"
\"C:\\Program Files\\TTMessenger\\ttmessenger2.exe\"=\"C:\\Program Files\\TTMessenger\\ttmessenger2.exe:*:Enabled:ttmessenger2\"
\"C:\\Program Files\\Internet Download Manager\\IDMan.exe\"=\"C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM)\"
\"C:\\Program Files\\ma-config.com\\maconfservice.exe\"=\"C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice\"
\"C:\\Program Files\\ADPHONE3\\ADPHONE.exe\"=\"C:\\Program Files\\ADPHONE3\\ADPHONE.exe:*:Enabled:ADPHONE\"
\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe\"=\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

======List of files/folders created in the last 1 months======

2009-11-09 17:22:52 ----D---- C:\\Program Files\\trend micro
2009-11-09 17:22:51 ----D---- C:\\rsit
2009-11-09 16:55:29 ----N---- C:\\WINDOWS\\ntdtcstp.dll
2009-11-09 16:55:29 ----N---- C:\\WINDOWS\\cmsetac.dll
2009-11-09 13:47:33 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ESET
2009-11-09 13:34:11 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files
2009-11-09 13:21:25 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-08 23:54:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab
2009-11-08 21:47:41 ----A---- C:\\UsbFix.txt
2009-11-08 21:27:59 ----D---- C:\\UsbFix
2009-11-08 18:01:02 ----D---- C:\\Program Files\\ESET
2009-11-07 23:51:02 ----A---- C:\\WINDOWS\\system32\\VB6FR.DLL
2009-11-07 23:51:01 ----D---- C:\\Program Files\\RapidLetters
2009-11-07 15:17:31 ----A---- C:\\WINDOWS\\system32\\hidserv.dll
2009-11-07 00:20:44 ----D---- C:\\Program Files\\eMule
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\java.exe
2009-11-05 01:01:00 ----A---- C:\\WINDOWS\\victima.exe
2009-11-05 00:09:32 ----D---- C:\\Music
2009-11-05 00:06:27 ----D---- C:\\Program Files\\Sagasoft
2009-11-04 23:35:45 ----A---- C:\\WINDOWS\\Mp3CutterJoiner.ini
2009-11-04 23:35:06 ----D---- C:\\My Music
2009-11-04 00:59:51 ----D---- C:\\Program Files\\AskBarDis
2009-11-02 20:57:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\vlc
2009-11-01 18:12:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Real
2009-10-29 19:49:09 ----D---- C:\\WINDOWS\\Sun
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\rmoc3260.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5032.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5016.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pncrt.dll
2009-10-28 17:03:57 ----A---- C:\\WINDOWS\\avisplitter.ini
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\yv12vfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidvfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidcore.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\qt-dx331.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\dpl100.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\divx.dll
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll
2009-10-28 17:03:51 ----D---- C:\\Program Files\\K-Lite Codec Pack
2009-10-24 00:15:16 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer
2009-10-17 13:31:59 ----D---- C:\\WINDOWS\\system32\\Silabs
2009-10-17 13:31:53 ----A---- C:\\WINDOWS\\system32\\InfUnltd.dll_tmp
2009-10-14 11:14:52 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DriverCure
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ParetoLogic
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\DriverCure
2009-10-14 00:53:26 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Software
2009-10-13 15:45:05 ----D---- C:\\Program Files\\NCH Software
2009-10-13 15:43:48 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Program Files\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\NCH Swift Sound

======List of files/folders modified in the last 1 months======

2009-11-09 17:22:55 ----D---- C:\\WINDOWS\\Temp
2009-11-09 17:22:52 ----RD---- C:\\Program Files
2009-11-09 17:22:51 ----D---- C:\\WINDOWS\\Prefetch
2009-11-09 17:10:52 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DMCache
2009-11-09 16:55:38 ----D---- C:\\WINDOWS
2009-11-09 16:55:29 ----D---- C:\\WINDOWS\\Registration
2009-11-09 13:48:31 ----SHD---- C:\\WINDOWS\\Installer
2009-11-09 13:48:24 ----HD---- C:\\WINDOWS\\inf
2009-11-09 13:48:24 ----D---- C:\\WINDOWS\\system32\\drivers
2009-11-09 13:48:01 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-09 13:31:00 ----D---- C:\\WINDOWS\\system32
2009-11-09 13:29:08 ----AD---- C:\\Documents and Settings\\All Users\\Application Data\\TEMP
2009-11-09 01:03:41 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-08 22:03:07 ----SHD---- C:\\RECYCLER
2009-11-08 18:01:04 ----SD---- C:\\WINDOWS\\Downloaded Program Files
2009-11-07 15:17:36 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-05 11:50:38 ----A---- C:\\WINDOWS\\system32\\deploytk.dll
2009-11-05 01:01:13 ----D---- C:\\WINDOWS\\ie8updates
2009-11-05 01:01:00 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-05 01:01:00 ----D---- C:\\WINDOWS\\system32\\CatRoot
2009-11-05 00:10:46 ----A---- C:\\WINDOWS\\powermp3cutterjoiner.ini
2009-11-04 01:14:28 ----D---- C:\\Program Files\\Foxit Software
2009-11-02 23:51:45 ----SD---- C:\\WINDOWS\\Tasks
2009-11-01 01:15:30 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\IDM
2009-10-28 19:23:28 ----D---- C:\\Program Files\\Opera
2009-10-27 23:29:46 ----SH---- C:\\boot.ini
2009-10-27 23:29:46 ----A---- C:\\WINDOWS\\win.ini
2009-10-27 23:29:46 ----A---- C:\\WINDOWS\\system.ini
2009-10-26 16:02:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Microsoft Help
2009-10-24 18:14:24 ----D---- C:\\Program Files\\Fichiers communs\\Microsoft Shared
2009-10-24 18:14:22 ----D---- C:\\WINDOWS\\WinSxS
2009-10-24 17:55:33 ----D---- C:\\Program Files\\Messenger Plus! Live
2009-10-24 00:20:13 ----SD---- C:\\Documents and Settings\\HAMID\\Application Data\\Microsoft
2009-10-22 10:17:28 ----A---- C:\\WINDOWS\\system32\\mshtml.dll
2009-10-21 11:28:53 ----D---- C:\\WINDOWS\\Help
2009-10-17 13:02:55 ----D---- C:\\WINDOWS\\Microsoft.NET
2009-10-17 13:02:50 ----RSD---- C:\\WINDOWS\\assembly
2009-10-17 01:06:27 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-10-17 01:03:47 ----D---- C:\\Program Files\\Internet Explorer
2009-10-16 14:53:43 ----D---- C:\\WINDOWS\\Debug
2009-10-15 18:50:19 ----D---- C:\\WINDOWS\\system32\\wbem
2009-10-14 11:14:45 ----D---- C:\\Program Files\\Fichiers communs
2009-10-13 00:00:43 ----D---- C:\\Program Files\\VIA
2009-10-13 00:00:32 ----D---- C:\\WINDOWS\\system32\\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\\WINDOWS\\system32\\DRIVERS\\ehdrv.sys [2009-03-19 107256]
R1 epfwtdir;epfwtdir; C:\\WINDOWS\\system32\\DRIVERS\\epfwtdir.sys [2009-03-19 93848]
R1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2002-09-07 12032]
R2 eamon;eamon; C:\\WINDOWS\\system32\\DRIVERS\\eamon.sys [2009-03-19 113960]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5bv.sys [2009-06-16 46592]
R3 MBAMProtector;MBAMProtector; \\??\\C:\\WINDOWS\\system32\\drivers\\mbam.sys []
R3 mf;mf; C:\\WINDOWS\\system32\\DRIVERS\\mf.sys [2008-04-13 63744]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\\WINDOWS\\system32\\drivers\\msmpu401.sys [2001-08-17 2944]
R3 S3Psddr;S3Psddr; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC\'97 Audio Controller (WDM); C:\\WINDOWS\\system32\\drivers\\vinyl97.sys [2007-06-27 207488]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software); C:\\WINDOWS\\system32\\DRIVERS\\evsbc.sys [2007-06-12 26448]
R3 vusbbus;Virtual Usb Bus Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vusbbus.sys [2005-09-22 11520]
S1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
S3 driverhardwarev2;driverhardwarev2; \\??\\C:\\Program Files\\ma-config.com\\Drivers\\driverhardwarev2.sys []
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate); C:\\WINDOWS\\System32\\DRIVERS\\evserial.sys [2007-06-12 52944]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2001-08-23 12288]
S3 S3SavageNB;S3SavageNB; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\\WINDOWS\\system32\\DRIVERS\\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\\WINDOWS\\system32\\drivers\\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe [2009-03-19 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-11-05 153376]
R2 MBAMService;MBAMService; C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe [2009-09-10 269648]
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe [2009-03-19 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\\Program Files\\ma-config.com\\maconfservice.exe [2009-09-23 238960]
S3 odserv;Microsoft Office Diagnostics Service; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\OFFICE12\\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Source Engine\\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
2°/
info.txt logfile of random\'s system information tool 1.06 2009-11-09 17:29:23

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\\WINDOWS\\INF\\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Adobe Flash Player 10 ActiveX-->C:\\WINDOWS\\system32\\Macromed\\Flash\\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\\WINDOWS\\system32\\Macromed\\Flash\\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->\"C:\\WINDOWS\\system32\\Adobe\\Shockwave 11\\uninstaller.exe\"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Canon LASER SHOT LBP-1120-->C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3UNIK.EXE
CCleaner-->\"C:\\Program Files\\CCleaner\\uninst.exe\"
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
EasyRecovery Professional-->C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\Driver\\7\\INTEL3~1\\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1036
eMule-->\"C:\\Program Files\\eMule\\Uninstall.exe\"
ESET Online Scanner v3-->C:\\Program Files\\ESET\\ESET Online Scanner\\OnlineScannerUninstaller.exe
EVEREST Ultimate Edition v5.30-->\"C:\\Program Files\\Lavalys\\EVEREST Ultimate Edition\\unins000.exe\"
Foxit Reader-->C:\\Program Files\\Foxit Software\\Foxit Reader\\Uninstall.exe
Foxit Toolbar-->\"C:\\Program Files\\AskBarDis\\unins000.exe\"
HijackThis 2.0.2-->\"C:\\Program Files\\trend micro\\HijackThis.exe\" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=\"\"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=\"\"
HP USB Disk Storage Format Tool-->RunDll32 C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\\Setup.exe\" -l0x9 anything
Installation Windows Live-->C:\\Program Files\\Windows Live\\Installer\\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Internet Download Manager-->C:\\Program Files\\Internet Download Manager\\Uninstall.exe
IrfanView (remove only)-->C:\\Program Files\\IrfanView\\iv_uninstall.exe
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
K-Lite Mega Codec Pack 5.4.0-->\"C:\\Program Files\\K-Lite Codec Pack\\unins000.exe\"
Lecteur Windows Media 11-->\"C:\\Program Files\\Windows Media Player\\Setup_wm.exe\" /Uninstall
Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}
Malwarebytes\' Anti-Malware-->\"C:\\Program Files\\Malwarebytes\' Anti-Malware\\unins000.exe\"
Messenger Plus! Live-->\"C:\\Program Files\\Messenger Plus! Live\\Uninstall.exe\"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Microsoft .NET Framework 3.5 SP1\\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->\"C:\\Program Files\\Fichiers communs\\Microsoft Shared\\OFFICE12\\Office Setup Controller\\setup.exe\" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->\"C:\\WINDOWS\\ie8updates\\KB971961-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->\"C:\\WINDOWS\\ie8updates\\KB972260-IE8\\spuninst\\spuninst.exe\"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->\"C:\\WINDOWS\\ie8updates\\KB974455-IE8\\spuninst\\spuninst.exe\"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->\"C:\\WINDOWS\\ie8updates\\KB976749-IE8\\spuninst\\spuninst.exe\"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\\setup.exe
Mozilla Firefox (3.5.5)-->C:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NCH Toolbox-->C:\\Program Files\\NCH Swift Sound\\ToolBox\\uninst.exe
Opera 10.01-->MsiExec.exe /X{4B296228-DF7C-43EA-8DED-76027355B219}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Power MP3 Cutter Joiner 1.11-->\"C:\\Program Files\\Sagasoft\\Power MP3 Cutter Joiner\\unins000.exe\"
Prism Video Converter-->C:\\Program Files\\NCH Software\\Prism\\uninst.exe
ProSavageDDR and Utilities-->C:\\PROGRA~1\\S3Inc\\P4M266\\s3setvga.exe -s -fC:\\PROGRA~1\\S3Inc\\P4M266\\P4M266.uns
RapidLetters v3.0.2-->\"C:\\Program Files\\RapidLetters\\unins000.exe\"
S3Display-->s3uninst.exe -reg 5 \'HKLM\\Software\\S3\\S3Uninst\\S3Display\'
S3Gamma2-->s3uninst.exe -reg 5 \'HKLM\\Software\\S3\\S3Uninst\\S3Gamma2\'
S3Info2-->s3uninst.exe -reg 5 \'HKLM\\Software\\S3\\S3Uninst\\S3Info2\'
S3Overlay-->s3uninst.exe -reg 5 \'HKLM\\Software\\S3\\S3Uninst\\S3Overlay\'
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Switch Sound File Converter-->C:\\Program Files\\NCH Swift Sound\\Switch\\uninst.exe
The KMPlayer v2.9.4.1434 FR-->\"C:\\Program Files\\The KMPlayer FR\\unins000.exe\"
Total Video Converter 3.21 090220-->\"C:\\Program Files\\Total Video Converter\\unins000.exe\"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\\WINDOWS\\system32\\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=\"\"
Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}
VeryPDF PDF2Word v3.0-->\"C:\\Program Files\\VeryPDF PDF2Word v3.0\\unins000.exe\"
VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\\WINDOWS\\IsUninst.exe -f\"C:\\PROGRA~1\\VIAudioi\\SBASetup\\Uninst.isu\"
VIA Gestionnaire de périphériques de plate-forme-->C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\Driver\\7\\INTEL3~1\\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VLC media player 1.0.3-->C:\\Program Files\\VideoLAN\\VLC\\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Format 11 runtime-->\"C:\\Program Files\\Windows Media Player\\wmsetsdk.exe\" /UninstallAll
Windows XP Service Pack 3-->\"C:\\WINDOWS\\$NtServicePackUninstall$\\spuninst\\spuninst.exe\"
WinRAR archiver-->C:\\Program Files\\WinRAR\\uninstall.exe

======Hosts File======

127.0.0.1 mpa.one.microsoft.com

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: HAMID-DD51DAF0F
Event Code: 7036
Message: Le service Windows Installer est entré dans l\'état : arrêté.

Record Number: 4891
Source Name: Service Control Manager
Time Written: 20091013000108.000000+060
Event Type: Informations
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 7036
Message: Le service Windows Installer est entré dans l\'état : en cours d\'exécution.

Record Number: 4890
Source Name: Service Control Manager
Time Written: 20091013000012.000000+060
Event Type: Informations
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Windows Installer.

Record Number: 4889
Source Name: Service Control Manager
Time Written: 20091013000012.000000+060
Event Type: Informations
User: AUTORITE NT\\SYSTEM

Computer Name: HAMID-DD51DAF0F
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service cpuz132.

Record Number: 4888
Source Name: Service Control Manager
Time Written: 20091012235149.000000+060
Event Type: Informations
User: AUTORITE NT\\SYSTEM

Computer Name: HAMID-DD51DAF0F
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service driverhardwarev2.

Record Number: 4887
Source Name: Service Control Manager
Time Written: 20091012235149.000000+060
Event Type: Informations
User: AUTORITE NT\\SYSTEM

=====Application event log=====

Computer Name: HAMID-DD51DAF0F
Event Code: 5000
Message:
Record Number: 441
Source Name: MPSampleSubmission
Time Written: 20091007211451.000000+060
Event Type: erreur
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 5000
Message:
Record Number: 440
Source Name: MPSampleSubmission
Time Written: 20091007211439.000000+060
Event Type: erreur
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 5000
Message:
Record Number: 439
Source Name: MPSampleSubmission
Time Written: 20091007211429.000000+060
Event Type: erreur
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 5000
Message:
Record Number: 438
Source Name: MPSampleSubmission
Time Written: 20091007211409.000000+060
Event Type: erreur
User:

Computer Name: HAMID-DD51DAF0F
Event Code: 5000
Message:
Record Number: 437
Source Name: MPSampleSubmission
Time Written: 20091007211349.000000+060
Event Type: erreur
User:

======Environment variables======

\"ComSpec\"=%SystemRoot%\\system32\\cmd.exe
\"Path\"=%SystemRoot%\\system32;%SystemRoot%;%SystemRoot%\\System32\\Wbem
\"windir\"=%SystemRoot%
\"FP_NO_HOST_CHECK\"=NO
\"OS\"=Windows_NT
\"PROCESSOR_ARCHITECTURE\"=x86
\"PROCESSOR_LEVEL\"=15
\"PROCESSOR_IDENTIFIER\"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
\"PROCESSOR_REVISION\"=0401
\"NUMBER_OF_PROCESSORS\"=1
\"PATHEXT\"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
\"TEMP\"=%SystemRoot%\\TEMP
\"TMP\"=%SystemRoot%\\TEMP

-----------------EOF-----------------
Merci pour tout
J\'attends votre analyse

Bonjour,

Tu n\'as toujours pas utilisé malwarebytes comme il faut.

A la fin du scan, il faut :

• Une fois l\'analyse terminée, cliques sur \"OK\" puis sur \"Afficher les résultats\"
  
• Vérifies que tout est bien coché et cliques sur \"Supprimer la sélection\" => et ensuite sur \"OK\"
  
• Un rapport va s\'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
  
  
• Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur \"oui\" à la question posée

L\'infection est toujours présente sur ton ordinateur.

Relance une nouvelles fois malwarebytes et fais à la lettre ce qui est indiqué ci-dessus. postes le rapport de malwarebytes.

Tu as d\'autres infections, je finis l\'analyse de RSIT et je te donne la marche à suivre, il faut tout d\'abord supprimer le virus msn.

Bonjour,

Rapport Malwarebyte fait comme sus indiqué
Malwarebytes\' Anti-Malware 1.41
Version de la base de données: 3126
Windows 5.1.2600 Service Pack 3

09/11/2009 18:08:40
mbam-log-2009-11-09 (18-08-40).txt

Type de recherche: Examen rapide
Eléments examinés: 96252
Temps écoulé: 4 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\\WINDOWS\\cmsetac.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\\WINDOWS\\cmsetac.dll (Trojan.Agent) -> Delete on reboot.
C:\\WINDOWS\\ntdtcstp.dll (Trojan.Agent) -> Delete on reboot.

Bonjour,

Malwarebytes te demande t-il de redémarrer ton ordinateur ?

Bonjour,

Oui, il me le demande à chaque fois qu\'il trouve des infections. Et c\'est ce que je fais automatiquement.

Bonjour,

ok, on va changer de stratégie, avant d\'aller plus loin, connais tu ce programme :

victima.exe ?

Bonjour,

Non je ne connais pas ce programme, c\'est la première fois que j\'en entends parler. Pourquoi ?

Bonjour,

Parce qu\'il est installé sur ton ordinateur tout simplement, et que je ne trouve rien sur lui sur internet.

on va passer à la suite :

A l\'attention de ceux qui passent sur ce sujet

Le logiciel qui suit n\'est pas à utiliser à la légère et peut faire des dégâts s\'il est mal utilisé ! Ne le faites que si un helper du forum qui connait bien cet outil vous l\'a recommandé.

/!\\ Désactive tous tes logiciels de protection /!\\

• Télécharge ComboFix (de sUBs) sur ton Bureau
  
• Double-clique sur ComboFix.exe afin de le lancer.
  
• Il va te demander d\'installer la console de récupération : accepte.
  
• Ne touche à rien pendant le scan.
  
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Bonjour,

Rapport Combofix :

ComboFix 09-11-08.03 - HAMID 09/11/2009 23:38.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.991.530 [GMT 1:00]
Lancé depuis: c:\\documents and settings\\HAMID\\Bureau\\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\documents and settings\\HAMID\\Mes documents\\cc_20091102_235816.reg
c:\\documents and settings\\HAMID\\Mes documents\\cc_20091105_000554.reg
c:\\documents and settings\\HAMID\\Mes documents\\cc_20091109_132004.reg
c:\\windows\\cmsetac.dll
c:\\windows\\ntdtcstp.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-09 au 2009-11-09 ))))))))))))))))))))))))))))))))))))
.

2009-11-09 17:47 . 2009-11-09 17:55 283136 ----a-w- c:\\windows\\twmsico.dll
2009-11-09 16:22 . 2009-11-09 16:29 -------- d-----w- c:\\program files\\trend micro
2009-11-09 16:22 . 2009-11-09 16:29 -------- d-----w- C:\\rsit
2009-11-09 13:36 . 2009-11-09 13:36 -------- d-----w- c:\\documents and settings\\LocalService\\Local Settings\\Application Data\\ESET
2009-11-09 12:48 . 2009-11-09 12:48 -------- d-----w- c:\\documents and settings\\HAMID\\Local Settings\\Application Data\\ESET
2009-11-09 12:47 . 2009-11-09 12:47 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\ESET
2009-11-09 12:34 . 2009-11-09 12:34 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\Kaspersky Lab Setup Files
2009-11-08 22:54 . 2009-11-08 22:54 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\Kaspersky Lab
2009-11-08 20:27 . 2009-11-08 20:48 -------- d-----w- C:\\UsbFix
2009-11-08 17:01 . 2009-11-09 12:47 -------- d-----w- c:\\program files\\ESET
2009-11-07 22:51 . 1998-07-12 23:00 119568 ----a-w- c:\\windows\\system32\\VB6FR.DLL
2009-11-07 22:51 . 2009-11-07 22:51 -------- d-----w- c:\\program files\\RapidLetters
2009-11-07 14:17 . 2008-04-14 03:33 21504 -c--a-w- c:\\windows\\system32\\dllcache\\hidserv.dll
2009-11-07 14:17 . 2008-04-14 03:33 21504 ----a-w- c:\\windows\\system32\\hidserv.dll
2009-11-07 14:17 . 2001-08-23 16:04 12288 -c--a-w- c:\\windows\\system32\\dllcache\\mouhid.sys
2009-11-07 14:17 . 2001-08-23 16:04 12288 ----a-w- c:\\windows\\system32\\drivers\\mouhid.sys
2009-11-07 14:17 . 2008-04-14 03:05 14720 -c--a-w- c:\\windows\\system32\\dllcache\\kbdhid.sys
2009-11-07 14:17 . 2008-04-14 03:05 14720 ----a-w- c:\\windows\\system32\\drivers\\kbdhid.sys
2009-11-07 14:17 . 2008-04-13 19:45 10368 -c--a-w- c:\\windows\\system32\\dllcache\\hidusb.sys
2009-11-07 14:17 . 2008-04-13 19:45 10368 ----a-w- c:\\windows\\system32\\drivers\\hidusb.sys
2009-11-07 14:17 . 2008-04-13 19:45 32128 -c--a-w- c:\\windows\\system32\\dllcache\\usbccgp.sys
2009-11-07 14:17 . 2008-04-13 19:45 32128 ----a-w- c:\\windows\\system32\\drivers\\usbccgp.sys
2009-11-06 23:20 . 2009-11-06 23:28 -------- d-----w- c:\\program files\\eMule
2009-11-05 10:49 . 2009-11-05 10:49 152576 ----a-w- c:\\documents and settings\\HAMID\\Application Data\\Sun\\Java\\jre1.6.0_17\\lzma.dll
2009-11-05 00:01 . 2009-11-05 00:01 404652 ----a-w- c:\\windows\\victima.exe
2009-11-04 23:09 . 2009-11-04 23:09 -------- d-----w- C:\\Music
2009-11-04 23:06 . 2009-11-04 23:06 -------- d-----w- c:\\program files\\Sagasoft
2009-11-04 22:35 . 2009-11-04 22:53 -------- d-----w- C:\\My Music
2009-11-04 22:33 . 2009-11-04 22:52 5 ----a-w- c:\\windows\\system32\\SySMP3CutJoin.dat
2009-11-03 23:59 . 2009-11-03 23:59 -------- d-----w- c:\\program files\\AskBarDis
2009-11-02 19:57 . 2009-11-08 16:47 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\vlc
2009-10-29 18:49 . 2009-10-29 18:49 -------- d-----w- c:\\windows\\Sun
2009-10-28 16:03 . 2009-05-29 21:37 205824 ----a-w- c:\\windows\\system32\\xvidvfw.dll
2009-10-28 16:03 . 2009-05-29 21:31 881664 ----a-w- c:\\windows\\system32\\xvidcore.dll
2009-10-28 16:03 . 2004-01-25 16:18 217088 ----a-w- c:\\windows\\system32\\yv12vfw.dll
2009-10-28 16:03 . 2009-07-14 00:15 90112 ----a-w- c:\\windows\\system32\\dpl100.dll
2009-10-28 16:03 . 2009-07-14 00:15 685056 ----a-w- c:\\windows\\system32\\divx.dll
2009-10-28 16:03 . 2008-11-06 16:37 3596288 ----a-w- c:\\windows\\system32\\qt-dx331.dll
2009-10-28 16:03 . 2009-11-04 18:00 85504 ----a-w- c:\\windows\\system32\\ff_vfw.dll
2009-10-28 16:03 . 2009-11-06 14:22 -------- d-----w- c:\\program files\\K-Lite Codec Pack
2009-10-27 23:35 . 2009-10-27 23:35 152576 ----a-w- c:\\documents and settings\\HAMID\\Application Data\\Sun\\Java\\jre1.6.0_16\\lzma.dll
2009-10-24 12:29 . 2009-10-24 12:29 -------- d-----w- c:\\documents and settings\\NetworkService\\Local Settings\\Application Data\\Apple
2009-10-23 23:28 . 2009-10-23 23:28 69928 ---ha-w- c:\\windows\\system32\\mlfcache.dat
2009-10-23 23:15 . 2009-10-23 23:15 -------- d-----w- c:\\documents and settings\\HAMID\\Local Settings\\Application Data\\Apple Computer
2009-10-23 23:15 . 2009-10-23 23:15 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\Apple Computer
2009-10-23 23:14 . 2009-10-23 23:14 -------- d-----w- c:\\documents and settings\\HAMID\\Local Settings\\Application Data\\Apple
2009-10-21 23:59 . 2009-10-21 23:59 -------- d-----w- c:\\documents and settings\\Default User\\Local Settings\\Application Data\\Microsoft Help
2009-10-21 23:57 . 2009-10-21 23:57 -------- d-sh--w- c:\\documents and settings\\Default User\\IETldCache
2009-10-17 12:31 . 2009-10-17 12:34 -------- d-----w- c:\\windows\\system32\\Silabs
2009-10-17 12:31 . 2007-06-12 09:08 52944 ----a-w- c:\\windows\\system32\\drivers\\evserial.sys
2009-10-17 12:31 . 2007-06-12 09:08 26448 ----a-w- c:\\windows\\system32\\drivers\\evsbc.sys
2009-10-17 12:31 . 2007-05-29 09:38 18944 ----a-w- c:\\windows\\system32\\drivers\\SiLib.sys
2009-10-17 12:31 . 2007-05-29 09:38 14848 ----a-w- c:\\windows\\system32\\drivers\\SiUSBXp.sys
2009-10-14 10:14 . 2009-10-14 10:15 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\DriverCure
2009-10-14 10:14 . 2009-10-14 10:23 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\DriverCure
2009-10-14 10:14 . 2009-10-14 10:14 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\ParetoLogic
2009-10-13 23:53 . 2009-10-13 23:53 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\NCH Software
2009-10-13 14:45 . 2009-10-13 23:53 -------- d-----w- c:\\program files\\NCH Software
2009-10-13 14:43 . 2009-10-13 23:52 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\NCH Swift Sound
2009-10-13 14:43 . 2009-10-13 23:52 -------- d-----w- c:\\program files\\NCH Swift Sound
2009-10-13 14:43 . 2009-10-13 14:43 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\NCH Swift Sound
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\\windows\\ntdtcstp.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 22:27 . 2009-09-06 21:37 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\DMCache
2009-11-09 12:29 . 2009-09-08 23:48 -------- d---a-w- c:\\documents and settings\\All Users\\Application Data\\TEMP
2009-11-05 10:50 . 2009-09-08 14:13 411368 ----a-w- c:\\windows\\system32\\deploytk.dll
2009-11-04 00:14 . 2009-09-06 20:58 -------- d-----w- c:\\program files\\Foxit Software
2009-11-01 00:15 . 2009-09-08 16:14 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\IDM
2009-10-28 18:23 . 2009-09-06 20:39 -------- d-----w- c:\\program files\\Opera
2009-10-26 15:02 . 2009-09-06 22:03 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\Microsoft Help
2009-10-24 16:55 . 2009-09-06 21:19 -------- d-----w- c:\\program files\\Messenger Plus! Live
2009-10-17 00:06 . 2002-09-07 00:00 81386 ----a-w- c:\\windows\\system32\\perfc00C.dat
2009-10-17 00:06 . 2002-09-07 00:00 503210 ----a-w- c:\\windows\\system32\\perfh00C.dat
2009-10-12 23:00 . 2009-09-06 21:52 -------- d-----w- c:\\program files\\VIA
2009-10-06 22:23 . 2009-09-21 19:45 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\Thinstall
2009-10-06 19:59 . 2009-10-06 19:59 23600 ----a-w- c:\\windows\\system32\\drivers\\TVICHW32.SYS
2009-10-06 19:47 . 2009-10-06 19:47 -------- d-----w- c:\\program files\\Lavalys
2009-10-06 18:57 . 2009-10-06 18:46 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\ADPHONE
2009-10-05 16:01 . 2009-10-05 16:01 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\Foxit Software
2009-10-05 12:49 . 2009-09-27 10:52 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\dvdcss
2009-10-01 08:29 . 2009-10-02 11:14 195440 ------w- c:\\windows\\system32\\MpSigStub.exe
2009-09-27 23:03 . 2009-09-06 20:58 -------- d-----w- c:\\program files\\ma-config.com
2009-09-27 23:03 . 2009-09-06 20:58 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\ma-config.com
2009-09-27 20:54 . 2009-09-06 21:52 -------- d--h--w- c:\\program files\\InstallShield Installation Information
2009-09-27 20:54 . 2009-09-06 21:51 -------- d-----w- c:\\program files\\Fichiers communs\\InstallShield
2009-09-27 20:34 . 2009-09-27 20:34 -------- d-----w- c:\\program files\\Ontrack
2009-09-25 17:34 . 2009-09-25 12:52 52028 --sha-w- c:\\windows\\system32\\drivers\\fidbox.idx
2009-09-25 17:34 . 2009-09-25 12:52 4169760 --sha-w- c:\\windows\\system32\\drivers\\fidbox.dat
2009-09-24 22:39 . 2009-09-24 22:39 -------- d-----w- c:\\program files\\VeryPDF PDF2Word v3.0
2009-09-23 13:18 . 2009-09-06 20:16 90752 ----a-w- c:\\documents and settings\\HAMID\\Local Settings\\Application Data\\GDIPFONTCACHEV1.DAT
2009-09-23 10:38 . 2009-09-23 10:38 -------- d-----w- c:\\program files\\Reference Assemblies
2009-09-21 08:23 . 2009-09-21 08:23 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\Media Player Classic
2009-09-18 23:52 . 2009-09-06 21:22 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\Ashampoo
2009-09-18 23:50 . 2009-09-18 23:50 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\ashampoo
2009-09-18 23:49 . 2009-09-18 23:49 -------- d-----w- c:\\program files\\Ashampoo
2009-09-18 00:46 . 2009-09-08 16:14 -------- d-----w- c:\\program files\\Internet Download Manager
2009-09-15 16:41 . 2009-09-06 23:15 -------- d-----w- c:\\program files\\The KMPlayer FR
2009-09-15 11:41 . 2009-09-06 21:02 -------- d--h--w- c:\\program files\\Microsoft
2009-09-12 20:18 . 2009-09-12 20:18 -------- d-----w- c:\\documents and settings\\All Users\\Application Data\\LicomSystems
2009-09-12 00:55 . 2009-09-12 00:55 -------- d-----w- c:\\documents and settings\\HAMID\\Application Data\\VitySoft
2009-09-11 19:42 . 2009-09-06 21:35 -------- d-----w- c:\\program files\\Malwarebytes\' Anti-Malware
2009-09-11 15:54 . 2009-09-06 21:38 4045528 ----a-w- c:\\documents and settings\\All Users\\Application Data\\Malwarebytes\\Malwarebytes\' Anti-Malware\\mbam-setup.exe
2009-09-11 14:18 . 2004-08-03 22:54 136192 ----a-w- c:\\windows\\system32\\msv1_0.dll
2009-09-10 12:54 . 2009-09-06 21:35 38224 ----a-w- c:\\windows\\system32\\drivers\\mbamswissarmy.sys
2009-09-10 12:53 . 2009-09-06 21:35 19160 ----a-w- c:\\windows\\system32\\drivers\\mbam.sys
2009-09-09 20:17 . 2009-09-09 20:17 198064 ----a-w- c:\\documents and settings\\HAMID\\Application Data\\IDM\\idmmzcc3\\components\\idmmzcc.dll
2009-09-09 10:43 . 2009-09-09 09:52 210352 ----a-w- c:\\windows\\system32\\idmmbc.dll
2009-09-07 11:33 . 2009-09-06 19:45 86331 ----a-w- c:\\windows\\pchealth\\helpctr\\OfflineCache\\index.dat
2009-09-06 21:15 . 2009-09-06 21:15 0 ----a-w- c:\\windows\\nsreg.dat
2009-09-06 19:43 . 2009-09-06 19:43 21892 ----a-w- c:\\windows\\system32\\emptyregdb.dat
2009-09-04 21:04 . 2004-08-03 22:54 58880 ----a-w- c:\\windows\\system32\\msasn1.dll
2009-08-29 07:56 . 2004-08-03 22:54 916480 ----a-w- c:\\windows\\system32\\wininet.dll
2009-08-26 08:01 . 2004-08-03 22:54 247326 ----a-w- c:\\windows\\system32\\strmdll.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\\windows\\system32\\FM20.DLL
2009-08-16 15:08 . 2009-09-06 23:29 178176 ----a-w- c:\\windows\\system32\\unrar.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\\windows\\$hf_mig$\\KB951748\\SP3QFE\\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\\windows\\$hf_mig$\\KB951748\\SP3GDR\\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\\windows\\system32\\dllcache\\tcpip.sys
[-] 2008-06-20 . D03FEE7E9B9CF0A522619CEA2CD13C6B . 361600 . . [5.1.2600.5625] . . c:\\windows\\system32\\drivers\\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\\windows\\$NtServicePackUninstall$\\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\\windows\\$hf_mig$\\KB951748\\SP2QFE\\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\\windows\\ServicePackFiles\\i386\\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"victima\"=\"c:\\windows\\victima.exe\" [2009-11-05 404652]
\"HKCU\"=\"c:\\windows\\system32\\spynet\\server.exe\" [2006-06-14 495616]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre6\\bin\\jusched.exe\" [2009-11-05 149280]
\"Malwarebytes Anti-Malware (reboot)\"=\"c:\\program files\\Malwarebytes\' Anti-Malware\\mbam.exe\" [2009-09-10 1312080]
\"egui\"=\"c:\\program files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" [2009-03-19 2029640]
\"HKLM\"=\"c:\\windows\\system32\\spynet\\server.exe\" [2006-06-14 495616]

[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2008-04-14 15360]
\"DWQueuedReporting\"=\"c:\\progra~1\\FICHIE~1\\MICROS~1\\DW\\dwtrig20.exe\" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\Currentversion\\policies\\explorer\\Run]
\"Policies\"=\"c:\\windows\\system32\\spynet\\server.exe\" [2006-06-14 495616]

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\Currentversion\\policies\\explorer\\Run]
\"Policies\"=\"c:\\windows\\system32\\spynet\\server.exe\" [2006-06-14 495616]

[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK]
path=c:\\documents and settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK
backup=c:\\windows\\pss\\Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNKCommon Startup

[HKLM\\~\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d\'état de Canon LASER SHOT LBP-1120.LNK]
path=c:\\documents and settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Fenêtre d\'état de Canon LASER SHOT LBP-1120.LNK
backup=c:\\windows\\pss\\Fenêtre d\'état de Canon LASER SHOT LBP-1120.LNKCommon Startup

[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center]
\"FirewallOverride\"=dword:00000001

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"c:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\wlcsdk.exe\"=
\"c:\\\\Program Files\\\\Windows Live\\\\Messenger\\\\msnmsgr.exe\"=
\"c:\\\\Program Files\\\\Microsoft Office\\\\Office12\\\\OUTLOOK.EXE\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=
\"c:\\\\Program Files\\\\Java\\\\jre6\\\\launch4j-tmp\\\\frd.exe\"=
\"c:\\\\Program Files\\\\Internet Download Manager\\\\IDMan.exe\"=
\"c:\\\\Program Files\\\\eMule\\\\emule.exe\"=

R1 ehdrv;ehdrv;c:\\windows\\system32\\drivers\\ehdrv.sys [19/03/2009 11:44 107256]
R1 epfwtdir;epfwtdir;c:\\windows\\system32\\drivers\\epfwtdir.sys [19/03/2009 11:45 93848]
R2 ekrn;ESET Service;c:\\program files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe [19/03/2009 11:44 731840]
R2 MBAMService;MBAMService;c:\\program files\\Malwarebytes\' Anti-Malware\\mbamservice.exe [06/09/2009 22:35 269648]
R3 MBAMProtector;MBAMProtector;c:\\windows\\system32\\drivers\\mbam.sys [06/09/2009 22:35 19160]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\\windows\\system32\\drivers\\evsbc.sys [17/10/2009 13:31 26448]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\\windows\\system32\\drivers\\evserial.sys [17/10/2009 13:31 52944]
S3 maconfservice;Ma-Config Service;c:\\program files\\ma-config.com\\maconfservice.exe [23/09/2009 13:50 238960]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{C55F7F4B-72E0-633B-EB80-ACE94AD5071D}]
c:\\windows\\system32\\MSN.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{W1WPARC4-004B-H7G5-2072-81SD6ESF7BW5}]
c:\\windows\\system32\\spynet\\server.exe
.
Contenu du dossier \'Tâches planifiées\'
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xporter vers Microsoft Excel - c:\\progra~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\\program files\\Internet Download Manager\\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\\program files\\Internet Download Manager\\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\\program files\\Internet Download Manager\\IEGetAll.htm
LSP: c:\\windows\\system32\\idmmbc.dll
FF - ProfilePath - c:\\documents and settings\\HAMID\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\
FF - component: c:\\documents and settings\\HAMID\\Application Data\\IDM\\idmmzcc3\\components\\idmmzcc.dll
FF - plugin: c:\\program files\\K-Lite Codec Pack\\Real\\browser\\plugins\\nppl3260.dll
FF - plugin: c:\\program files\\K-Lite Codec Pack\\Real\\browser\\plugins\\nprpjplug.dll
FF - plugin: c:\\program files\\ma-config.com\\nphardwaredetection.dll
FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npFoxitReaderPlugin.dll
FF - plugin: c:\\program files\\Opera\\program\\plugins\\nppl3260.dll
FF - plugin: c:\\program files\\Opera\\program\\plugins\\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\\windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\DotNetAssistantExtension\\

---- PARAMETRES FIREFOX ----
c:\\program files\\Mozilla Firefox\\greprefs\\security-prefs.js - pref(\"security.ssl3.rsa_seed_sha\", true);
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 23:45
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d\'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\\S-1-5-21-1177238915-413027322-682003330-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{0BCC9025-B833-03B7-E3FB-C094479D518D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
\"iaibleohhoiknlpljf\"=hex:6b,61,6f,61,67,6f,64,65,67,6e,63,66,65,63,6c,63,69,63,
6e,67,6e,6e,00,00
\"haccbgbiemkfokcl\"=hex:6b,61,6f,61,6a,6f,65,63,6d,65,63,6f,64,66,6d,6d,65,64,
63,65,6e,61,00,00

[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{7000a1b2-4a76-48f5-980f-0c5ce09fbb2b}]
@Denied: (Full) (Everyone)
\"Model\"=dword:00000131
\"Therad\"=dword:00000001
\"MData\"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,27,85,0d,4c,f7,1b,0f,39,b7,e5,8b,3e,50,d9,1f,c5,ca,af,fd,d8,22,f3,\\

[HKEY_LOCAL_MACHINE\\software\\Classes\\CLSID\\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
\"scansk\"=hex(0):7c,39,53,5f,92,d6,d6,81,b4,e2,ce,ea,ff,b3,e9,6c,ef,fc,6e,b6,f4,
3c,e1,33,09,0c,a3,90,51,dd,6d,6b,1f,f3,c5,52,8a,d1,ae,79,00,00,00,00,00,00,\\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > \'lsass.exe\'(728)
c:\\windows\\system32\\idmmbc.dll

- - - - - - - > \'explorer.exe\'(3988)
c:\\windows\\system32\\eappprxy.dll
c:\\windows\\system32\\webcheck.dll
c:\\windows\\system32\\WPDShServiceObj.dll
c:\\windows\\system32\\PortableDeviceTypes.dll
c:\\windows\\system32\\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\\windows\\system32\\WgaTray.exe
c:\\windows\\system32\\dllhost.exe
c:\\program files\\Java\\jre6\\bin\\jqs.exe
c:\\program files\\Internet Explorer\\iexplore.exe
c:\\windows\\system32\\CAP3RSK.EXE
c:\\windows\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\CAP3SWK.EXE
c:\\windows\\system32\\dwwin.exe
.
**************************************************************************
.
Heure de fin: 2009-11-09 23:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-09 22:51

Avant-CF: 7 749 054 464 octets libres
Après-CF: 7 742 488 576 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS
[operating systems]
c:\\cmdcons\\BOOTSECT.DAT=\"Microsoft Windows Recovery Console\" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP Professionnel\" /noexecute=optin /fastdetect

- - End Of File - - 25978C0C007D453ABE1109098DADCD5E

Bonjour,

Peux tu faire un nouveau rapport RSIT, cette fois-ci ne poste que le rapport log.txt qui va apparaitre dans un fichier bloc-notes.

Bonjour,

Bonjour
un autre log RSIT :

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by HAMID at 2009-11-10 12:14:07
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (37%) free of 20 GB
Total RAM: 991 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:11, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\WINDOWS\\system32\\dllhost.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\WINDOWS\\system32\\CAP3RSK.EXE
C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\CAP3SWK.EXE
C:\\Program Files\\Opera\\opera.exe
C:\\Documents and Settings\\HAMID\\Bureau\\RSIT.exe
C:\\Program Files\\trend micro\\HAMID.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O4 - HKLM\\..\\Run: [egui] \"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice
O4 - HKLM\\..\\Run: [HKLM] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKCU\\..\\Run: [HKCU] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKLM\\..\\Policies\\Explorer\\Run: [Policies] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKCU\\..\\Policies\\Explorer\\Run: [Policies] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] \"c:\\PROGRA~1\\FICHIE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252268257859
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe

--
End of file - 5647 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll [2009-09-09 173488]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-11-05 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-11-05 73728]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"egui\"=C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe [2009-03-19 2029640]
\"HKLM\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2006-05-31 495616]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run]
\"Policies\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2006-05-31 495616]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"HKCU\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2006-05-31 495616]
\"ctfmon.exe\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run]
\"Policies\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2006-05-31 495616]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ADPHONE]
C:\\Program Files\\ADPHONE3\\ADPHONE.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AudioDeck]
C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe [2007-08-09 528384]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\CAP3ON]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3ONN.EXE [2002-07-29 22528]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HKCU]
C:\\WINDOWS\\system32\\spynet\\server.exe [2006-05-31 495616]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HKLM]
C:\\WINDOWS\\system32\\spynet\\server.exe [2006-05-31 495616]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IMJPMIG8.1]
C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes Anti-Malware (reboot)]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes\' Anti-Malware]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe [2009-09-10 420176]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSPY2002]
C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002A]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002ASync]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminator]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminatorUpdate]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-11-05 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessenger]
C:\\Program Files\\TTMessenger\\ttmessenger2.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessengerPDF]
C:\\Program Files\\TTMessenger\\spool\\PDFSaver.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\victima]
C:\\WINDOWS\\victima.exe [2009-11-05 404652]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTPreset]
C:\\WINDOWS\\system32\\VTPreset.exe [2004-02-24 45056]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d\'état de Canon LASER SHOT LBP-1120.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveTypeAutoRun\"=323
\"NoDriveAutoRun\"=67108863
\"HonorAutoRunSetting\"=1
\"NoDrives\"=0

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=
\"NoDriveAutoRun\"=
\"NoDriveTypeAutoRun\"=
\"NoDrives\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE\"=\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe\"=\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe:*:Enabled:Java(TM) Platform SE binary\"
\"C:\\Program Files\\Internet Download Manager\\IDMan.exe\"=\"C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM)\"
\"C:\\Program Files\\ma-config.com\\maconfservice.exe\"=\"C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

======List of files/folders created in the last 1 months======

2009-11-10 00:02:02 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Office Genuine Advantage
2009-11-10 00:01:59 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Windows Genuine Advantage
2009-11-09 23:51:36 ----A---- C:\\ComboFix.txt
2009-11-09 23:37:45 ----A---- C:\\Boot.bak
2009-11-09 23:37:41 ----RASHD---- C:\\cmdcons
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\zip.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWXCACLS.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWSC.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWREG.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\sed.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\PEV.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\NIRCMD.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\MBR.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\grep.exe
2009-11-09 23:34:48 ----D---- C:\\WINDOWS\\ERDNT
2009-11-09 23:34:47 ----D---- C:\\ComboFix
2009-11-09 23:33:56 ----D---- C:\\Qoobox
2009-11-09 18:47:46 ----A---- C:\\WINDOWS\\twmsico.dll
2009-11-09 17:22:52 ----D---- C:\\Program Files\\trend micro
2009-11-09 17:22:51 ----D---- C:\\rsit
2009-11-09 13:47:33 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ESET
2009-11-09 13:34:11 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files
2009-11-09 13:21:25 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-08 23:54:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab
2009-11-08 21:47:41 ----A---- C:\\UsbFix.txt
2009-11-08 21:27:59 ----D---- C:\\UsbFix
2009-11-08 18:01:02 ----D---- C:\\Program Files\\ESET
2009-11-07 23:51:02 ----A---- C:\\WINDOWS\\system32\\VB6FR.DLL
2009-11-07 23:51:01 ----D---- C:\\Program Files\\RapidLetters
2009-11-07 15:17:31 ----A---- C:\\WINDOWS\\system32\\hidserv.dll
2009-11-07 00:20:44 ----D---- C:\\Program Files\\eMule
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\java.exe
2009-11-05 01:01:00 ----A---- C:\\WINDOWS\\victima.exe
2009-11-05 00:09:32 ----D---- C:\\Music
2009-11-05 00:06:27 ----D---- C:\\Program Files\\Sagasoft
2009-11-04 23:35:45 ----A---- C:\\WINDOWS\\Mp3CutterJoiner.ini
2009-11-04 23:35:06 ----D---- C:\\My Music
2009-11-04 00:59:51 ----D---- C:\\Program Files\\AskBarDis
2009-11-02 20:57:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\vlc
2009-11-01 18:12:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Real
2009-10-29 19:49:09 ----D---- C:\\WINDOWS\\Sun
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\rmoc3260.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5032.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5016.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pncrt.dll
2009-10-28 17:03:57 ----A---- C:\\WINDOWS\\avisplitter.ini
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\yv12vfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidvfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidcore.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\qt-dx331.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\dpl100.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\divx.dll
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll
2009-10-28 17:03:51 ----D---- C:\\Program Files\\K-Lite Codec Pack
2009-10-24 00:15:16 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer
2009-10-17 13:31:59 ----D---- C:\\WINDOWS\\system32\\Silabs
2009-10-17 13:31:53 ----A---- C:\\WINDOWS\\system32\\InfUnltd.dll_tmp
2009-10-14 11:14:52 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DriverCure
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ParetoLogic
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\DriverCure
2009-10-14 00:53:26 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Software
2009-10-13 15:45:05 ----D---- C:\\Program Files\\NCH Software
2009-10-13 15:43:48 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Program Files\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\NCH Swift Sound

======List of files/folders modified in the last 1 months======

2009-11-10 12:14:03 ----D---- C:\\WINDOWS\\Temp
2009-11-10 12:10:41 ----D---- C:\\WINDOWS\\Registration
2009-11-10 00:28:35 ----D---- C:\\WINDOWS\\Prefetch
2009-11-10 00:06:20 ----RASH---- C:\\boot.ini
2009-11-10 00:06:20 ----A---- C:\\WINDOWS\\win.ini
2009-11-10 00:06:20 ----A---- C:\\WINDOWS\\system.ini
2009-11-10 00:04:21 ----D---- C:\\WINDOWS
2009-11-09 23:51:40 ----D---- C:\\WINDOWS\\system32\\drivers
2009-11-09 23:50:52 ----SD---- C:\\WINDOWS\\Tasks
2009-11-09 23:50:20 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-09 23:41:08 ----D---- C:\\WINDOWS\\system32
2009-11-09 23:41:08 ----D---- C:\\WINDOWS\\AppPatch
2009-11-09 23:41:05 ----D---- C:\\Program Files\\Fichiers communs
2009-11-09 23:27:59 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DMCache
2009-11-09 22:51:22 ----RD---- C:\\Program Files
2009-11-09 20:52:45 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-09 13:48:31 ----SHD---- C:\\WINDOWS\\Installer
2009-11-09 13:48:24 ----HD---- C:\\WINDOWS\\inf
2009-11-09 13:29:08 ----AD---- C:\\Documents and Settings\\All Users\\Application Data\\TEMP
2009-11-08 22:03:07 ----SHD---- C:\\RECYCLER
2009-11-08 18:01:04 ----SD---- C:\\WINDOWS\\Downloaded Program Files
2009-11-07 15:17:36 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-05 11:50:38 ----A---- C:\\WINDOWS\\system32\\deploytk.dll
2009-11-05 01:01:13 ----D---- C:\\WINDOWS\\ie8updates
2009-11-05 01:01:00 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-05 01:01:00 ----D---- C:\\WINDOWS\\system32\\CatRoot
2009-11-05 00:10:46 ----A---- C:\\WINDOWS\\powermp3cutterjoiner.ini
2009-11-04 01:14:28 ----D---- C:\\Program Files\\Foxit Software
2009-11-01 01:15:30 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\IDM
2009-10-28 19:23:28 ----D---- C:\\Program Files\\Opera
2009-10-26 16:02:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Microsoft Help
2009-10-24 18:14:24 ----D---- C:\\Program Files\\Fichiers communs\\Microsoft Shared
2009-10-24 18:14:22 ----D---- C:\\WINDOWS\\WinSxS
2009-10-24 17:55:33 ----D---- C:\\Program Files\\Messenger Plus! Live
2009-10-24 00:20:13 ----SD---- C:\\Documents and Settings\\HAMID\\Application Data\\Microsoft
2009-10-22 10:17:28 ----N---- C:\\WINDOWS\\system32\\mshtml.dll
2009-10-21 11:28:53 ----D---- C:\\WINDOWS\\Help
2009-10-17 13:02:55 ----D---- C:\\WINDOWS\\Microsoft.NET
2009-10-17 13:02:50 ----RSD---- C:\\WINDOWS\\assembly
2009-10-17 01:06:27 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-10-17 01:03:47 ----D---- C:\\Program Files\\Internet Explorer
2009-10-16 14:53:43 ----D---- C:\\WINDOWS\\Debug
2009-10-15 18:50:19 ----D---- C:\\WINDOWS\\system32\\wbem
2009-10-13 00:00:43 ----D---- C:\\Program Files\\VIA
2009-10-13 00:00:32 ----D---- C:\\WINDOWS\\system32\\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\\WINDOWS\\system32\\DRIVERS\\ehdrv.sys [2009-03-19 107256]
R1 epfwtdir;epfwtdir; C:\\WINDOWS\\system32\\DRIVERS\\epfwtdir.sys [2009-03-19 93848]
R1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2002-09-07 12032]
R2 eamon;eamon; C:\\WINDOWS\\system32\\DRIVERS\\eamon.sys [2009-03-19 113960]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5bv.sys [2009-06-16 46592]
R3 MBAMProtector;MBAMProtector; \\??\\C:\\WINDOWS\\system32\\drivers\\mbam.sys []
R3 mf;mf; C:\\WINDOWS\\system32\\DRIVERS\\mf.sys [2008-04-13 63744]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\\WINDOWS\\system32\\drivers\\msmpu401.sys [2001-08-17 2944]
R3 S3Psddr;S3Psddr; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC\'97 Audio Controller (WDM); C:\\WINDOWS\\system32\\drivers\\vinyl97.sys [2007-06-27 207488]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software); C:\\WINDOWS\\system32\\DRIVERS\\evsbc.sys [2007-06-12 26448]
R3 vusbbus;Virtual Usb Bus Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vusbbus.sys [2005-09-22 11520]
S1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
S3 catchme;catchme; \\??\\C:\\ComboFix\\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; \\??\\C:\\Program Files\\ma-config.com\\Drivers\\driverhardwarev2.sys []
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate); C:\\WINDOWS\\System32\\DRIVERS\\evserial.sys [2007-06-12 52944]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2001-08-23 12288]
S3 S3SavageNB;S3SavageNB; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\\WINDOWS\\system32\\DRIVERS\\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\\WINDOWS\\system32\\drivers\\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe [2009-03-19 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-11-05 153376]
R2 MBAMService;MBAMService; C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe [2009-09-10 269648]
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe [2009-03-19 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\\Program Files\\ma-config.com\\maconfservice.exe [2009-09-23 238960]
S3 odserv;Microsoft Office Diagnostics Service; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\OFFICE12\\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Source Engine\\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Bonjour,Hamid
un petit passage juste pour te saluer,ton pC est encore très infecté ,il y a encore du travail,malwarebleach va s\'en occuper dès que possible ,tu es entre de bonnes mains

Bonjour,

Je ne sais pas ce que tu fais avec ton ordinateur, mais j\'essaie de t\'aider à supprimer des infections et toi tu en installes d\'autres. On ne vas pas y arriver comme ça.

Je te demande de ne plus ouvrir et d\'utiliser MSN sans que je t\'ai donné mon accord. Avant de te déconnecter, change le mot de passe de ton compte. Merci de tenir compte de cet avertissement, c\'est pour le bien de ton ordinateur et de tes données.

Maintenant fais ceci stp :

• Télécharge OTM (OtmoveIT de Old_Timer) sur ton Bureau
  
• Double-clique sur OTM.exe pour le lancer.
  
• Assure toi que la case Unregister Dll\'s and Ocx\'s soit bien cochée.
  
• Copie la liste qui se trouve dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste List of Files/Folders to move.

• clique sur MoveIt! pour lancer la suppression.
  
• Le résultat apparaitra dans le cadre \"Results\".
  
• Clique sur Exit pour fermer.
  
• Poste le rapport situé dans C:\\_OTM\\MovedFiles.
  
• Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c\'est le cas accepte par Yes.

Une fois ce script exécuté, tu vas faire ceci :

• Télécharges RHosts (de SiRi)
  
  
• Double-cliques dessus pour l\'exécuter
  
  
• et cliques sur \" Restore original Hosts \"
  
  * ps : c\'est normal que rien ne se passe
  
  
• ensuite redémarre le pc
  

Dis moi si tu utilises Spy-net, ce logiciel est vecteur d\'infection et n\'apparaissait pas sur ton rapport RSIT précédent.

Dès que tu auras fais toutes ces manips, tu me fais un tout nouveau rapport RSIT et tu ne postes toujours que le rapport log.txt.

Bonne chasse.

Bonjour,
Bon, pour commencer sois sûr cher ami que je fais ce que tu me recommandes à la lettre, j\'ai changé le mot de pass de MSN, je ne l\'ouvre plus depuis hier,
Une chose à signaler c\'est que le lien de RHosts que tu m\'as donné ne s\'ouvre pas ...est-ce le cas pour toi aussi ???
En attendant je te poste le rapport OTM (après redémarrage)

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\victima\\ deleted successfully.
========== FILES ==========
C:\\WINDOWS\\victima.exe moved successfully.
C:\\Program Files\\AskBarDis\\bar\\Settings folder moved successfully.
C:\\Program Files\\AskBarDis\\bar\\bin folder moved successfully.
C:\\Program Files\\AskBarDis\\bar folder moved successfully.
C:\\Program Files\\AskBarDis folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
C:\\Documents and Settings\\Default User\\Local Settings\\Temporary Internet Files\\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 67 bytes

User: HAMID
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\+pPnW7whVL2FMESei8WlwTFNuxjw= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\1Nt12FIWgjy2dnVGScIlBLEi+GDc= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\2FvbM+7fRojLSSPjOvzcRoJXP0GQ= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\4DxlO2FS9OP57a4sgmwIM2779N+0= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\6flvrzB9KsLKOPoX59buS0AF8g0= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\9zaTh+7mPzjs870loc+rx8sAGcE= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\Abw82OUjszeiLob4mD8R1UrfHdc= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\DhzYNlJIhIlQxB2FkXy1Y3kV4g1g= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\gU1mWVRf2A2FLgLmmEUcZpz0sXr0= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\I+8QWolQyMjIB2qEMFAzxyvvzXM= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\kXIAjmW1tWJhHOp2FDHAIYgGeR08= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\OjsnqTwCIJWfCSQ3vj1wCUf9F00= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MessengerCache\\v5EesTKZy8ee5mpkay0Kxo9HXVc= deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\Generate Genuine Serial For WinXP.exe deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\IEWEB.abc deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MSN.abc deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\teste.txt deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\teste.vbs deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\UuU.uUu deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\XxX.xXx deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\xxxyyyzzz.dat deleted successfully.
->Temp folder emptied: 211284 bytes
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 147590 bytes
->Java cache emptied: 0 bytes
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\OfflineCache\\index.sqlite deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\urlclassifier3.sqlite deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\XPC.mfl deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\XUL.mfl deleted successfully.
->FireFox cache emptied: 40292900 bytes
C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer\\Safari\\Bookmarks.plist deleted successfully.
C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer\\Safari\\Form Values.plist deleted successfully.
C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer\\Safari\\LastSession.plist deleted successfully.
C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer\\Safari\\SearchProviders.plist.signed deleted successfully.
C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer\\Safari\\TopSites.plist deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Apple Computer\\Safari\\FontsList.plist deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Apple Computer\\Safari\\SafeBrowsing.db deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Apple Computer\\Safari\\WebpageIcons.db deleted successfully.
->Apple Safari cache emptied: 787447 bytes

User: LocalService
->Temp folder emptied: 0 bytes
C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini deleted successfully.
File delete failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat scheduled to be deleted on reboot.
C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
C:\\Documents and Settings\\NetworkService\\Local Settings\\Temporary Internet Files\\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\\System32 .tmp files removed: 0 bytes
C:\\WINDOWS\\temp\\WGAErrLog.txt deleted successfully.
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39,55 mb


OTM by OldTimer - Version 3.1.0.1 log created on 11102009_171958

Files moved on Reboot...

Registry entries deleted on Reboot...

Rapport RSIT :

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by HAMID at 2009-11-10 17:31:22
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (38%) free of 20 GB
Total RAM: 991 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:26, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\WINDOWS\\system32\\dllhost.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe
C:\\WINDOWS\\system32\\CAP3RSK.EXE
C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\CAP3SWK.EXE
C:\\Program Files\\Opera\\opera.exe
C:\\Documents and Settings\\HAMID\\Bureau\\RSIT.exe
C:\\Program Files\\trend micro\\HAMID.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O4 - HKLM\\..\\Run: [egui] \"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice
O4 - HKLM\\..\\Run: [HKLM] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [HKCU] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKLM\\..\\Policies\\Explorer\\Run: [Policies] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKCU\\..\\Policies\\Explorer\\Run: [Policies] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] \"c:\\PROGRA~1\\FICHIE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252268257859
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe

--
End of file - 5614 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll [2009-09-09 173488]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-11-05 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-11-05 73728]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"egui\"=C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe [2009-03-19 2029640]
\"HKLM\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run]
\"Policies\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]
\"HKCU\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run]
\"Policies\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ADPHONE]
C:\\Program Files\\ADPHONE3\\ADPHONE.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AudioDeck]
C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe [2007-08-09 528384]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\CAP3ON]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3ONN.EXE [2002-07-29 22528]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HKCU]
C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HKLM]
C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IMJPMIG8.1]
C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes Anti-Malware (reboot)]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes\' Anti-Malware]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe [2009-09-10 420176]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSPY2002]
C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002A]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002ASync]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminator]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminatorUpdate]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-11-05 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessenger]
C:\\Program Files\\TTMessenger\\ttmessenger2.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessengerPDF]
C:\\Program Files\\TTMessenger\\spool\\PDFSaver.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTPreset]
C:\\WINDOWS\\system32\\VTPreset.exe [2004-02-24 45056]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d\'état de Canon LASER SHOT LBP-1120.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveAutoRun\"=67108863
\"HonorAutoRunSetting\"=1
\"NoDrives\"=0

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=
\"NoDriveAutoRun\"=
\"NoDriveTypeAutoRun\"=
\"NoDrives\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE\"=\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe\"=\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe:*:Enabled:Java(TM) Platform SE binary\"
\"C:\\Program Files\\Internet Download Manager\\IDMan.exe\"=\"C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM)\"
\"C:\\Program Files\\ma-config.com\\maconfservice.exe\"=\"C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

======List of files/folders created in the last 1 months======

2009-11-10 17:19:58 ----D---- C:\\_OTM
2009-11-10 12:31:36 ----A---- C:\\WINDOWS\\msnfix.txt
2009-11-10 12:30:48 ----D---- C:\\Program Files\\MSNFix
2009-11-10 00:02:02 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Office Genuine Advantage
2009-11-10 00:01:59 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Windows Genuine Advantage
2009-11-09 23:51:36 ----A---- C:\\ComboFix.txt
2009-11-09 23:37:45 ----A---- C:\\Boot.bak
2009-11-09 23:37:41 ----RASHD---- C:\\cmdcons
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\zip.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWXCACLS.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWSC.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWREG.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\sed.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\PEV.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\NIRCMD.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\MBR.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\grep.exe
2009-11-09 23:34:48 ----D---- C:\\WINDOWS\\ERDNT
2009-11-09 23:34:47 ----D---- C:\\ComboFix
2009-11-09 23:33:56 ----D---- C:\\Qoobox
2009-11-09 18:47:46 ----A---- C:\\WINDOWS\\twmsico.dll
2009-11-09 17:22:52 ----D---- C:\\Program Files\\trend micro
2009-11-09 17:22:51 ----D---- C:\\rsit
2009-11-09 13:47:33 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ESET
2009-11-09 13:34:11 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files
2009-11-09 13:21:25 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-08 23:54:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab
2009-11-08 21:47:41 ----A---- C:\\UsbFix.txt
2009-11-08 21:27:59 ----D---- C:\\UsbFix
2009-11-08 18:01:02 ----D---- C:\\Program Files\\ESET
2009-11-07 23:51:02 ----A---- C:\\WINDOWS\\system32\\VB6FR.DLL
2009-11-07 23:51:01 ----D---- C:\\Program Files\\RapidLetters
2009-11-07 15:17:31 ----A---- C:\\WINDOWS\\system32\\hidserv.dll
2009-11-07 00:20:44 ----D---- C:\\Program Files\\eMule
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\java.exe
2009-11-05 00:09:32 ----D---- C:\\Music
2009-11-05 00:06:27 ----D---- C:\\Program Files\\Sagasoft
2009-11-04 23:35:45 ----A---- C:\\WINDOWS\\Mp3CutterJoiner.ini
2009-11-04 23:35:06 ----D---- C:\\My Music
2009-11-02 20:57:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\vlc
2009-11-01 18:12:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Real
2009-10-29 19:49:09 ----D---- C:\\WINDOWS\\Sun
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\rmoc3260.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5032.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5016.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pncrt.dll
2009-10-28 17:03:57 ----A---- C:\\WINDOWS\\avisplitter.ini
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\yv12vfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidvfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidcore.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\qt-dx331.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\dpl100.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\divx.dll
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll
2009-10-28 17:03:51 ----D---- C:\\Program Files\\K-Lite Codec Pack
2009-10-24 00:15:16 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer
2009-10-17 13:31:59 ----D---- C:\\WINDOWS\\system32\\Silabs
2009-10-17 13:31:53 ----A---- C:\\WINDOWS\\system32\\InfUnltd.dll_tmp
2009-10-14 11:14:52 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DriverCure
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ParetoLogic
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\DriverCure
2009-10-14 00:53:26 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Software
2009-10-13 15:45:05 ----D---- C:\\Program Files\\NCH Software
2009-10-13 15:43:48 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Program Files\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\NCH Swift Sound

======List of files/folders modified in the last 1 months======

2009-11-10 17:27:57 ----D---- C:\\WINDOWS\\Temp
2009-11-10 17:21:50 ----D---- C:\\WINDOWS
2009-11-10 17:21:43 ----D---- C:\\WINDOWS\\Registration
2009-11-10 17:19:59 ----RD---- C:\\Program Files
2009-11-10 17:08:43 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DMCache
2009-11-10 13:58:54 ----D---- C:\\WINDOWS\\Prefetch
2009-11-10 12:44:32 ----RASH---- C:\\boot.ini
2009-11-10 12:44:32 ----A---- C:\\WINDOWS\\win.ini
2009-11-10 12:44:32 ----A---- C:\\WINDOWS\\system.ini
2009-11-09 23:51:40 ----D---- C:\\WINDOWS\\system32\\drivers
2009-11-09 23:50:52 ----SD---- C:\\WINDOWS\\Tasks
2009-11-09 23:50:20 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-09 23:41:08 ----D---- C:\\WINDOWS\\system32
2009-11-09 23:41:08 ----D---- C:\\WINDOWS\\AppPatch
2009-11-09 23:41:05 ----D---- C:\\Program Files\\Fichiers communs
2009-11-09 20:52:45 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-09 13:48:31 ----SHD---- C:\\WINDOWS\\Installer
2009-11-09 13:48:24 ----HD---- C:\\WINDOWS\\inf
2009-11-09 13:29:08 ----AD---- C:\\Documents and Settings\\All Users\\Application Data\\TEMP
2009-11-08 22:03:07 ----SHD---- C:\\RECYCLER
2009-11-08 18:01:04 ----SD---- C:\\WINDOWS\\Downloaded Program Files
2009-11-07 15:17:36 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-05 11:50:38 ----A---- C:\\WINDOWS\\system32\\deploytk.dll
2009-11-05 01:01:13 ----D---- C:\\WINDOWS\\ie8updates
2009-11-05 01:01:00 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-05 01:01:00 ----D---- C:\\WINDOWS\\system32\\CatRoot
2009-11-05 00:10:46 ----A---- C:\\WINDOWS\\powermp3cutterjoiner.ini
2009-11-04 01:14:28 ----D---- C:\\Program Files\\Foxit Software
2009-11-01 01:15:30 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\IDM
2009-10-28 19:23:28 ----D---- C:\\Program Files\\Opera
2009-10-26 16:02:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Microsoft Help
2009-10-24 18:14:24 ----D---- C:\\Program Files\\Fichiers communs\\Microsoft Shared
2009-10-24 18:14:22 ----D---- C:\\WINDOWS\\WinSxS
2009-10-24 17:55:33 ----D---- C:\\Program Files\\Messenger Plus! Live
2009-10-24 00:20:13 ----SD---- C:\\Documents and Settings\\HAMID\\Application Data\\Microsoft
2009-10-22 10:17:28 ----N---- C:\\WINDOWS\\system32\\mshtml.dll
2009-10-21 11:28:53 ----D---- C:\\WINDOWS\\Help
2009-10-17 13:02:55 ----D---- C:\\WINDOWS\\Microsoft.NET
2009-10-17 13:02:50 ----RSD---- C:\\WINDOWS\\assembly
2009-10-17 01:06:27 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-10-17 01:03:47 ----D---- C:\\Program Files\\Internet Explorer
2009-10-16 14:53:43 ----D---- C:\\WINDOWS\\Debug
2009-10-15 18:50:19 ----D---- C:\\WINDOWS\\system32\\wbem
2009-10-13 00:00:43 ----D---- C:\\Program Files\\VIA
2009-10-13 00:00:32 ----D---- C:\\WINDOWS\\system32\\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\\WINDOWS\\system32\\DRIVERS\\ehdrv.sys [2009-03-19 107256]
R1 epfwtdir;epfwtdir; C:\\WINDOWS\\system32\\DRIVERS\\epfwtdir.sys [2009-03-19 93848]
R1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2002-09-07 12032]
R2 eamon;eamon; C:\\WINDOWS\\system32\\DRIVERS\\eamon.sys [2009-03-19 113960]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5bv.sys [2009-06-16 46592]
R3 MBAMProtector;MBAMProtector; \\??\\C:\\WINDOWS\\system32\\drivers\\mbam.sys []
R3 mf;mf; C:\\WINDOWS\\system32\\DRIVERS\\mf.sys [2008-04-13 63744]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\\WINDOWS\\system32\\drivers\\msmpu401.sys [2001-08-17 2944]
R3 S3Psddr;S3Psddr; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC\'97 Audio Controller (WDM); C:\\WINDOWS\\system32\\drivers\\vinyl97.sys [2007-06-27 207488]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software); C:\\WINDOWS\\system32\\DRIVERS\\evsbc.sys [2007-06-12 26448]
R3 vusbbus;Virtual Usb Bus Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vusbbus.sys [2005-09-22 11520]
S1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
S3 catchme;catchme; \\??\\C:\\ComboFix\\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; \\??\\C:\\Program Files\\ma-config.com\\Drivers\\driverhardwarev2.sys []
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate); C:\\WINDOWS\\System32\\DRIVERS\\evserial.sys [2007-06-12 52944]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2001-08-23 12288]
S3 S3SavageNB;S3SavageNB; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\\WINDOWS\\system32\\DRIVERS\\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\\WINDOWS\\system32\\drivers\\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe [2009-03-19 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-11-05 153376]
R2 MBAMService;MBAMService; C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe [2009-09-10 269648]
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe [2009-03-19 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\\Program Files\\ma-config.com\\maconfservice.exe [2009-09-23 238960]
S3 odserv;Microsoft Office Diagnostics Service; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\OFFICE12\\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Source Engine\\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Pour spy-net je ne l\'utilise pas et je ne sais même pas ce que c\'est.

Merci à toi et à jllg pour ton passage.

Bonjour,


Pour Rhosts, mon lien marche très bien, je te donne le lien de téléchargement direct de Rhosts : siri.urz.free.fr/Softs/RHosts.exe

Applique donc Rhosts redémarre ton pc et fais un nouveau RSIT.

Je dois m\'absenter, à mon retour je te donnerai un nouveau script de suppression OTM, pour virer server.exe (une infection par un trojan.backdoor finalement).

Bonjour,

Voilà après plusieurs tentatives, impossible de lancer le téléchargement de ce fichier RHosts.exe, je ne sais pour quelle raison.

bonsoir

pour avancer malwarebleach, essaie de télécharger un équivalent

• Télécharge MyHosts.exe (de jeanmimigab) sur ton bureau.
  
  
• Fais un double clic sur l\'icône du programme pour le lancer.
  
  
• Poste le contenu du rapport qui s\'ouvre.
  
  
• Si aucun rapport ne s\'ouvre, tu peux le retrouver à l\'emplacement suivant : C:\\MyHosts.txt
  
  
• poste ensuite le RSIT comme demandé

Salut jllg,

Merci pour le coup de main , attendons les rapports pour voir ce qu\'il en est

Bonjour,

** Rapport MyHosts.txt **

MyHosts V.1.0.0.0 de jeanmimigab

Merci à la team MH et à Batch_man pour leurs aides

Résultat de l\'opération:

/!\\ Le fichier hosts n\'a pas été restauré... /!\\


** Informations **

si vous êtes Sous Vista/Seven MyHosts ne fonctionne pas
sous un compte limité.

Relancer MyHosts depuis un compte ayant des droits administrateurs.


** Fin du rapport **

2/ Rapport RSIT

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by HAMID at 2009-11-10 21:01:41
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (38%) free of 20 GB
Total RAM: 991 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:45, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\WINDOWS\\system32\\dllhost.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe
C:\\WINDOWS\\system32\\CAP3RSK.EXE
C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\CAP3SWK.EXE
C:\\Program Files\\Opera\\opera.exe
C:\\Program Files\\Internet Download Manager\\IEMonitor.exe
C:\\Program Files\\Internet Download Manager\\IDMan.exe
C:\\WINDOWS\\system32\\notepad.exe
C:\\Documents and Settings\\HAMID\\Bureau\\RSIT.exe
C:\\Program Files\\trend micro\\HAMID.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O4 - HKLM\\..\\Run: [egui] \"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice
O4 - HKLM\\..\\Run: [HKLM] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [HKCU] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKLM\\..\\Policies\\Explorer\\Run: [Policies] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKCU\\..\\Policies\\Explorer\\Run: [Policies] C:\\WINDOWS\\system32\\spynet\\server.exe
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] \"c:\\PROGRA~1\\FICHIE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252268257859
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe

--
End of file - 5759 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll [2009-09-09 173488]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-11-05 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-11-05 73728]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"egui\"=C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe [2009-03-19 2029640]
\"HKLM\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run]
\"Policies\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]
\"HKCU\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run]
\"Policies\"=C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ADPHONE]
C:\\Program Files\\ADPHONE3\\ADPHONE.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AudioDeck]
C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe [2007-08-09 528384]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\CAP3ON]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3ONN.EXE [2002-07-29 22528]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HKCU]
C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HKLM]
C:\\WINDOWS\\system32\\spynet\\server.exe [2005-11-19 495616]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IMJPMIG8.1]
C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes Anti-Malware (reboot)]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes\' Anti-Malware]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe [2009-09-10 420176]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSPY2002]
C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002A]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002ASync]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminator]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminatorUpdate]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-11-05 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessenger]
C:\\Program Files\\TTMessenger\\ttmessenger2.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessengerPDF]
C:\\Program Files\\TTMessenger\\spool\\PDFSaver.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTPreset]
C:\\WINDOWS\\system32\\VTPreset.exe [2004-02-24 45056]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d\'état de Canon LASER SHOT LBP-1120.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveAutoRun\"=67108863
\"HonorAutoRunSetting\"=1
\"NoDrives\"=0

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=
\"NoDriveAutoRun\"=
\"NoDriveTypeAutoRun\"=
\"NoDrives\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE\"=\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe\"=\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe:*:Enabled:Java(TM) Platform SE binary\"
\"C:\\Program Files\\Internet Download Manager\\IDMan.exe\"=\"C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM)\"
\"C:\\Program Files\\ma-config.com\\maconfservice.exe\"=\"C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

======List of files/folders created in the last 1 months======

2009-11-10 21:00:54 ----A---- C:\\MyHosts.txt
2009-11-10 17:19:58 ----D---- C:\\_OTM
2009-11-10 12:31:36 ----A---- C:\\WINDOWS\\msnfix.txt
2009-11-10 12:30:48 ----D---- C:\\Program Files\\MSNFix
2009-11-10 00:02:02 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Office Genuine Advantage
2009-11-10 00:01:59 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Windows Genuine Advantage
2009-11-09 23:51:36 ----A---- C:\\ComboFix.txt
2009-11-09 23:37:45 ----A---- C:\\Boot.bak
2009-11-09 23:37:41 ----RASHD---- C:\\cmdcons
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\zip.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWXCACLS.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWSC.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWREG.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\sed.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\PEV.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\NIRCMD.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\MBR.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\grep.exe
2009-11-09 23:34:48 ----D---- C:\\WINDOWS\\ERDNT
2009-11-09 23:34:47 ----D---- C:\\ComboFix
2009-11-09 23:33:56 ----D---- C:\\Qoobox
2009-11-09 18:47:46 ----A---- C:\\WINDOWS\\twmsico.dll
2009-11-09 17:22:52 ----D---- C:\\Program Files\\trend micro
2009-11-09 17:22:51 ----D---- C:\\rsit
2009-11-09 13:47:33 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ESET
2009-11-09 13:34:11 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files
2009-11-09 13:21:25 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-08 23:54:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab
2009-11-08 21:47:41 ----A---- C:\\UsbFix.txt
2009-11-08 21:27:59 ----D---- C:\\UsbFix
2009-11-08 18:01:02 ----D---- C:\\Program Files\\ESET
2009-11-07 23:51:02 ----A---- C:\\WINDOWS\\system32\\VB6FR.DLL
2009-11-07 23:51:01 ----D---- C:\\Program Files\\RapidLetters
2009-11-07 15:17:31 ----A---- C:\\WINDOWS\\system32\\hidserv.dll
2009-11-07 00:20:44 ----D---- C:\\Program Files\\eMule
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\java.exe
2009-11-05 00:09:32 ----D---- C:\\Music
2009-11-05 00:06:27 ----D---- C:\\Program Files\\Sagasoft
2009-11-04 23:35:45 ----A---- C:\\WINDOWS\\Mp3CutterJoiner.ini
2009-11-04 23:35:06 ----D---- C:\\My Music
2009-11-02 20:57:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\vlc
2009-11-01 18:12:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Real
2009-10-29 19:49:09 ----D---- C:\\WINDOWS\\Sun
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\rmoc3260.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5032.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5016.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pncrt.dll
2009-10-28 17:03:57 ----A---- C:\\WINDOWS\\avisplitter.ini
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\yv12vfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidvfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidcore.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\qt-dx331.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\dpl100.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\divx.dll
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll
2009-10-28 17:03:51 ----D---- C:\\Program Files\\K-Lite Codec Pack
2009-10-24 00:15:16 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer
2009-10-17 13:31:59 ----D---- C:\\WINDOWS\\system32\\Silabs
2009-10-17 13:31:53 ----A---- C:\\WINDOWS\\system32\\InfUnltd.dll_tmp
2009-10-14 11:14:52 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DriverCure
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ParetoLogic
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\DriverCure
2009-10-14 00:53:26 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Software
2009-10-13 15:45:05 ----D---- C:\\Program Files\\NCH Software
2009-10-13 15:43:48 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Program Files\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\NCH Swift Sound

======List of files/folders modified in the last 1 months======

2009-11-10 21:01:42 ----D---- C:\\WINDOWS\\Temp
2009-11-10 21:01:03 ----D---- C:\\WINDOWS\\Prefetch
2009-11-10 18:38:44 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-10 18:24:10 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DMCache
2009-11-10 17:21:50 ----D---- C:\\WINDOWS
2009-11-10 17:21:43 ----D---- C:\\WINDOWS\\Registration
2009-11-10 17:19:59 ----RD---- C:\\Program Files
2009-11-10 12:44:32 ----RASH---- C:\\boot.ini
2009-11-10 12:44:32 ----A---- C:\\WINDOWS\\win.ini
2009-11-10 12:44:32 ----A---- C:\\WINDOWS\\system.ini
2009-11-09 23:51:40 ----D---- C:\\WINDOWS\\system32\\drivers
2009-11-09 23:50:52 ----SD---- C:\\WINDOWS\\Tasks
2009-11-09 23:50:20 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-09 23:41:08 ----D---- C:\\WINDOWS\\system32
2009-11-09 23:41:08 ----D---- C:\\WINDOWS\\AppPatch
2009-11-09 23:41:05 ----D---- C:\\Program Files\\Fichiers communs
2009-11-09 13:48:31 ----SHD---- C:\\WINDOWS\\Installer
2009-11-09 13:48:24 ----HD---- C:\\WINDOWS\\inf
2009-11-09 13:29:08 ----AD---- C:\\Documents and Settings\\All Users\\Application Data\\TEMP
2009-11-08 22:03:07 ----SHD---- C:\\RECYCLER
2009-11-08 18:01:04 ----SD---- C:\\WINDOWS\\Downloaded Program Files
2009-11-07 15:17:36 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-05 11:50:38 ----A---- C:\\WINDOWS\\system32\\deploytk.dll
2009-11-05 01:01:13 ----D---- C:\\WINDOWS\\ie8updates
2009-11-05 01:01:00 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-05 01:01:00 ----D---- C:\\WINDOWS\\system32\\CatRoot
2009-11-05 00:10:46 ----A---- C:\\WINDOWS\\powermp3cutterjoiner.ini
2009-11-04 01:14:28 ----D---- C:\\Program Files\\Foxit Software
2009-11-01 01:15:30 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\IDM
2009-10-28 19:23:28 ----D---- C:\\Program Files\\Opera
2009-10-26 16:02:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Microsoft Help
2009-10-24 18:14:24 ----D---- C:\\Program Files\\Fichiers communs\\Microsoft Shared
2009-10-24 18:14:22 ----D---- C:\\WINDOWS\\WinSxS
2009-10-24 17:55:33 ----D---- C:\\Program Files\\Messenger Plus! Live
2009-10-24 00:20:13 ----SD---- C:\\Documents and Settings\\HAMID\\Application Data\\Microsoft
2009-10-22 10:17:28 ----N---- C:\\WINDOWS\\system32\\mshtml.dll
2009-10-21 11:28:53 ----D---- C:\\WINDOWS\\Help
2009-10-17 13:02:55 ----D---- C:\\WINDOWS\\Microsoft.NET
2009-10-17 13:02:50 ----RSD---- C:\\WINDOWS\\assembly
2009-10-17 01:06:27 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-10-17 01:03:47 ----D---- C:\\Program Files\\Internet Explorer
2009-10-16 14:53:43 ----D---- C:\\WINDOWS\\Debug
2009-10-15 18:50:19 ----D---- C:\\WINDOWS\\system32\\wbem
2009-10-13 00:00:43 ----D---- C:\\Program Files\\VIA
2009-10-13 00:00:32 ----D---- C:\\WINDOWS\\system32\\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\\WINDOWS\\system32\\DRIVERS\\ehdrv.sys [2009-03-19 107256]
R1 epfwtdir;epfwtdir; C:\\WINDOWS\\system32\\DRIVERS\\epfwtdir.sys [2009-03-19 93848]
R1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2002-09-07 12032]
R2 eamon;eamon; C:\\WINDOWS\\system32\\DRIVERS\\eamon.sys [2009-03-19 113960]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5bv.sys [2009-06-16 46592]
R3 MBAMProtector;MBAMProtector; \\??\\C:\\WINDOWS\\system32\\drivers\\mbam.sys []
R3 mf;mf; C:\\WINDOWS\\system32\\DRIVERS\\mf.sys [2008-04-13 63744]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\\WINDOWS\\system32\\drivers\\msmpu401.sys [2001-08-17 2944]
R3 S3Psddr;S3Psddr; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC\'97 Audio Controller (WDM); C:\\WINDOWS\\system32\\drivers\\vinyl97.sys [2007-06-27 207488]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software); C:\\WINDOWS\\system32\\DRIVERS\\evsbc.sys [2007-06-12 26448]
R3 vusbbus;Virtual Usb Bus Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vusbbus.sys [2005-09-22 11520]
S1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
S3 catchme;catchme; \\??\\C:\\ComboFix\\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; \\??\\C:\\Program Files\\ma-config.com\\Drivers\\driverhardwarev2.sys []
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate); C:\\WINDOWS\\System32\\DRIVERS\\evserial.sys [2007-06-12 52944]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2001-08-23 12288]
S3 S3SavageNB;S3SavageNB; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\\WINDOWS\\system32\\DRIVERS\\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\\WINDOWS\\system32\\drivers\\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe [2009-03-19 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-11-05 153376]
R2 MBAMService;MBAMService; C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe [2009-09-10 269648]
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe [2009-03-19 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\\Program Files\\ma-config.com\\maconfservice.exe [2009-09-23 238960]
S3 odserv;Microsoft Office Diagnostics Service; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\OFFICE12\\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Source Engine\\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Bonjour,

un coup pour rien

hamid es tu sur d\'attendre assez longtemps lorsque tu essaie de télécharger Rhost.exe ? la fenêtre de téléchargement est parfois longue à s\'afficher (je l\'ai constaté)

Bonjour,

Pas la peine jllg de chercher absolument à remettre le fichier hosts en ordre de marche, les lignes 01 sont légitimes en fin de compte. J\'ai affiné mes recherches.

La DNS pointe vers \"The Planet Internet Services\", les recherches qui seront effectuées via MSN seront redirigées vers ce serveur. Rien de bien méchant.

On va juste les fixer en fin de désinfection, la clé de registre attenante du coup va sauter.

On va don continuer la suppression des programmes malicieux de ton ordinateur, toujours avec OTM, je te prépare le script et t\'envoie le tout dans quelques minutes.

Bonjour,

OK

Bonjour,

le script est prêt, suis ces recommandations comme tout à l\'heure :

• Double-clique sur OTM.exe pour le lancer.
  
• Assure toi que la case Unregister Dll\'s and Ocx\'s soit bien cochée.
  
• Copie la liste qui se trouve dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste List of Files/Folders to move.
  
  
  
  
  :Reg
  [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run]
  \"Policies\"=-
  [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
  \"HKCU\"=-
  [-HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HKCU]
  [-HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HKLM]
  
  :files
  C:\\WINDOWS\\system32\\spynet
  
  :commands
  [emptytemp]
  [start explorer]
  [reboot]
  
  
  
• clique sur MoveIt! pour lancer la suppression.
  
• Le résultat apparaitra dans le cadre \"Results\".
  
• Clique sur Exit pour fermer.
  
• Poste le rapport situé dans C:\\_OTM\\MovedFiles.
  
• Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c\'est le cas accepte par Yes.

Au redémarrage poste le rapport de suppression d\'OTM.

Ensuite fais un nouveau scan avec malwarebytes et postes aussi le rapport et à la suite un nouveau rapport RSIT de vérification.

Je t\'ennuie avec mes rapports, mais c\'est le seul lien que j\'ai avec toi pour vérifier que le travail demandé est efficace, je n\'ai pas ton ordinateur en face de moi

Bonjour,

Bonjour,

Rapport OTM :
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\\\Policies deleted successfully.
Registry value HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\\\HKCU deleted successfully.
Registry key HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HKCU\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\HKLM\\ deleted successfully.
========== FILES ==========
C:\\WINDOWS\\system32\\spynet folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HAMID
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\F08.tmp\\MyHosts.bat deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\IEWEB.abc deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\MSN.abc deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\UuU.uUu deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\XxX.xXx deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temp\\xxxyyyzzz.dat deleted successfully.
->Temp folder emptied: 2019 bytes
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\1[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\290434972[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\321oc[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\345058221[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\3[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\48818433[1].png deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\49677705[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\ads[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\ads[2].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\ads[3].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\ads[4].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\avislamic[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\background_gradient[1] deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\bbalakamora[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\b_bg[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\demo2uj5[1][1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\desktop.ini deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\desosama1[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\disk081nk8[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\exit[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\fasile[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\favicon[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum102[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum107[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum123[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum139[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum143[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum144[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum152[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum160[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum167[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum16[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum184[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum185[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum186[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum194[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum195[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum227[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum229[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum230[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum233[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum236[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum241[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum245[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum65[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum6[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum82[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\forum83[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\fouad_strem[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\f[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\f[2].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\f[3].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\f[4].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\graphics[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\hd_right[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\httpErrorPagesScripts[1] deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\icons_icon_group[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\icon_delete_reply[2].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\icon_email[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\icon_expand[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\icon_folder[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\icon_folder_new_locked[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\icon_go_right[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\icon_ip[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\icon_posticon[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\icon_star_green[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\index2[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\js[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\kaon123[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\kiufgcgjq[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\logobm7[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\sat_us_pn[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\screensmall[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\search[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\SendSpace[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\style2[1].css deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\style[1].css deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\taheyatayeba[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\uploadedto[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\ZCXP8SEI\\wx[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\02oz5[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\1053862532[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\1241707082441[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\2v3hu8n[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\35664[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\5[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\60602770[2].png deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\6bb33494d4tv1[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\6[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\881809738[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\ads[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\ads[2].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\aff[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\archive[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\basic_340_forums[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\basic_340_topic[2].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\basic_63_include_box_Symbol[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\BM-500[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\complete[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\custom-disabled-linking-img[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\desktop.ini deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\details[2].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\errorPageStrings[1] deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\expansion_embed[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\favicon[1].ico deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\FlyUpload[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum109[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum121[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum12[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum136[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum141[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum145[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum147[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum155[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum164[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum175[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum176[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum190[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum192[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum1[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum217[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum21[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum234[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum235[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum240[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum248[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum250[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum27[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum33[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum36[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum42[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forum44[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\forumslist_1_1_406643_267[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\f[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\f[2].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\ga[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\hd_left[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\hd_top[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\help[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\icon01[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\icon_blank[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\icon_folder_hot[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\icon_folder_locked[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\icon_go_down[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\icon_go_up[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\icon_pencil[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\icon_star_red[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\icon_subscribe[2].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\MegaUpload[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\members[2].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\new3b[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\noConnect[1] deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\pfeil[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\shrta.com-6fc5e106b6[1].png deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\spook36x[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\startimes2ca0[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\status[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\styles[1].css deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\tel_fiche_pres_bloc_bouton_tel[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\test_domain[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\tools[1] deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\toptopic[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\8063UWSU\\urchin[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\1[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\203447222[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\2205318885_1[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\2[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\55889739[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\6163d80a40d5[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\abg-en-100c-000000[1].png deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\active[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\ads[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\asdasdapm[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\Badongo[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\ball[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\basic_143_lang_editor_ar[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\basic_340_notice[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\basic_63_include_box_Page[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\bm150fta[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\click[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\count_js[1].php deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\css[1].css deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\desktop.ini deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\dnserror[1] deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\down[1] deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\envelope[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\final_10[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\firmo[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\flebg6[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum122[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum137[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum140[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum150[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum151[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum153[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum15[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum163[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum174[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum17[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum183[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum187[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum18[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum19[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum211[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum213[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum215[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum216[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum221[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum226[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum228[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum243[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum29[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum37[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum38[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum4[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum5[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum7[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forum96[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\forumslist_1_0_0_267[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\free[1].png deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\f[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\f[2].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\f_bg[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\home[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\icon_contract[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\icon_folder_new_hot[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\icon_folder_new_topic[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\icon_group[2].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\icon_profile[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\icon_reply_topic[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\icon_send_topic[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\icon_single[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\imgad[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\logo[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\maflheur[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\monitor[2].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\pattern3p[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\render_ads[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\rslogo[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\startimes_forums2[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\starttimes4be[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\style[1].css deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\survey[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\77MM0LIF\\tr_back[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\01pu6[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\09b686f45564[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\157dc77d9925fcaddac4a24[1].png deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\2de1930e106e[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\2[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\3[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\6584329401jm9[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\abg-en-100c-ffffff[1].png deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\abg-es-100c-000000[1].png deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\ads[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\Algerie-2[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\basic_143_lang_ar[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\basic_23_ar_classic[1].css deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\basic_340_forum[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\basic_340_main[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\basic_63_editor[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\basic_63_include_box_Table[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\bg_green[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\bm-1000fta__DIGI-ENTV_08.09.2009_by%20SELLALI_ARKIM[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\BM-1100[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\BM-8300[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\btnabout[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\btnupload[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\button_login[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\chat[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\DepositFiles[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\desktop.ini deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\EasyShare[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\ErrorPageTemplate[1] deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\favcenter[1] deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum14[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum154[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum161[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum162[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum165[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum166[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum188[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum189[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum191[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum193[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum204[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum214[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum219[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum249[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum34[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum35[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum3[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum40[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum47[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum48[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum56[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum58[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum81[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum90[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum94[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum95[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\forum98[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\f[1].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\f[3].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\f[4].htm deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\gas[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\h_bg[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\icon02[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\icon_folder_new[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\icon_go_left[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\icon_print[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\image001xmx[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\images[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\king2sp8sa1[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\menu_bg[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\NetLoad[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\new2[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\online[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\RapidShare[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\sexychazy1[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\show_ads[1].js deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\ssd[1].png deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\Success[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\World[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\y1anvddobz1xvh2trsujhjw[1].jpg deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\yourposts[2].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\2EWN97N5\\yourtopics[1].gif deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Temporary Internet Files\\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 3420104 bytes
->Java cache emptied: 0 bytes
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\Cache\\_CACHE_001_ deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\Cache\\_CACHE_002_ deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\Cache\\_CACHE_003_ deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\Cache\\_CACHE_MAP_ deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\urlclassifier3.sqlite deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\XPC.mfl deleted successfully.
C:\\Documents and Settings\\HAMID\\Local Settings\\Application Data\\Mozilla\\Firefox\\Profiles\\3pe6to5i.default\\XUL.mfl deleted successfully.
->FireFox cache emptied: 2830805 bytes
->Apple Safari cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\QWHC0KSL\\desktop.ini deleted successfully.
C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\JOBQP2U3\\desktop.ini deleted successfully.
C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\I4HSGXYB\\desktop.ini deleted successfully.
C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\HIQFCJCQ\\desktop.ini deleted successfully.
C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\desktop.ini deleted successfully.
File delete failed. C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\Content.IE5\\index.dat scheduled to be deleted on reboot.
C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files\\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\\System32 .tmp files removed: 0 bytes
C:\\WINDOWS\\temp\\WGAErrLog.txt deleted successfully.
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,00 mb


OTM by OldTimer - Version 3.1.0.1 log created on 11102009_214136

Files moved on Reboot...

Registry entries deleted on Reboot...

2/ Rapport Malwarbyte

Malwarebytes\' Anti-Malware 1.41
Version de la base de données: 3137
Windows 5.1.2600 Service Pack 3

10/11/2009 21:50:02
mbam-log-2009-11-10 (21-50-02).txt

Type de recherche: Examen rapide
Eléments examinés: 95514
Temps écoulé: 3 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{w1wparc4-004b-h7g5-2072-81sd6esf7bw5} (Generic.Bot.H) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\policies (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\hklm (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\\Documents and Settings\\HAMID\\Application Data\\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

3/ Rapport RSIT

Logfile of random\'s system information tool 1.06 (written by random/random)
Run by HAMID at 2009-11-10 21:52:48
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (38%) free of 20 GB
Total RAM: 991 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:59, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\WINDOWS\\system32\\dllhost.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\WINDOWS\\system32\\CAP3RSK.EXE
C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\CAP3SWK.EXE
C:\\Documents and Settings\\HAMID\\Bureau\\RSIT.exe
C:\\Program Files\\trend micro\\HAMID.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O4 - HKLM\\..\\Run: [egui] \"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice
O4 - HKLM\\..\\Run: [Malwarebytes Anti-Malware (reboot)] \"C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe\" /runcleanupscript
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] \"c:\\PROGRA~1\\FICHIE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252268257859
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe

--
End of file - 5393 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll [2009-09-09 173488]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d\'aide de l\'Assistant de connexion Windows Live - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll [2009-11-05 41760]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll [2009-11-05 73728]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"egui\"=C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe [2009-03-19 2029640]
\"Malwarebytes Anti-Malware (reboot)\"=C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"ctfmon.exe\"=C:\\WINDOWS\\system32\\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\ADPHONE]
C:\\Program Files\\ADPHONE3\\ADPHONE.EXE /STARTUP []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\AudioDeck]
C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe [2007-08-09 528384]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\CAP3ON]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3ONN.EXE [2002-07-29 22528]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\IMJPMIG8.1]
C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes Anti-Malware (reboot)]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Malwarebytes\' Anti-Malware]
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamgui.exe [2009-09-10 420176]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSMSGS]
C:\\Program Files\\Messenger\\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\MSPY2002]
C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002A]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PHIME2002ASync]
C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminator]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SpywareTerminatorUpdate]
C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\SunJavaUpdateSched]
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe [2009-11-05 149280]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessenger]
C:\\Program Files\\TTMessenger\\ttmessenger2.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\TTMessengerPDF]
C:\\Program Files\\TTMessenger\\spool\\PDFSaver.exe []

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\VTPreset]
C:\\WINDOWS\\system32\\VTPreset.exe [2004-02-24 45056]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupfolder\\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fenêtre d\'état de Canon LASER SHOT LBP-1120.LNK]
C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3LAK.EXE [2002-07-29 30720]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\WgaLogon]
C:\\WINDOWS\\system32\\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
\"dontdisplaylastusername\"=0
\"legalnoticecaption\"=
\"legalnoticetext\"=
\"shutdownwithoutlogon\"=1
\"undockwithoutlogon\"=1

[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"NoDriveAutoRun\"=67108863
\"HonorAutoRunSetting\"=1
\"NoDrives\"=0

[HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\explorer]
\"HonorAutoRunSetting\"=
\"NoDriveAutoRun\"=
\"NoDriveTypeAutoRun\"=
\"NoDrives\"=

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE\"=\"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"
\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe\"=\"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe:*:Enabled:Java(TM) Platform SE binary\"
\"C:\\Program Files\\Internet Download Manager\\IDMan.exe\"=\"C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM)\"
\"C:\\Program Files\\ma-config.com\\maconfservice.exe\"=\"C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice\"
\"C:\\Program Files\\eMule\\emule.exe\"=\"C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule\"

[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\domainprofile\\authorizedapplications\\list]
\"%windir%\\system32\\sessmgr.exe\"=\"%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\"
\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call\"
\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\"=\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger\"
\"%windir%\\Network Diagnostic\\xpnetdiag.exe\"=\"%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\"

======List of files/folders created in the last 1 months======

2009-11-10 21:00:54 ----A---- C:\\MyHosts.txt
2009-11-10 17:19:58 ----D---- C:\\_OTM
2009-11-10 12:31:36 ----A---- C:\\WINDOWS\\msnfix.txt
2009-11-10 12:30:48 ----D---- C:\\Program Files\\MSNFix
2009-11-10 00:02:02 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Office Genuine Advantage
2009-11-10 00:01:59 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Windows Genuine Advantage
2009-11-09 23:51:36 ----A---- C:\\ComboFix.txt
2009-11-09 23:37:45 ----A---- C:\\Boot.bak
2009-11-09 23:37:41 ----RASHD---- C:\\cmdcons
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\zip.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWXCACLS.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWSC.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\SWREG.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\sed.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\PEV.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\NIRCMD.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\MBR.exe
2009-11-09 23:35:27 ----A---- C:\\WINDOWS\\grep.exe
2009-11-09 23:34:48 ----D---- C:\\WINDOWS\\ERDNT
2009-11-09 23:34:47 ----D---- C:\\ComboFix
2009-11-09 23:33:56 ----D---- C:\\Qoobox
2009-11-09 18:47:46 ----A---- C:\\WINDOWS\\twmsico.dll
2009-11-09 17:22:52 ----D---- C:\\Program Files\\trend micro
2009-11-09 17:22:51 ----D---- C:\\rsit
2009-11-09 13:47:33 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ESET
2009-11-09 13:34:11 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files
2009-11-09 13:21:25 ----A---- C:\\WINDOWS\\SchedLgU.Txt
2009-11-08 23:54:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab
2009-11-08 21:47:41 ----A---- C:\\UsbFix.txt
2009-11-08 21:27:59 ----D---- C:\\UsbFix
2009-11-08 18:01:02 ----D---- C:\\Program Files\\ESET
2009-11-07 23:51:02 ----A---- C:\\WINDOWS\\system32\\VB6FR.DLL
2009-11-07 23:51:01 ----D---- C:\\Program Files\\RapidLetters
2009-11-07 15:17:31 ----A---- C:\\WINDOWS\\system32\\hidserv.dll
2009-11-07 00:20:44 ----D---- C:\\Program Files\\eMule
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaws.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\javaw.exe
2009-11-05 11:50:56 ----A---- C:\\WINDOWS\\system32\\java.exe
2009-11-05 00:09:32 ----D---- C:\\Music
2009-11-05 00:06:27 ----D---- C:\\Program Files\\Sagasoft
2009-11-04 23:35:45 ----A---- C:\\WINDOWS\\Mp3CutterJoiner.ini
2009-11-04 23:35:06 ----D---- C:\\My Music
2009-11-02 20:57:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\vlc
2009-11-01 18:12:40 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Real
2009-10-29 19:49:09 ----D---- C:\\WINDOWS\\Sun
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\rmoc3260.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5032.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pndx5016.dll
2009-10-28 17:03:58 ----A---- C:\\WINDOWS\\system32\\pncrt.dll
2009-10-28 17:03:57 ----A---- C:\\WINDOWS\\avisplitter.ini
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\yv12vfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidvfw.dll
2009-10-28 17:03:55 ----A---- C:\\WINDOWS\\system32\\xvidcore.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\qt-dx331.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\dpl100.dll
2009-10-28 17:03:54 ----A---- C:\\WINDOWS\\system32\\divx.dll
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll.manifest
2009-10-28 17:03:52 ----A---- C:\\WINDOWS\\system32\\ff_vfw.dll
2009-10-28 17:03:51 ----D---- C:\\Program Files\\K-Lite Codec Pack
2009-10-24 00:15:16 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\Apple Computer
2009-10-17 13:31:59 ----D---- C:\\WINDOWS\\system32\\Silabs
2009-10-17 13:31:53 ----A---- C:\\WINDOWS\\system32\\InfUnltd.dll_tmp
2009-10-14 11:14:52 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DriverCure
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\ParetoLogic
2009-10-14 11:14:45 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\DriverCure
2009-10-14 00:53:26 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Software
2009-10-13 15:45:05 ----D---- C:\\Program Files\\NCH Software
2009-10-13 15:43:48 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Program Files\\NCH Swift Sound
2009-10-13 15:43:36 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\NCH Swift Sound

======List of files/folders modified in the last 1 months======

2009-11-10 21:51:59 ----D---- C:\\WINDOWS\\Registration
2009-11-10 21:50:02 ----D---- C:\\WINDOWS\\Temp
2009-11-10 21:41:37 ----D---- C:\\WINDOWS\\system32
2009-11-10 21:06:11 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\DMCache
2009-11-10 21:01:03 ----D---- C:\\WINDOWS\\Prefetch
2009-11-10 18:38:44 ----D---- C:\\Program Files\\Mozilla Firefox
2009-11-10 17:21:50 ----D---- C:\\WINDOWS
2009-11-10 17:19:59 ----RD---- C:\\Program Files
2009-11-10 12:44:32 ----RASH---- C:\\boot.ini
2009-11-10 12:44:32 ----A---- C:\\WINDOWS\\win.ini
2009-11-10 12:44:32 ----A---- C:\\WINDOWS\\system.ini
2009-11-09 23:51:40 ----D---- C:\\WINDOWS\\system32\\drivers
2009-11-09 23:50:52 ----SD---- C:\\WINDOWS\\Tasks
2009-11-09 23:50:20 ----D---- C:\\WINDOWS\\system32\\CatRoot2
2009-11-09 23:41:08 ----D---- C:\\WINDOWS\\AppPatch
2009-11-09 23:41:05 ----D---- C:\\Program Files\\Fichiers communs
2009-11-09 13:48:31 ----SHD---- C:\\WINDOWS\\Installer
2009-11-09 13:48:24 ----HD---- C:\\WINDOWS\\inf
2009-11-09 13:29:08 ----AD---- C:\\Documents and Settings\\All Users\\Application Data\\TEMP
2009-11-08 22:03:07 ----SHD---- C:\\RECYCLER
2009-11-08 18:01:04 ----SD---- C:\\WINDOWS\\Downloaded Program Files
2009-11-07 15:17:36 ----RSHDC---- C:\\WINDOWS\\system32\\dllcache
2009-11-05 11:50:38 ----A---- C:\\WINDOWS\\system32\\deploytk.dll
2009-11-05 01:01:13 ----D---- C:\\WINDOWS\\ie8updates
2009-11-05 01:01:00 ----HD---- C:\\WINDOWS\\$hf_mig$
2009-11-05 01:01:00 ----D---- C:\\WINDOWS\\system32\\CatRoot
2009-11-05 00:10:46 ----A---- C:\\WINDOWS\\powermp3cutterjoiner.ini
2009-11-04 01:14:28 ----D---- C:\\Program Files\\Foxit Software
2009-11-01 01:15:30 ----D---- C:\\Documents and Settings\\HAMID\\Application Data\\IDM
2009-10-28 19:23:28 ----D---- C:\\Program Files\\Opera
2009-10-26 16:02:40 ----D---- C:\\Documents and Settings\\All Users\\Application Data\\Microsoft Help
2009-10-24 18:14:24 ----D---- C:\\Program Files\\Fichiers communs\\Microsoft Shared
2009-10-24 18:14:22 ----D---- C:\\WINDOWS\\WinSxS
2009-10-24 17:55:33 ----D---- C:\\Program Files\\Messenger Plus! Live
2009-10-24 00:20:13 ----SD---- C:\\Documents and Settings\\HAMID\\Application Data\\Microsoft
2009-10-22 10:17:28 ----N---- C:\\WINDOWS\\system32\\mshtml.dll
2009-10-21 11:28:53 ----D---- C:\\WINDOWS\\Help
2009-10-17 13:02:55 ----D---- C:\\WINDOWS\\Microsoft.NET
2009-10-17 13:02:50 ----RSD---- C:\\WINDOWS\\assembly
2009-10-17 01:06:27 ----A---- C:\\WINDOWS\\system32\\PerfStringBackup.INI
2009-10-17 01:03:47 ----D---- C:\\Program Files\\Internet Explorer
2009-10-16 14:53:43 ----D---- C:\\WINDOWS\\Debug
2009-10-15 18:50:19 ----D---- C:\\WINDOWS\\system32\\wbem
2009-10-13 00:00:43 ----D---- C:\\Program Files\\VIA
2009-10-13 00:00:32 ----D---- C:\\WINDOWS\\system32\\ReinstallBackups

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\\WINDOWS\\system32\\DRIVERS\\ehdrv.sys [2009-03-19 107256]
R1 epfwtdir;epfwtdir; C:\\WINDOWS\\system32\\DRIVERS\\epfwtdir.sys [2009-03-19 93848]
R1 intelppm;Pilote de processeur Intel; C:\\WINDOWS\\system32\\DRIVERS\\intelppm.sys [2008-04-14 40576]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\\WINDOWS\\System32\\drivers\\ws2ifsl.sys [2002-09-07 12032]
R2 eamon;eamon; C:\\WINDOWS\\system32\\DRIVERS\\eamon.sys [2009-03-19 113960]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5bv.sys [2009-06-16 46592]
R3 MBAMProtector;MBAMProtector; \\??\\C:\\WINDOWS\\system32\\drivers\\mbam.sys []
R3 mf;mf; C:\\WINDOWS\\system32\\DRIVERS\\mf.sys [2008-04-13 63744]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\\WINDOWS\\system32\\drivers\\msmpu401.sys [2001-08-17 2944]
R3 S3Psddr;S3Psddr; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
R3 usbehci;Pilote miniport de contrôleur d\'hôte amélioré Microsoft USB 2.0; C:\\WINDOWS\\system32\\DRIVERS\\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;Vinyl AC\'97 Audio Controller (WDM); C:\\WINDOWS\\system32\\drivers\\vinyl97.sys [2007-06-27 207488]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software); C:\\WINDOWS\\system32\\DRIVERS\\evsbc.sys [2007-06-12 26448]
R3 vusbbus;Virtual Usb Bus Enumerator; C:\\WINDOWS\\system32\\DRIVERS\\vusbbus.sys [2005-09-22 11520]
S1 kbdhid;Pilote HID de clavier; C:\\WINDOWS\\system32\\DRIVERS\\kbdhid.sys [2008-04-14 14720]
S3 catchme;catchme; \\??\\C:\\ComboFix\\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; \\??\\C:\\Program Files\\ma-config.com\\Drivers\\driverhardwarev2.sys []
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate); C:\\WINDOWS\\System32\\DRIVERS\\evserial.sys [2007-06-12 52944]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\\WINDOWS\\system32\\DRIVERS\\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Pilote de classe HID Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\\WINDOWS\\system32\\DRIVERS\\mouhid.sys [2001-08-23 12288]
S3 S3SavageNB;S3SavageNB; C:\\WINDOWS\\system32\\DRIVERS\\s3gnbm.sys [2004-08-13 167168]
S3 TVICHW32;TVICHW32; \\??\\C:\\WINDOWS\\system32\\DRIVERS\\TVICHW32.SYS []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d\'imprimantes USB Microsoft; C:\\WINDOWS\\system32\\DRIVERS\\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\\WINDOWS\\system32\\DRIVERS\\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\\WINDOWS\\system32\\DRIVERS\\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\\WINDOWS\\system32\\drivers\\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe [2009-03-19 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\\Program Files\\Java\\jre6\\bin\\jqs.exe [2009-11-05 153376]
R2 MBAMService;MBAMService; C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe [2009-09-10 269648]
S3 aspnet_state;Service d\'état ASP.NET; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe [2009-03-19 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\\Program Files\\ma-config.com\\maconfservice.exe [2009-09-23 238960]
S3 odserv;Microsoft Office Diagnostics Service; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\OFFICE12\\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Source Engine\\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\\Program Files\\Windows Media Player\\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\\WINDOWS\\system32\\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Bonjour,

Tu peux supprimer la quarantaine de malwarebytes.

Fais un essai maintenant avec MSN et dis moi si tout va bien.

Bonjour,

Merci pour tout, c\'est vraiment la fin d\'un vrai cauchemar. Je viens de supprimer la quarantaine de Malwarebyte , j\'ai lancé msn et tout se passe bien pour le moment, le message de fermeture n\'est pas apparu.
Je vous remercie encore une fois. Dommage l\'infection a été supprimés sinon c\'était un plaisir de papoter avec vous.
Bonne soirée

Bonjour,

ce n\'est pas tout a fait fini, il y a encore quelques lignes à fixer avec hijackthis, mais je laisse malwarebleach finaliser son travail

Bonne nuit hamid.

Bonjour,

En effet, une désinfection n\'est pas terminée, tant que l\'on ne l\'a pas annoncé.

Il reste du nettoyage à faire et sécuriser ton ordinateur qui ne l\'est pas tout à fait.

Tu vas généré un rapport HijakcThis :

• Suis ce chemin d\'accès : C:\\Program Files\\trend micro\\HAMID.exe
  
• Lance HijackThis qui a été renommé Hamid par un double clique
  
• lorsque le programme est ouvert, clique sur \"Do a system scan and save a log\"
  
• Copie/colle le rapport qui va apparaître dans ta prochaine réponse.

Bonjour,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:49, on 11/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\WINDOWS\\system32\\dllhost.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe
C:\\WINDOWS\\system32\\CAP3RSK.EXE
C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\CAP3SWK.EXE
C:\\Program Files\\Opera\\opera.exe
C:\\Program Files\\trend micro\\HAMID.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://fr.msn.com/
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Liens
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\\Program Files\\Internet Download Manager\\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d\'aide de l\'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O4 - HKLM\\..\\Run: [egui] \"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] \"c:\\PROGRA~1\\FICHIE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\\Program Files\\Internet Download Manager\\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\\Program Files\\Internet Download Manager\\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252268257859
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\\Program Files\\ma-config.com\\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamservice.exe

--
End of file - 5216 bytes

Bonjour,

Merci pour ton rapport, je vais préparer la finalisation de la désinfection de ton ordinateur et je te transmets tout ça dès que c\'est fini.

Bonjour,

Désolé d\'avoir pris du temps pour te donner la phase finale, je ne vais pas dire que je t\'avais oublié, mais presque .

Il est très important de suivre les recommandations dans l\'ordre dans lequel elles sont écrites. N\'hésites pas à poser des questions si tu es dans le doute, c\'est préférable. Je suis à ta disposition pour y répondre.

• Lance à nouveau HijackThis
  
• Cette fois-ci tu vas cliquer sur \"Do a system scan only\"
  
• Coches sur la gauche les cases correspondants aux lignes que je te désigne ci-dessous :
  
  O1 - Hosts: 66.98.148.65 auto.search.msn.com
  O1 - Hosts: 66.98.148.65 auto.search.msn.es
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
  O4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] \"c:\\PROGRA~1\\FICHIE~1\\MICROS~1\\DW\\dwtrig20.exe\" -t (User \'SYSTEM\')
  O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252268257859
  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  
  
• Une fois toutes ces lignes cochées, clique sur Fix checked

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

• Télécharge ToolsCleaner sur ton Bureau
  
• Double-clique sur ToolsCleaner2.exe et laisse le travailler
  
• Clique sur Recherche et laisse le scan se terminer.
  
• Clique sur Suppression pour finaliser.
  
• Tu peux, si tu le souhaites, te servir des Options facultatives.
  
• Clique sur Quitter, pour que le rapport puisse se créer.
  
• Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\\)...colle le dans ta prochaine réponse

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Ton ordinateur est bien tenu à jour, je t\'en félicite, ce n\'est pas très courant crois moi.

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Tu possèdes C cleaner sur ton ordinateur, tu vas l\'utiliser pour finaliser le nettoyage de ton ordinateur (fichiers inutiles, clés de registre orphelines etc....).
Je te donne tout de même quelques conseils d\'utilisation pour optimiser ce nettoyage :

• Lance CCleaner puis Clique sur \"Options\", \"Avancé\" et décoche la case \"Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 24 heures\".
  
• Dans le menu nettoyeur , clique sur \"Analyse.
  
• Ensuite clique sur le bouton \"Lancer le nettoyage\" et laisse le faire.
  
• Maintenant dans l\'onglet \"Registre\" , clique sur \"Chercher des erreurs\"
  
• Réponds a OUI a la question qui te sera posée.
  
• Enfin , répare les erreurs en cliquant sur \" Réparer les erreurs sélectionnés \"
  
• recommence la recherche et la suppression des erreurs jusqu\'à ce qu\'il ne reste plus rien.
  
• un tutoriel pour t\'aider

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Pour malwarebytes, il est important de le mettre à jour avant de lancer une analyse, penses à l\'utiliser régulièrement.

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Cette étape est indispensable pour finaliser la désinfection, elle permet de supprimer les points de restauration et du même coup les éventuels malwares qui s\'y seraient logés.

/!\\ Très Important /!\\

• Il faut désactiver et réactiver la restauration système suis ce tutoriel pour t\'aider.
  
• Il faut ensuite créer un point de restauration manuellement, pour t\'aider suis celui là

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Information :

Depuis 2006 le nombre de malwares et les technologies ont évolué de manière sensible toujours pour servir l\'économie souterraine lucrative qui sert les auteurs de malwares.
A ce jour, il n\'existe pas de technologies capables de protéger efficacement votre ordinateur si l\'internaute n\'est pas instruit sur les risques encourus sur la toile. Ce transfert de connaissances est indispensable pour construire l\'Internet.

C\'est pour cela que je t\'invite à lire ce fichier PDF qui traite de la sécurité informatique. Ce fichier est issu du forum de malekal_morte, qui a mis place un Projet Antimalware pour sensibiliser l\'opinion publique et les politiques sur les dangers des malwares. J\'adhère à 100% sur ce projet. N\'hésites pas à le diffuser autour de toi pour que le maximum de personnes soient prévenues.

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Ton ordinateur est maintenant désinfecté.

Merci pour ta patience, et de ta confiance.

Bonjour,

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\\Combofix.txt: trouvé !
C:\\UsbFix.txt: trouvé !
C:\\Combofix: trouvé !
C:\\Qoobox: trouvé !
C:\\_OTM: trouvé !
C:\\UsbFix: trouvé !
C:\\Rsit: trouvé !
C:\\Documents and Settings\\All Users\\Bureau\\MSNFix.lnk: trouvé !
C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\MsnFix: trouvé !
C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\MSNFix\\MSNFix.lnk: trouvé !
C:\\Documents and Settings\\HAMID\\Bureau\\OTM.exe: trouvé !
C:\\Documents and Settings\\HAMID\\Bureau\\ComboFix.exe: trouvé !
C:\\Documents and Settings\\HAMID\\Bureau\\Rsit.exe: trouvé !
C:\\Documents and Settings\\HAMID\\Mes documents\\Downloads\\Programs\\UsbFix.exe: trouvé !
C:\\Program Files\\MsnFix: trouvé !
C:\\Program Files\\MSNFix\\incl\\catchme.exe: trouvé !
C:\\Program Files\\trend micro\\HijackThis.exe: trouvé !
C:\\Program Files\\trend micro\\hijackthis.log: trouvé !
C:\\Qoobox\\Quarantine\\catchme.log: trouvé !
C:\\WINDOWS\\msnfix.txt: trouvé !
C:\\WINDOWS\\mbr.exe: trouvé !

---------------------------------
--> Suppression:

C:\\Documents and Settings\\All Users\\Bureau\\MSNFix.lnk: supprimé !
C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\MSNFix\\MSNFix.lnk: supprimé !
C:\\Documents and Settings\\HAMID\\Bureau\\OTM.exe: supprimé !
C:\\Documents and Settings\\HAMID\\Bureau\\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\\Program Files\\MSNFix\\incl\\catchme.exe: supprimé !
C:\\Program Files\\trend micro\\HijackThis.exe: supprimé !
C:\\Combofix.txt: supprimé !
C:\\UsbFix.txt: supprimé !
C:\\Documents and Settings\\HAMID\\Bureau\\Rsit.exe: supprimé !
C:\\Documents and Settings\\HAMID\\Mes documents\\Downloads\\Programs\\UsbFix.exe: supprimé !
C:\\Program Files\\trend micro\\hijackthis.log: supprimé !
C:\\Qoobox\\Quarantine\\catchme.log: supprimé !
C:\\WINDOWS\\msnfix.txt: supprimé !
C:\\WINDOWS\\mbr.exe: supprimé !
C:\\Combofix: supprimé !
C:\\Qoobox: supprimé !
C:\\_OTM: supprimé !
C:\\UsbFix: supprimé !
C:\\Rsit: supprimé !
C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\MsnFix: supprimé !
C:\\Program Files\\MsnFix: supprimé !

Bonjour,

Ok, toolscleaner a bien fait son travail, tu peux supprimer l\'icône de toolscleaner et vider ta corbeille.

Bonne soirée.

Bonjour,

Merci pour tout malwarebleach, j\'ai tout fait et tout s\'est passé d\'une façon normale.
Maintenant je peux dire que mon PC est désinfecté et ce, grâce à ta patience et surtout à ton savoir faire.

NB : ProjetAntimalware.pdf ne veut pas se télécharger comme c\'était le cas pour RHosts.exe hier

Bonjour,

M\'ouais, je ne peux pas non plus te donner le lien de téléchargement direct sur mémoclic, le lien ne passe pas.

J\'ai donc hébergé le fichier sur mon compte Archive-Host.

Tu es chez quel Fournisseur d\'accès internet ?

Bonjour,

Je suis en algérie l\'ami. Avec un FAI algérien bien entendu

Bonjour,

Bien entendu, c\'est bien ce que je pensais. Il est plus que probable que archive-hosts, le site free et surement d\'autres, filtrent les adresses IP venant d\'Algérie. C\'est assez fréquent que les IP venant d\'Afrique subissent ce genre de filtrage.

C\'est pour cela que tu ne peux pas télécharger Rhosts, et le fichier PDF que je t\'ai donné.

C\'est toujours bon de le savoir.

Essayes de télécharger le fichier PDF à cette adresse :

www.up-this.com/fr/dl.html?fid=DAC89F5F8D88#

Laisses toi guider par le site pour accéder au téléchargement.

Tiens moi au courant si tu peux télécharger par ce site, ça pourra toujours servir autant pour toi que pour moi.

Bonjour,

Merci, enfin avec ce lien j\'ai pu télécharger le *.pdf

Bonjour,

Y\'a pas de quoi, vive la mondialisation, comme tu le vois elle n\'est pas valable pour tous sur internet.....


Bonne lecture, tu peux maintenant diffuser ce fichier par email à tous tes contacts, et fais attention à ce que tu télécharges et installes sur ton ordinateur.

Pour MSN, n\'acceptes que des fichiers de tes contacts connus et ne clique pas sur des liens lorsque tu n\'es pas en conversation avec l\'un d\'entre eux.

Bon surf, et bien le bonjour à l\'Algérie

Bonjour,

Bonne nuit malwarebleach

Une dernière chose s\'il te plaît...comme tu l\'as pu remarquer je suis avec nod32 comme antivirus, est-ce que je le garde ou tu me conseilles un autre plus puissant ? Je sais les antivirus c\'est comme les goûts et les couleurs...mais bon, on sait jamais...

Bonjour,

De même et au plaisir sur mémoclic

Bonjour,

Une dernière chose s\'il te plaît...comme tu l\'as pu remarquer je suis avec nod32 comme antivirus, est-ce que je le garde ou tu me conseilles un autre plus puissant ? Je sais les antivirus c\'est comme les goûts et les couleurs...mais bon, on sait jamais...

Salut,

Tu peux conserver NOD32.

Si tu souhaites en changer :

- en gratuit je te conseil Avira Antivir
- en payant Kaspersky

Ce sont les meilleurs du moment

- en gratuit je te conseil Avira Antivir
- en payant Kaspersky

Merci