Tom's Guide > Forum > Sécurité - Virus > spyware impossible a supprimer

spyware impossible a supprimer

Forum Sécurité - Virus : spyware impossible a supprimer

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !

Créer un nouveau sujet Répondre

Bas de page Chercher dans ce sujet

bonjour , j'ai un spyware que je n'arrive pas a supprimer. j'ai deja vu quelques conseil sur le net, j'ai telecharger spyware doctor version payante, je fait des analyses toutes les heures environ et a chaque fois les memes trojan sont detectés. je fait reparation verifier toujours sur sd , sa me met traitement en cours et sa me dit que le probleme est supprimer. or a chaque fois que je refait un scan, les memes trojan réaparaissent ( trojant.agent , trojan virtumonde, etc...)

comment faire pour les supprimer definitivement et pour que m'ont pc n'ai plus rien?

merci d'avance

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

bonjour et merci de m'aider
voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:01, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\yvtmkyje\gtgfcnwv.exe
C:\ProgramData\shchizgx\ytixszyx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [yvtmkyje] C:\ProgramData\yvtmkyje\gtgfcnwv.exe
O4 - HKCU\..\Run: [eM7rl3ne9w] C:\ProgramData\shchizgx\ytixszyx.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\yadine\AppData\Local\Temp\hgGvtsrs.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\yadine\AppData\Local\Temp\urqRJBRj.dll,c
O4 - HKCU\..\Run: [nsuqolqe] C:\ProgramData\nsuqolqe\ynsdonal.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [oabhlrcr] C:\ProgramData\oabhlrcr\relmrqly.exe
O4 - HKCU\..\Run: [55f2f944] rundll32.exe "C:\Users\yadine\AppData\Local\Temp\kteqhjxp.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12112 bytes

Répondre à yannick08200

Re,

Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

1) [~] Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
[~] Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK

Tu recocheras après.

- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

2) Désactive toute protection résidente ( antivirus…) !
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !

Télécharge Combofix de sUBs
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com [...] ges-1.html
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

3) Copie/colle un nouveau rapport HiJackThis avec.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voici le rapport combofix

ComboFix 08-04-29.5 - yadine 2008-05-01 11:28:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1082 [GMT 2:00]
Endroit: C:\Users\yadine\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.

2008-05-01 11:08 . 2008-05-01 11:08 <REP> d-------- C:\Program Files\Trend Micro
2008-04-30 21:24 . 2008-04-30 21:24 386 --a------ C:\Windows\3DBELOTE2.INI
2008-04-30 21:23 . 2008-04-30 21:23 <REP> d-------- C:\Program Files\3DBELOTE
2008-04-30 20:09 . 2008-04-30 20:09 <REP> d-------- C:\Users\yadine\AppData\Roaming\Talkback
2008-04-30 19:31 . 2008-04-30 19:31 <REP> d-------- C:\Users\yadine\AppData\Roaming\PC Tools
2008-04-30 19:31 . 2008-04-30 20:35 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-30 19:31 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-04-30 19:31 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-04-30 19:31 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-04-30 19:31 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-04-30 19:26 . 2008-04-30 19:26 <REP> d-------- C:\Users\All Users\Mozilla
2008-04-30 19:26 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-04-30 19:26 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-04-30 19:25 . 2008-04-30 19:26 <REP> d-------- C:\Program Files\Picasa2
2008-04-30 19:24 . 2008-04-30 19:24 <REP> d-------- C:\Program Files\Norton Security Scan
2008-04-30 19:22 . 2008-04-30 20:22 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-30 19:22 . 2008-04-30 20:22 <REP> d-------- C:\ProgramData\Google Updater
2008-04-30 19:16 . 2008-04-30 19:16 <REP> d-------- C:\Users\All Users\oabhlrcr
2008-04-30 19:16 . 2008-04-30 19:16 <REP> d-------- C:\ProgramData\oabhlrcr
2008-04-30 16:39 . 2008-04-30 16:39 <REP> d-------- C:\Users\All Users\Google
2008-04-30 16:39 . 2008-04-30 19:28 <REP> d-------- C:\Program Files\Google
2008-04-26 11:47 . 2008-05-01 11:22 <REP> d-a------ C:\Users\All Users\TEMP
2008-04-26 11:47 . 2008-05-01 11:22 <REP> d-a------ C:\ProgramData\TEMP
2008-04-25 23:48 . 2008-04-30 17:18 <REP> d-------- C:\Program Files\a-squared Free
2008-04-25 23:42 . 2008-04-25 23:42 <REP> d-------- C:\Users\All Users\nsuqolqe
2008-04-25 23:42 . 2008-04-25 23:42 <REP> d-------- C:\ProgramData\nsuqolqe
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-25 09:05 . 2008-04-25 09:05 <REP> d-------- C:\Users\All Users\yvtmkyje
2008-04-25 09:05 . 2008-04-25 09:05 <REP> d-------- C:\Users\All Users\shchizgx
2008-04-25 09:05 . 2008-04-25 09:05 <REP> d-------- C:\ProgramData\yvtmkyje
2008-04-25 09:05 . 2008-04-25 09:05 <REP> d-------- C:\ProgramData\shchizgx
2008-04-22 21:33 . 2008-04-22 21:35 <REP> d-------- C:\Users\yadine\AppData\Roaming\SecondLife
2008-04-22 21:32 . 2008-04-22 21:36 <REP> d-------- C:\Program Files\SecondLife
2008-04-21 20:10 . 2008-02-28 13:26 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll
2008-04-21 20:10 . 2008-02-28 13:01 774,144 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-04-21 20:09 . 2008-04-21 20:09 0 --a------ C:\Windows\Irremote.ini
2008-04-21 20:03 . 2008-04-21 20:03 <REP> d-------- C:\Users\yadine\AppData\Roaming\Bitdefender
2008-04-21 20:03 . 2008-04-21 20:03 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-04-21 20:03 . 2008-04-21 20:03 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-04-21 19:54 . 2008-04-21 20:20 <REP> d-------- C:\Users\yadine\AppData\Roaming\DeepBurner
2008-04-21 19:53 . 2008-04-21 19:53 <REP> d-------- C:\Program Files\Astonsoft
2008-04-21 19:25 . 2008-04-21 19:26 <REP> d-------- C:\Users\All Users\BitDefender
2008-04-21 19:25 . 2008-04-21 19:26 <REP> d-------- C:\ProgramData\BitDefender
2008-04-21 19:25 . 2008-04-21 19:25 <REP> d-------- C:\Program Files\Softwin
2008-04-21 19:13 . 2008-04-21 19:13 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-04-21 19:12 . 2008-04-21 19:12 <REP> d-------- C:\Users\yadine\AppData\Roaming\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\Users\All Users\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\ProgramData\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\Program Files\Common Files\Nero
2008-04-21 19:06 . 2008-04-21 19:06 <REP> d-------- C:\Program Files\AskTBar
2008-04-20 14:12 . 2008-04-20 14:16 <REP> d-------- C:\Users\All Users\WLInstaller
2008-04-20 14:12 . 2008-04-20 14:16 <REP> d-------- C:\ProgramData\WLInstaller
2008-04-20 14:12 . 2008-04-20 14:20 <REP> d-------- C:\Program Files\Windows Live
2008-04-20 14:12 . 2008-04-20 14:18 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-20 13:54 . 2008-04-20 14:09 <REP> d-------- C:\Users\yadine\AppData\Roaming\Azureus
2008-04-20 13:54 . 2008-04-20 13:54 <REP> d-------- C:\Users\All Users\Azureus
2008-04-20 13:54 . 2008-04-20 13:54 <REP> d-------- C:\ProgramData\Azureus
2008-04-20 13:52 . 2008-04-21 06:04 <REP> d-------- C:\Program Files\Azureus
2008-04-20 13:20 . 2008-04-20 14:01 <REP> d-------- C:\Users\yadine\AppData\Roaming\BitTorrent
2008-04-20 13:20 . 2008-04-20 13:20 <REP> d-------- C:\Program Files\DNA
2008-04-20 10:48 . 2008-04-20 10:48 <REP> d-------- C:\Program Files\Yahoo!
2008-04-20 10:48 . 2008-04-20 10:48 <REP> d-------- C:\Program Files\CCleaner
2008-04-19 21:32 . 2008-04-19 21:32 <REP> d-------- C:\Users\yadine\AppData\Roaming\vlc
2008-04-19 21:31 . 2008-04-19 21:31 <REP> d-------- C:\Program Files\VideoLAN
2008-04-19 08:34 . 2008-04-19 08:34 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-04-19 08:34 . 2008-04-19 08:34 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-04-19 08:32 . 2008-04-19 08:32 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-04-19 08:32 . 2008-04-19 08:32 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-04-19 08:31 . 2008-04-19 08:31 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-04-19 08:31 . 2008-04-19 08:31 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-04-19 08:31 . 2008-04-19 08:31 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-04-19 08:31 . 2008-04-19 08:31 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-04-19 08:31 . 2008-04-19 08:31 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-04-19 08:30 . 2008-04-19 08:30 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-04-19 08:30 . 2008-04-19 08:30 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-04-19 08:30 . 2008-04-19 08:30 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-04-19 08:30 . 2008-04-19 08:30 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-04-19 08:30 . 2008-04-19 08:30 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-04-19 08:30 . 2008-04-19 08:30 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-04-19 08:30 . 2008-04-19 08:30 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-04-19 08:30 . 2008-04-19 08:30 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-04-19 08:29 . 2008-04-19 08:29 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-04-19 08:29 . 2008-04-19 08:29 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-04-19 08:29 . 2008-04-19 08:29 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-04-19 08:29 . 2008-04-19 08:29 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-04-19 08:29 . 2008-04-19 08:29 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-04-19 08:29 . 2008-04-19 08:29 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-04-19 08:27 . 2008-04-19 08:27 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-19 08:26 . 2008-04-19 08:26 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-19 08:26 . 2008-04-19 08:26 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-04-19 08:26 . 2008-04-19 08:26 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-04-19 08:26 . 2008-04-19 08:26 2,048 --a------ C:\Windows\System32\asferror.dll
2008-04-19 08:25 . 2008-04-19 08:25 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-04-19 08:25 . 2008-04-19 08:25 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-04-19 08:24 . 2008-04-19 08:24 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-04-19 08:24 . 2008-04-19 08:24 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-04-19 08:23 . 2008-04-19 08:23 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-04-19 08:22 . 2008-04-19 08:22 558,080 --a------ C:\Windows\System32\oleaut32.dll
2008-04-19 08:20 . 2008-04-19 08:20 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-19 08:20 . 2008-04-19 08:20 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-19 08:19 . 2008-04-19 08:19 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-04-19 08:19 . 2008-04-19 08:19 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-04-19 08:19 . 2008-04-19 08:19 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-04-19 08:19 . 2008-04-19 08:19 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-04-19 08:18 . 2008-04-19 08:18 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-04-19 08:14 . 2008-04-19 08:14 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-19 08:13 . 2008-04-19 08:13 2,048 --a------ C:\Windows\System32\tzres.dll
2008-04-18 20:09 . 2008-05-01 11:32 81,984 --a------ C:\Windows\System32\bdod.bin
2008-04-18 20:00 . 2008-04-21 19:25 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-04-18 19:28 . 2008-04-18 19:28 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-04-18 19:28 . 2008-04-18 19:28 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-04-18 19:28 . 2008-04-18 19:28 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-04-18 19:28 . 2008-04-18 19:28 43,352 --a------ C:\Windows\System32\wups2.dll
2008-04-18 19:27 . 2008-04-18 19:27 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-04-18 19:27 . 2008-04-18 19:27 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-04-18 19:27 . 2008-04-18 19:27 33,624 --a------ C:\Windows\System32\wups.dll
2008-04-18 19:26 . 2008-04-18 19:26 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-04-18 19:26 . 2008-04-18 19:26 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\Users\All Users\eMule
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\ProgramData\eMule
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\Program Files\eMule
2008-04-07 13:02 . 2008-04-07 13:02 <REP> d-------- C:\Program Files\Inventel
2008-04-03 17:54 . 2008-04-03 17:54 <REP> d-------- C:\Program Files\Maxis

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 17:51 --------- d-----w C:\ProgramData\CyberLink
2008-04-21 04:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-19 07:39 --------- d-----w C:\Program Files\Electronic Arts
2008-04-19 06:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 06:48 --------- d-----w C:\Program Files\Windows Mail
2008-04-19 06:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-19 06:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-19 06:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-04-19 06:25 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-19 06:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-04-19 06:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-19 06:16 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-19 06:16 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-19 06:16 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-19 06:16 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-18 18:36 --------- d-----w C:\ProgramData\Symantec
2008-04-02 18:29 --------- d-----w C:\ProgramData\WildTangent
2008-04-01 16:11 --------- d-----w C:\Users\yadine\AppData\Roaming\Hewlett-Packard
2008-04-01 16:11 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-31 20:33 --------- d-----w C:\ProgramData\InterAction studios
2008-03-31 19:29 --------- d-----w C:\Users\yadine\AppData\Roaming\Magic Academy
2008-03-31 17:42 --------- d-----w C:\Users\yadine\AppData\Roaming\WildTangent
2008-03-31 17:42 --------- d-----w C:\Users\yadine\AppData\Roaming\PlayFirst
2008-03-31 17:20 --------- d-----w C:\Users\yadine\AppData\Roaming\Symantec
2008-03-31 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 17:13 --------- d-----w C:\ProgramData\Electronic Arts
2008-03-31 17:05 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Presario C700 Notebook PC_Y5335KV_0U_QCND8042Z28_E460270-051_4A_I30D9_SHP_V83.1F_F.23_T080103_WV2-0_L40C_M2038_J120_7Intel_8661_91.86_#071119_N10EC8139;168C001C_(GZ908EA#ABF)_XMOBILE_CN10_Z_2F.23.MRK
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Modèles
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Favoris
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Bureau
2008-03-31 17:03 --------- d-sh--w C:\Program Files\Fichiers communs
2007-11-19 04:00 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-19 08:23 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 17:10 1783136]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"yvtmkyje"="C:\ProgramData\yvtmkyje\gtgfcnwv.exe" [2008-04-25 09:05 102400]
"eM7rl3ne9w"="C:\ProgramData\shchizgx\ytixszyx.exe" [2008-04-25 09:05 35840]
"nsuqolqe"="C:\ProgramData\nsuqolqe\ynsdonal.exe" [2008-04-25 23:42 90112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 19:22 68856]
"oabhlrcr"="C:\ProgramData\oabhlrcr\relmrqly.exe" [2008-04-30 19:16 110592]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 14:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 14:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 14:43 137752]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-10-10 14:48 212992]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 16:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 20:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 17:05 202032]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 17:32 222504]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-19 05:19 1006264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 16:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-30 19:23 29744]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-30 19:22:44 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E10F4CC8-9D7B-46D2-B302-4C400C3923AF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{54C52D65-32B5-4086-BB6D-39CC31B8BD68}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5FE552D3-08E9-4D0F-AFCE-8CB0214CB8D4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6CC6461B-BA5F-41EE-A062-EDA1DCA0751A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2824B9F3-40CF-4E81-B1AC-B16FB94C48D4}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{2E7E6BFB-1DCC-4141-AFAC-3A73749B8388}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F784F1A4-0796-48C8-BF45-0E1FDECB2D4F}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{F2C6EC66-86B0-4398-A117-AF0843A7D2DA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{DB574293-7568-4CAD-9D67-3F7F22A57210}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{C8CAB15F-7339-4641-BA8C-EAC15F1F7E75}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BEBEED25-A406-47CE-AD31-F871A52FEFF2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{22D7C8A9-781B-4CF6-BB46-397DED0CD26B}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{2A6456D2-9093-4592-A666-8E1E5BD05130}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{BF55007D-8C50-469C-956F-FF58CB2E3280}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DD0260DE-1E98-4801-9231-AB3BF09E3217}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{4755639F-149E-4720-B2BF-154B38F85E43}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{C4AE3490-9DF4-4844-BDDE-F611D1AB14E3}C:\\program files\\azureus\\azureus.exe"= Disabled:UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8F854CD5-6D42-4113-B151-E1BF90EABB19}C:\\program files\\azureus\\azureus.exe"= Disabled:TCP:C:\program files\azureus\azureus.exe:Azureus
"{5ECF18C1-93AF-47A0-BD1A-13363D5DB136}"= Disabled:UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{BF2F778A-1D2F-4A23-ADFD-337B8CA4C321}"= Disabled:TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{B1F2530A-F2B2-4D3F-A6C4-D3E7760053CE}C:\\program files\\utorrent\\utorrent.exe"= Disabled:UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{74740452-FBF1-44BB-98E8-5A78F4E1328C}C:\\program files\\utorrent\\utorrent.exe"= Disabled:TCP:C:\program files\utorrent\utorrent.exe:uTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 16:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 16:40]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 14:25]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 01:33]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-30 19:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-30 18:34:15 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-30 14:40:17 C:\Windows\Tasks\User_Feed_Synchronization-{CA937A42-0DAB-4C5B-B432-45DA98B7E579}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 11:33:06
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-01 11:34:57
ComboFix-quarantined-files.txt 2008-05-01 09:34:12

Pre-Run: 67,155,304,448 octets libres
Post-Run: 67,135,430,656 octets libres

278 --- E O F --- 2008-04-30 14:55:00

et voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:01, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\yvtmkyje\gtgfcnwv.exe
C:\ProgramData\shchizgx\ytixszyx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [yvtmkyje] C:\ProgramData\yvtmkyje\gtgfcnwv.exe
O4 - HKCU\..\Run: [eM7rl3ne9w] C:\ProgramData\shchizgx\ytixszyx.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\yadine\AppData\Local\Temp\hgGvtsrs.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\yadine\AppData\Local\Temp\urqRJBRj.dll,c
O4 - HKCU\..\Run: [nsuqolqe] C:\ProgramData\nsuqolqe\ynsdonal.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [oabhlrcr] C:\ProgramData\oabhlrcr\relmrqly.exe
O4 - HKCU\..\Run: [55f2f944] rundll32.exe "C:\Users\yadine\AppData\Local\Temp\kteqhjxp.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12112 bytes

Répondre à yannick08200

:hello:

Désactive toute protection résidente ( antivirus…) !

Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

Citation :

Folder::
C:\Users\All Users\yvtmkyje
C:\Users\All Users\shchizgx
C:\ProgramData\yvtmkyje
C:\ProgramData\shchizgx
C:\Users\All Users\oabhlrcr
C:\ProgramData\oabhlrcr
C:\Users\All Users\nsuqolqe
C:\ProgramData\nsuqolqe
C:\Program Files\AskTBar

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yvtmkyje"=-
"eM7rl3ne9w"=-
"nsuqolqe"=-
"oabhlrcr"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voici le rapport combofix

ComboFix 08-04-29.5 - yadine 2008-05-01 15:26:29.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1022 [GMT 2:00]
Endroit: C:\Users\yadine\Desktop\ComboFix.exe
Command switches used :: C:\Users\yadine\Documents\temps de travail\CFScript.txt..txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar\Cache\002C9166
C:\Program Files\AskTBar\bar\Cache\002C97AD
C:\Program Files\AskTBar\bar\Cache\002C9923.bin
C:\Program Files\AskTBar\bar\Cache\002C9A8A.bin
C:\Program Files\AskTBar\bar\Cache\002C9C01.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\ProgramData\nsuqolqe
C:\ProgramData\nsuqolqe\ynsdonal.exe
C:\ProgramData\oabhlrcr
C:\ProgramData\oabhlrcr\relmrqly.exe
C:\ProgramData\shchizgx
C:\ProgramData\shchizgx\ytixszyx.exe
C:\ProgramData\yvtmkyje
C:\ProgramData\yvtmkyje\gtgfcnwv.exe
C:\Users\All Users\nsuqolqe\ynsdonal.exe
C:\Users\All Users\oabhlrcr\relmrqly.exe
C:\Users\All Users\shchizgx\ytixszyx.exe
C:\Users\All Users\yvtmkyje\gtgfcnwv.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.

2008-05-01 13:04 . 2008-05-01 15:11 <REP> d-------- C:\Users\yadine\AppData\Roaming\Spyware Terminator
2008-05-01 13:04 . 2008-05-01 14:16 <REP> d-------- C:\Users\All Users\Spyware Terminator
2008-05-01 13:04 . 2008-05-01 14:16 <REP> d-------- C:\ProgramData\Spyware Terminator
2008-05-01 13:04 . 2008-05-01 14:16 <REP> d-------- C:\Program Files\Spyware Terminator
2008-05-01 13:04 . 2008-05-01 13:05 <REP> d-------- C:\Program Files\Crawler
2008-05-01 13:04 . 2008-05-01 13:04 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-05-01 11:42 . 2008-05-01 11:42 <REP> d-------- C:\Users\All Users\yyjyrfho
2008-05-01 11:42 . 2008-05-01 11:42 <REP> d-------- C:\ProgramData\yyjyrfho
2008-05-01 11:08 . 2008-05-01 11:08 <REP> d-------- C:\Program Files\Trend Micro
2008-04-30 21:24 . 2008-04-30 21:24 386 --a------ C:\Windows\3DBELOTE2.INI
2008-04-30 21:23 . 2008-04-30 21:23 <REP> d-------- C:\Program Files\3DBELOTE
2008-04-30 20:09 . 2008-04-30 20:09 <REP> d-------- C:\Users\yadine\AppData\Roaming\Talkback
2008-04-30 19:31 . 2008-04-30 19:31 <REP> d-------- C:\Users\yadine\AppData\Roaming\PC Tools
2008-04-30 19:31 . 2008-04-30 20:35 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-30 19:31 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-04-30 19:31 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-04-30 19:31 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-04-30 19:31 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-04-30 19:26 . 2008-04-30 19:26 <REP> d-------- C:\Users\All Users\Mozilla
2008-04-30 19:26 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-04-30 19:26 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-04-30 19:25 . 2008-04-30 19:26 <REP> d-------- C:\Program Files\Picasa2
2008-04-30 19:24 . 2008-04-30 19:24 <REP> d-------- C:\Program Files\Norton Security Scan
2008-04-30 19:22 . 2008-04-30 20:22 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-30 19:22 . 2008-04-30 20:22 <REP> d-------- C:\ProgramData\Google Updater
2008-04-30 16:39 . 2008-04-30 16:39 <REP> d-------- C:\Users\All Users\Google
2008-04-30 16:39 . 2008-04-30 19:28 <REP> d-------- C:\Program Files\Google
2008-04-26 11:47 . 2008-05-01 13:44 <REP> d-a------ C:\Users\All Users\TEMP
2008-04-26 11:47 . 2008-05-01 13:44 <REP> d-a------ C:\ProgramData\TEMP
2008-04-25 23:48 . 2008-04-30 17:18 <REP> d-------- C:\Program Files\a-squared Free
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-22 21:33 . 2008-04-22 21:35 <REP> d-------- C:\Users\yadine\AppData\Roaming\SecondLife
2008-04-22 21:32 . 2008-04-22 21:36 <REP> d-------- C:\Program Files\SecondLife
2008-04-21 20:10 . 2008-02-28 13:26 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll
2008-04-21 20:10 . 2008-02-28 13:01 774,144 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-04-21 20:09 . 2008-04-21 20:09 0 --a------ C:\Windows\Irremote.ini
2008-04-21 20:03 . 2008-04-21 20:03 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-04-21 20:03 . 2008-04-21 20:03 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-04-21 19:54 . 2008-04-21 20:20 <REP> d-------- C:\Users\yadine\AppData\Roaming\DeepBurner
2008-04-21 19:53 . 2008-04-21 19:53 <REP> d-------- C:\Program Files\Astonsoft
2008-04-21 19:13 . 2008-04-21 19:13 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-04-21 19:12 . 2008-04-21 19:12 <REP> d-------- C:\Users\yadine\AppData\Roaming\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\Users\All Users\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\ProgramData\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\Program Files\Common Files\Nero
2008-04-20 14:12 . 2008-04-20 14:16 <REP> d-------- C:\Users\All Users\WLInstaller
2008-04-20 14:12 . 2008-04-20 14:16 <REP> d-------- C:\ProgramData\WLInstaller
2008-04-20 14:12 . 2008-04-20 14:20 <REP> d-------- C:\Program Files\Windows Live
2008-04-20 14:12 . 2008-04-20 14:18 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-20 13:54 . 2008-04-20 14:09 <REP> d-------- C:\Users\yadine\AppData\Roaming\Azureus
2008-04-20 13:54 . 2008-04-20 13:54 <REP> d-------- C:\Users\All Users\Azureus
2008-04-20 13:54 . 2008-04-20 13:54 <REP> d-------- C:\ProgramData\Azureus
2008-04-20 13:52 . 2008-04-21 06:04 <REP> d-------- C:\Program Files\Azureus
2008-04-20 13:20 . 2008-04-20 14:01 <REP> d-------- C:\Users\yadine\AppData\Roaming\BitTorrent
2008-04-20 13:20 . 2008-04-20 13:20 <REP> d-------- C:\Program Files\DNA
2008-04-20 10:48 . 2008-04-20 10:48 <REP> d-------- C:\Program Files\Yahoo!
2008-04-20 10:48 . 2008-04-20 10:48 <REP> d-------- C:\Program Files\CCleaner
2008-04-19 21:32 . 2008-04-19 21:32 <REP> d-------- C:\Users\yadine\AppData\Roaming\vlc
2008-04-19 21:31 . 2008-04-19 21:31 <REP> d-------- C:\Program Files\VideoLAN
2008-04-19 08:34 . 2008-04-19 08:34 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-04-19 08:34 . 2008-04-19 08:34 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-04-19 08:32 . 2008-04-19 08:32 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-04-19 08:32 . 2008-04-19 08:32 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-04-19 08:31 . 2008-04-19 08:31 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-04-19 08:31 . 2008-04-19 08:31 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-04-19 08:31 . 2008-04-19 08:31 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-04-19 08:31 . 2008-04-19 08:31 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-04-19 08:31 . 2008-04-19 08:31 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-04-19 08:30 . 2008-04-19 08:30 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-04-19 08:30 . 2008-04-19 08:30 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-04-19 08:30 . 2008-04-19 08:30 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-04-19 08:30 . 2008-04-19 08:30 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-04-19 08:30 . 2008-04-19 08:30 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-04-19 08:30 . 2008-04-19 08:30 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-04-19 08:30 . 2008-04-19 08:30 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-04-19 08:30 . 2008-04-19 08:30 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-04-19 08:29 . 2008-04-19 08:29 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-04-19 08:29 . 2008-04-19 08:29 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-04-19 08:29 . 2008-04-19 08:29 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-04-19 08:29 . 2008-04-19 08:29 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-04-19 08:29 . 2008-04-19 08:29 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-04-19 08:29 . 2008-04-19 08:29 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-04-19 08:27 . 2008-04-19 08:27 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-19 08:26 . 2008-04-19 08:26 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-19 08:26 . 2008-04-19 08:26 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-04-19 08:26 . 2008-04-19 08:26 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-04-19 08:26 . 2008-04-19 08:26 2,048 --a------ C:\Windows\System32\asferror.dll
2008-04-19 08:25 . 2008-04-19 08:25 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-04-19 08:25 . 2008-04-19 08:25 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-04-19 08:24 . 2008-04-19 08:24 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-04-19 08:24 . 2008-04-19 08:24 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-04-19 08:23 . 2008-04-19 08:23 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-04-19 08:22 . 2008-04-19 08:22 558,080 --a------ C:\Windows\System32\oleaut32.dll
2008-04-19 08:20 . 2008-04-19 08:20 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-19 08:20 . 2008-04-19 08:20 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-19 08:19 . 2008-04-19 08:19 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-04-19 08:19 . 2008-04-19 08:19 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-04-19 08:19 . 2008-04-19 08:19 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-04-19 08:19 . 2008-04-19 08:19 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-04-19 08:18 . 2008-04-19 08:18 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-04-19 08:14 . 2008-04-19 08:14 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-19 08:13 . 2008-04-19 08:13 2,048 --a------ C:\Windows\System32\tzres.dll
2008-04-18 20:09 . 2008-05-01 15:14 81,984 --a------ C:\Windows\System32\bdod.bin
2008-04-18 20:00 . 2008-05-01 15:15 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-04-18 19:28 . 2008-04-18 19:28 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-04-18 19:28 . 2008-04-18 19:28 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-04-18 19:28 . 2008-04-18 19:28 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-04-18 19:28 . 2008-04-18 19:28 43,352 --a------ C:\Windows\System32\wups2.dll
2008-04-18 19:27 . 2008-04-18 19:27 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-04-18 19:27 . 2008-04-18 19:27 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-04-18 19:27 . 2008-04-18 19:27 33,624 --a------ C:\Windows\System32\wups.dll
2008-04-18 19:26 . 2008-04-18 19:26 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-04-18 19:26 . 2008-04-18 19:26 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\Users\All Users\eMule
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\ProgramData\eMule
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\Program Files\eMule
2008-04-07 13:02 . 2008-04-07 13:02 <REP> d-------- C:\Program Files\Inventel
2008-04-03 17:54 . 2008-04-03 17:54 <REP> d-------- C:\Program Files\Maxis
2008-04-03 17:54 . 2008-04-03 17:54 531 --a------ C:\Windows\eReg.dat
2008-04-02 16:01 . 2008-04-02 16:01 <REP> d-------- C:\Users\yadine\AppData\Roaming\Template
2008-04-02 16:01 . 2008-04-02 16:01 0 --a------ C:\Users\yadine\AppData\Roaming\wklnhst.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 17:51 --------- d-----w C:\ProgramData\CyberLink
2008-04-21 04:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-19 07:39 --------- d-----w C:\Program Files\Electronic Arts
2008-04-19 06:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 06:48 --------- d-----w C:\Program Files\Windows Mail
2008-04-19 06:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-19 06:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-19 06:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-04-19 06:25 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-19 06:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-04-19 06:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-19 06:16 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-19 06:16 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-19 06:16 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-19 06:16 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-18 18:36 --------- d-----w C:\ProgramData\Symantec
2008-04-02 18:29 --------- d-----w C:\ProgramData\WildTangent
2008-04-01 16:11 --------- d-----w C:\Users\yadine\AppData\Roaming\Hewlett-Packard
2008-04-01 16:11 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-31 20:33 --------- d-----w C:\ProgramData\InterAction studios
2008-03-31 19:29 --------- d-----w C:\Users\yadine\AppData\Roaming\Magic Academy
2008-03-31 17:42 --------- d-----w C:\Users\yadine\AppData\Roaming\WildTangent
2008-03-31 17:42 --------- d-----w C:\Users\yadine\AppData\Roaming\PlayFirst
2008-03-31 17:20 --------- d-----w C:\Users\yadine\AppData\Roaming\Symantec
2008-03-31 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 17:13 --------- d-----w C:\ProgramData\Electronic Arts
2008-03-31 17:05 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Presario C700 Notebook PC_Y5335KV_0U_QCND8042Z28_E460270-051_4A_I30D9_SHP_V83.1F_F.23_T080103_WV2-0_L40C_M2038_J120_7Intel_8661_91.86_#071119_N10EC8139;168C001C_(GZ908EA#ABF)_XMOBILE_CN10_Z_2F.23.MRK
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Modèles
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Favoris
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Bureau
2008-03-31 17:03 --------- d-sh--w C:\Program Files\Fichiers communs
2007-11-19 04:00 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-19 08:23 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 17:10 1783136]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 19:22 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"yyjyrfho"="C:\ProgramData\yyjyrfho\krapqjqt.exe" [2008-05-01 11:42 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 14:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 14:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 14:43 137752]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-10-10 14:48 212992]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 16:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 20:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 17:05 202032]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 17:32 222504]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-19 05:19 1006264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 16:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-30 19:23 29744]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-01 13:04 1809408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-30 19:22:44 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E10F4CC8-9D7B-46D2-B302-4C400C3923AF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{54C52D65-32B5-4086-BB6D-39CC31B8BD68}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5FE552D3-08E9-4D0F-AFCE-8CB0214CB8D4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6CC6461B-BA5F-41EE-A062-EDA1DCA0751A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2824B9F3-40CF-4E81-B1AC-B16FB94C48D4}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{2E7E6BFB-1DCC-4141-AFAC-3A73749B8388}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F784F1A4-0796-48C8-BF45-0E1FDECB2D4F}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{F2C6EC66-86B0-4398-A117-AF0843A7D2DA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{DB574293-7568-4CAD-9D67-3F7F22A57210}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{C8CAB15F-7339-4641-BA8C-EAC15F1F7E75}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BEBEED25-A406-47CE-AD31-F871A52FEFF2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{22D7C8A9-781B-4CF6-BB46-397DED0CD26B}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{2A6456D2-9093-4592-A666-8E1E5BD05130}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{BF55007D-8C50-469C-956F-FF58CB2E3280}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DD0260DE-1E98-4801-9231-AB3BF09E3217}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{4755639F-149E-4720-B2BF-154B38F85E43}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{C4AE3490-9DF4-4844-BDDE-F611D1AB14E3}C:\\program files\\azureus\\azureus.exe"= Disabled:UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8F854CD5-6D42-4113-B151-E1BF90EABB19}C:\\program files\\azureus\\azureus.exe"= Disabled:TCP:C:\program files\azureus\azureus.exe:Azureus
"{5ECF18C1-93AF-47A0-BD1A-13363D5DB136}"= Disabled:UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{BF2F778A-1D2F-4A23-ADFD-337B8CA4C321}"= Disabled:TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{B1F2530A-F2B2-4D3F-A6C4-D3E7760053CE}C:\\program files\\utorrent\\utorrent.exe"= Disabled:UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{74740452-FBF1-44BB-98E8-5A78F4E1328C}C:\\program files\\utorrent\\utorrent.exe"= Disabled:TCP:C:\program files\utorrent\utorrent.exe:uTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-05-01 13:04]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 16:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 16:40]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 14:25]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 01:33]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-30 19:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME
*Newly Created Service* - SP_RSDRV2
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-30 18:34:15 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-30 14:40:17 C:\Windows\Tasks\User_Feed_Synchronization-{CA937A42-0DAB-4C5B-B432-45DA98B7E579}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 15:30:30
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-01 15:32:26
ComboFix-quarantined-files.txt 2008-05-01 13:32:04
ComboFix2.txt 2008-05-01 09:34:59

Pre-Run: 64,545,759,232 octets libres
Post-Run: 64,533,078,016 octets libres

300 --- E O F --- 2008-04-30 14:55:00

[#ff3800]voci le rapport hackthis suivant

[#0000ff]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:01, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\yvtmkyje\gtgfcnwv.exe
C:\ProgramData\shchizgx\ytixszyx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [yvtmkyje] C:\ProgramData\yvtmkyje\gtgfcnwv.exe
O4 - HKCU\..\Run: [eM7rl3ne9w] C:\ProgramData\shchizgx\ytixszyx.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\yadine\AppData\Local\Temp\hgGvtsrs.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\yadine\AppData\Local\Temp\urqRJBRj.dll,c
O4 - HKCU\..\Run: [nsuqolqe] C:\ProgramData\nsuqolqe\ynsdonal.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [oabhlrcr] C:\ProgramData\oabhlrcr\relmrqly.exe
O4 - HKCU\..\Run: [55f2f944] rundll32.exe "C:\Users\yadine\AppData\Local\Temp\kteqhjxp.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12112 bytes

Répondre à yannick08200

Créer un nouveau sujet Répondre

Tom's Guide > Forum > Sécurité - Virus > spyware impossible a supprimer

Aller à :

Aide |
Règles du forum

Il y a 872 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Page générée en 0,344 secondes

Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler

Liens