Se connecter avec
S'enregistrer | Connectez-vous

suis je infecter?

Dernière réponse : dans Sécurité

Bonsoir,
je voudrais savoir si je suis infecté!
voila je poste mon log puis j'espere qu'on me repondra.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:44, on 01/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\ADMINA~1\AppData\Local\Temp\Rar$EX00.869\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A62181A0-3527-4157-BA30-94F757670EEE}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5806 bytes
voila voila merci de me repondre !

Autres pages sur : infecter

Lassé par la pub ? Créez un compte

salut Angeldark
merci de ta reponse rapide mais que veux tu dire par "apparemment ok"
qu'il n y a pas de virus ou trojan ou autre?
en tout cas maintenant mon unité centrale fait un bruit atroce !
donc je reposte un log hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:20:50, on 02/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\mIRC\mirc.exe
C:\Windows\explorer.exe
c:\program files\steam\steamapps\robertofr\counter-strike\hl.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\Program Files\TeamSpeak3\TeamSpeak.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\ADMINA~1\AppData\Local\Temp\Rar$EX00.994\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A62181A0-3527-4157-BA30-94F757670EEE}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5905 bytes
voila donc si tu as le temps...j'attends ton aide,merci.
franckou.

re
j'ai reformater..
et la je fais une analyse avec spyware doctor,j'ai un trojan.lop_com
ensuite par exemple quand j'ecris la maintenant,ca arive apres je sais pas comment expliquer sa...puis quand je regarde une video sur youtube,elle est lag :o 
vraiment j'ai besoin d'aide!
merci

bonsoir,
j'avais desinstallé spyware doctor et puisque tu m'as demande l'emplacement de l'infection je l'ai réinstallé mais la il ne le detecte plus...
Alors je voudrais savoir si je garde cette anti-spyware?
Ensuite souvent mon arriere plan change tout seul,par exemple il se met en noir..

On peut vérifier.

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    bonsoir
    voici le rapport combofix
    ComboFix 08-03-05.1 - ARL 2008-03-05 18:56:30.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1210 [GMT 1:00]
    Endroit: C:\Users\ARL\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-05 17:25 --------- d-----w C:\Program Files\Steam
    2008-03-05 17:01 --------- d-----w C:\Program Files\Google
    2008-03-05 16:55 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
    2008-03-05 16:55 --------- d-----w C:\Users\ARL\AppData\Roaming\TuneUp Software
    2008-03-05 16:55 --------- d-----w C:\ProgramData\TuneUp Software
    2008-03-05 16:55 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-03-05 16:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-05 12:55 --------- d-----w C:\ProgramData\Avira
    2008-03-05 12:55 --------- d-----w C:\Program Files\Avira
    2008-03-05 03:05 --------- d-----w C:\Program Files\7-Zip
    2008-03-05 02:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-05 02:43 --------- d-----w C:\Program Files\Windows Live
    2008-03-05 02:40 --------- d-----w C:\ProgramData\WLInstaller
    2008-03-05 01:01 --------- d-----w C:\Users\ARL\AppData\Roaming\mIRC
    2008-03-04 22:44 --------- d-----w C:\ProgramData\WinZip
    2008-03-04 21:01 --------- d---a-w C:\ProgramData\TEMP
    2008-03-04 18:40 --------- d-----w C:\Program Files\Spyware Doctor
    2008-03-04 18:38 --------- d-----w C:\Users\ARL\AppData\Roaming\PC Tools
    2008-03-04 01:54 --------- d-----w C:\Program Files\mIRC
    2008-03-04 01:52 --------- d-----w C:\Users\ARL\AppData\Roaming\teamspeak2
    2008-03-04 01:52 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-03-04 00:49 --------- d-----w C:\Users\ARL\AppData\Roaming\vlc
    2008-03-04 00:45 --------- d-----w C:\Program Files\VideoLAN
    2008-03-04 00:36 --------- d-----w C:\Users\ARL\AppData\Roaming\LimeWire
    2008-03-04 00:30 174 --sha-w C:\Program Files\desktop.ini
    2008-03-04 00:27 --------- d-----w C:\Program Files\Windows Sidebar
    2008-03-04 00:27 --------- d-----w C:\Program Files\Windows Mail
    2008-03-04 00:27 --------- d-----w C:\Program Files\Windows Defender
    2008-03-04 00:27 --------- d-----w C:\Program Files\Windows Calendar
    2008-03-04 00:02 87,040 ----a-w C:\Windows\System32\msoert2.dll
    2008-03-04 00:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-03-04 00:01 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-03-04 00:00 49,664 ----a-w C:\Windows\System32\csrsrv.dll
    2008-03-04 00:00 376,320 ----a-w C:\Windows\System32\winsrv.dll
    2008-03-03 23:55 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
    2008-03-03 23:54 414,208 ----a-w C:\Windows\System32\msscp.dll
    2008-03-03 23:51 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-03-03 23:51 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-03-03 23:51 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-03-03 23:51 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-03-03 23:51 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
    2008-03-03 23:51 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-03-03 23:50 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-03-03 23:50 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-03-03 23:50 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-03-03 23:50 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-03-03 23:50 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-03-03 23:50 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-03-03 23:49 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-03-03 23:49 --------- d-----w C:\Users\ARL\AppData\Roaming\Grisoft
    2008-03-03 23:49 --------- d-----w C:\ProgramData\Grisoft
    2008-03-03 23:48 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-03-03 23:48 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
    2008-03-03 23:48 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
    2008-03-03 23:48 39,936 ----a-w C:\Windows\System32\slcinst.dll
    2008-03-03 23:48 351,232 ----a-w C:\Windows\System32\SLUI.exe
    2008-03-03 23:48 33,280 ----a-w C:\Windows\System32\slwmi.dll
    2008-03-03 23:48 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
    2008-03-03 23:48 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-03-03 23:48 223,232 ----a-w C:\Windows\System32\SLC.dll
    2008-03-03 23:48 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
    2008-03-03 23:48 186,368 ----a-w C:\Windows\System32\SLLUA.exe
    2008-03-03 23:47 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-03-03 23:45 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2008-03-03 23:45 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-03-03 23:45 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2008-03-03 23:45 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
    2008-03-03 23:45 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2008-03-03 23:45 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2008-03-03 23:44 974,336 ----a-w C:\Windows\System32\crypt32.dll
    2008-03-03 23:44 5,120 ----a-w C:\Windows\System32\wmi.dll
    2008-03-03 23:44 152,576 ----a-w C:\Windows\System32\imagehlp.dll
    2008-03-03 23:44 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
    2008-03-03 23:43 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-03-03 23:43 633,856 ----a-w C:\Windows\System32\user32.dll
    2008-03-03 23:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-03-03 23:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-03-03 23:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-03-03 23:42 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-03-03 23:31 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2008-03-03 23:31 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2008-03-03 23:31 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-03-03 23:31 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-03-03 23:31 33,624 ----a-w C:\Windows\System32\wups.dll
    2008-03-03 23:31 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-03-03 23:31 163,000 ----a-w C:\Windows\System32\wuwebv.dll
    2008-03-03 23:31 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-03-03 23:31 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    2008-03-03 21:57 --------- d-----w C:\Program Files\Common Files\Steam
    2008-03-03 20:05 --------- d-----w C:\Program Files\CCleaner
    2008-03-03 19:15 --------- d-----w C:\Users\ARL\AppData\Roaming\ATI
    2008-03-03 19:13 --------- d-----w C:\Program Files\ATI Technologies
    2008-03-03 19:12 --------- d-----w C:\Program Files\ATI
    2008-03-03 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-03 18:58 --------- d-----w C:\Program Files\SigmaTel
    2008-03-03 18:58 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-03-03 18:50 --------- d-----w C:\Program Files\Intel
    2008-03-03 18:46 --------- d-----w C:\Program Files\LimeWire
    2008-03-03 18:46 --------- d-----w C:\Program Files\Java
    2008-03-03 18:45 --------- d-----w C:\Program Files\Common Files\Java
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-04 00:46 1232896]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-04 00:57 1006264]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
    "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 17:10 405504]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-05 14:02 249896]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{D91612DB-3A7C-497D-BD98-D18CC894E828}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{937975E6-A9E2-4075-A58D-53CEF5F3FC82}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{DC3FACD1-355E-4269-BF3C-5AA9A0A4A383}C:\program files\mirc\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
    "UDP Query User{6890D9B0-1406-4B45-B2E4-F88336579746}C:\program files\mirc\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
    "{200008F7-94D0-4733-BEDB-206FD9A20119}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 15:28]
    R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-03 21:05]
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 15:28]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-03-05 17:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-05 17:02:07 C:\Windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-05 18:57:53
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-05 18:58:25
    .
    2008-03-04 20:01:03 --- E O F ---

    Lassé par la pub ? Créez un compte
    Tom's guide dans le monde