Tom's Guide > Forum > Sécurité - Virus > aide

aide

Forum Sécurité - Virus : aide

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
nizzo   03-12-2008 à 00:54:37

bsr g un probleme avec torjan virtumonde
g telechargé hijackthis et g eu ce raport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:45:21, on 03/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\lxbacoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\fxstaller.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\AxBx\Clean Virus MSN\CleanVirusMSN.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] "C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [Toshiba Registration] "C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] "C:\Windows\fxstaller.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yayaWNef.dll,#1
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/r [...] &site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13823 bytes
je fait koi maitenant????

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
nizzo   03-12-2008 à 12:41:40
- 0 +

g utilise combofix voila le rapport
ComboFix 08-12-01.03 - user 2008-12-03 12:30:20.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1006 [GMT 1:00]
Lancé depuis: c:\users\user\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\fxstaller.exe
c:\windows\System32\eNVwwyay.ini
c:\windows\System32\eNVwwyay.ini2
c:\windows\system32\looVyyay.ini
c:\windows\system32\looVyyay.ini2

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-03 au 2008-12-03 ))))))))))))))))))))))))))))))))))))
.

2008-12-03 01:14 . 2008-12-03 01:14 <REP> d-------- c:\users\All Users\WindowsSearch
2008-12-03 01:14 . 2008-12-03 01:14 <REP> d-------- c:\programdata\WindowsSearch
2008-12-03 00:44 . 2008-12-03 00:44 <REP> d-------- c:\program files\Trend Micro
2008-12-03 00:18 . 2008-12-03 00:18 <REP> d-------- c:\users\All Users\Yahoo! Companion
2008-12-03 00:18 . 2008-12-03 00:18 <REP> d-------- c:\programdata\Yahoo! Companion
2008-12-02 23:57 . 2008-12-02 23:57 33,832 --a------ c:\windows\System32\dxoqrglk.exe
2008-12-02 23:43 . 2008-12-02 23:43 <REP> d-------- c:\program files\Yahoo!
2008-12-02 23:43 . 2008-12-02 23:44 <REP> d-------- c:\program files\CCleaner
2008-12-02 23:18 . 2008-12-02 23:18 33,832 --a------ c:\windows\System32\fssfgiue.exe
2008-12-02 23:01 . 2008-12-02 23:15 <REP> d-------- C:\SDFix
2008-12-02 22:09 . 2008-12-02 22:09 <REP> d-------- c:\users\All Users\PC Tools
2008-12-02 22:09 . 2008-12-02 22:09 <REP> d-------- c:\programdata\PC Tools
2008-12-02 22:09 . 2008-11-17 13:05 12,576 --a------ c:\windows\System32\drivers\TfKbMon.sys
2008-12-02 21:37 . 2008-12-02 23:35 <REP> d-------- C:\MSNCleaner
2008-12-02 20:28 . 2008-12-02 20:28 <REP> d-------- C:\VundoFix Backups
2008-12-02 20:09 . 2008-12-02 21:40 <REP> d-------- c:\program files\MSNFix
2008-12-02 19:19 . 2008-12-02 19:19 <REP> d-------- c:\program files\AxBx
2008-12-01 22:01 . 2008-12-02 01:40 <REP> d-------- c:\users\user\AppData\Roaming\DivX
2008-12-01 21:31 . 2008-12-01 21:31 <REP> d-------- c:\program files\DivX
2008-12-01 21:31 . 2008-12-01 21:31 <REP> d-------- c:\program files\Common Files\PX Storage Engine
2008-12-01 02:50 . 2008-12-01 02:50 <REP> d-------- c:\users\user\AppData\Roaming\PC Tools
2008-12-01 02:50 . 2007-12-10 13:53 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-12-01 02:50 . 2007-12-10 13:53 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-12-01 02:50 . 2008-02-01 11:55 42,376 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-12-01 02:50 . 2007-12-10 13:53 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-12-01 02:14 . 2008-12-01 02:14 0 --ah----- c:\users\Default.LOG2
2008-12-01 02:14 . 2008-12-01 02:14 0 --ah----- c:\users\Default.LOG1
2008-12-01 02:14 . 2008-12-01 02:14 0 --ah----- C:\ProgramData.LOG2
2008-12-01 02:14 . 2008-12-01 02:14 0 --ah----- C:\ProgramData.LOG1
2008-12-01 02:13 . 2008-12-01 11:21 <REP> d-------- c:\program files\Spyware Doctor
2008-12-01 01:18 . 2008-12-01 01:18 164 --a------ C:\install.dat
2008-12-01 00:19 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
2008-12-01 00:18 . 2008-12-01 00:18 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-30 16:50 . 2008-11-30 16:50 <REP> d-------- c:\users\user\AppData\Roaming\skypePM
2008-11-30 16:50 . 2008-11-30 16:50 56 --ah----- c:\windows\System32\ezsidmv.dat
2008-11-30 16:48 . 2008-12-01 11:23 <REP> d-------- c:\users\user\AppData\Roaming\Skype
2008-11-30 16:47 . 2008-11-30 16:47 <REP> d-------- c:\users\All Users\Skype
2008-11-30 16:47 . 2008-11-30 16:47 <REP> d-------- c:\programdata\Skype
2008-11-30 16:47 . 2008-11-30 16:47 <REP> dr------- c:\program files\Skype
2008-11-30 16:47 . 2008-11-30 16:47 <REP> d-------- c:\program files\Common Files\Skype
2008-11-30 00:01 . 2008-11-30 00:01 <REP> d-------- c:\windows\Sun
2008-11-29 16:12 . 2008-12-02 21:01 50 --a------ c:\windows\MegaManager.INI
2008-11-29 16:08 . 2008-11-29 16:08 <REP> d-------- c:\users\user\AppData\Roaming\Megaupload
2008-11-29 15:36 . 2008-11-29 15:36 <REP> d-------- c:\users\user\AppData\Roaming\EmailNotifier
2008-11-29 15:27 . 2008-11-29 16:19 <REP> d-------- c:\users\All Users\Megaupload
2008-11-29 15:27 . 2008-11-29 15:27 <REP> d-------- c:\users\All Users\EmailNotifier
2008-11-29 15:27 . 2008-11-29 16:19 <REP> d-------- c:\programdata\Megaupload
2008-11-29 15:27 . 2008-11-29 15:27 <REP> d-------- c:\programdata\EmailNotifier
2008-11-28 19:04 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-28 19:04 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-28 19:04 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-28 19:04 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-28 19:03 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-27 14:53 . 2008-11-27 22:52 <REP> d-------- c:\program files\NeoSmart Technologies
2008-11-27 14:52 . 2008-11-27 14:52 894,554 --a------ c:\users\Public\EasyBCD 1.7.1.exe
2008-11-25 19:52 . 2008-11-25 19:52 116 --a------ c:\windows\ConverterCore.INI
2008-11-25 19:24 . 2008-12-01 19:36 <REP> d-------- c:\users\user\AppData\Roaming\SolidDocuments
2008-11-25 19:24 . 2008-11-25 19:25 <REP> d-------- c:\program files\SolidDocuments
2008-11-25 19:24 . 2008-11-25 19:24 <REP> d-------- c:\program files\Common Files\SolidDocuments
2008-11-25 18:41 . 2008-11-25 19:23 <REP> d-------- c:\program files\ABBYY FineReader 5.0 Sprint
2008-11-25 02:24 . 2008-11-25 02:26 <REP> d-------- c:\users\user\{8c8b6b79-20cf-45cc-a68b-1e3aec9406e2}
2008-11-25 02:23 . 1997-04-18 11:49 298,496 --a------ c:\windows\unin040c.exe
2008-11-25 01:52 . 2008-11-25 02:07 389 --a------ c:\windows\Lexstat.ini
2008-11-25 01:48 . 2008-11-25 01:53 <REP> d-------- c:\program files\Lexmark X5100 Series
2008-11-24 23:33 . 2008-11-24 23:33 <REP> d-------- c:\program files\SEUCDaS
2008-11-23 14:39 . 2008-11-23 14:39 <REP> d-------- c:\program files\Circle Developement
2008-11-22 21:39 . 2008-11-22 21:39 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 21:39 . 2008-11-22 21:39 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 21:39 . 2008-11-22 21:39 <REP> d-------- c:\program files\iTunes
2008-11-22 21:39 . 2008-11-22 21:39 <REP> d-------- c:\program files\iPod
2008-11-22 21:37 . 2008-11-22 21:38 <REP> d-------- c:\program files\QuickTime
2008-11-14 22:19 . 2008-11-14 22:19 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-11-14 22:19 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-11-14 22:19 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-11-14 21:19 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-14 21:19 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-14 21:19 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-14 21:19 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-14 21:19 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-14 21:17 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-11-14 21:17 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-14 21:17 . 2008-09-03 04:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-11-14 21:17 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-14 21:17 . 2008-09-03 04:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 11:25 --------- d---a-w c:\programdata\TEMP
2008-12-01 14:32 --------- d-----w c:\program files\Windows Live
2008-12-01 14:31 --------- d-----w c:\program files\Valve
2008-11-30 23:12 --------- d-----w c:\programdata\WLInstaller
2008-11-29 15:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 13:08 --------- d-----w c:\program files\Safari
2008-11-26 22:36 --------- d-----w c:\users\user\AppData\Roaming\dvdcss
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-23 13:38 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-22 20:39 --------- d-----w c:\program files\Common Files\Apple
2008-11-22 12:41 --------- d-----w c:\users\user\AppData\Roaming\LimeWire
2008-11-15 06:15 --------- d-----w c:\program files\Windows Mail
2008-11-15 02:08 --------- d-----w c:\programdata\Microsoft Help
2008-10-30 19:24 --------- d-----w c:\program files\Skuld iPod Converter
2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\System32\DivX.dll
2008-10-26 14:56 --------- d-----w c:\users\user\AppData\Roaming\LuckaSoft
2008-10-24 17:27 --------- d-----w c:\users\user\AppData\Roaming\Ahead
2008-10-23 14:10 --------- d-----w c:\program files\DAEMON Tools Toolbar
2008-10-23 13:58 --------- d-----w c:\users\user\AppData\Roaming\Nero
2008-10-23 13:56 --------- d-----w c:\program files\Common Files\Nero
2008-10-23 13:54 --------- d-----w c:\programdata\Nero
2008-10-23 13:54 --------- d-----w c:\program files\Nero
2008-10-23 13:38 --------- d-----w c:\program files\Your Uninstaller 2008
2008-10-23 09:48 --------- d-----w c:\program files\TOSHIBA
2008-10-23 00:17 --------- d-----w c:\users\user\AppData\Roaming\URSoft
2008-10-23 00:03 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-23 00:03 22,328 ----a-w c:\users\user\AppData\Roaming\PnkBstrK.sys
2008-10-23 00:03 --------- d-----w c:\programdata\Ubisoft
2008-10-23 00:02 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-10-23 00:02 2,337,865 ----a-w c:\windows\System32\pbsvc.exe
2008-10-23 00:02 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2008-10-22 23:46 --------- d-----w c:\program files\Ubisoft
2008-10-22 21:47 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-22 21:47 --------- d-----w c:\users\user\AppData\Roaming\DAEMON Tools
2008-10-20 21:13 --------- d-----w c:\program files\LuckaSoft
2008-10-18 05:56 --------- d-----w c:\users\user\AppData\Roaming\U3
2008-10-17 18:27 19,202,056 ----a-w c:\users\Public\vpsupd.exe
2008-10-15 17:34 --------- d-----w c:\program files\Microsoft Visual Studio .NET
2008-10-13 20:11 --------- d-----w c:\users\user\AppData\Roaming\MathWorks
2008-10-13 19:45 --------- d-----w c:\program files\MATLAB
2008-10-09 18:14 --------- d-----w c:\users\user\AppData\Roaming\vlc
2008-10-09 11:59 --------- d-----w c:\program files\Sun
2008-10-09 11:58 --------- d-----w c:\program files\Java
2008-10-09 10:59 --------- d-----w c:\program files\Bonjour
2008-10-06 19:57 --------- d-----w c:\program files\NetBeans 6.0
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-10 03:40 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-07-18 10:31 174 --sha-w c:\program files\desktop.ini
2008-08-25 00:53 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-25 00:53 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-25 00:53 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-09-03 4702208]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-01 1107848]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3933709D-D08B-4225-9458-7F9148BDFD6C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7367BE22-F9DD-44B9-BF00-0E33C78F49E4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{9723C587-57F5-4F86-95AD-4CAC35AB9150}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{203EA9F5-B5E9-4038-A0BA-841F55B2C2BE}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{884D0236-4F93-4805-A9CB-87AAE8704101}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\french\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"UDP Query User{7B1A8A08-67EA-4791-B76B-4F08DC961C33}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\french\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"TCP Query User{7D691F32-CBB9-4AA1-99BE-5E0904992B53}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7FCE21E4-F45E-4C3C-95DE-1F69718B04E2}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DC62A464-0395-4A75-93FC-AE65DB5E804B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{81DCD9D5-A73F-4A20-BCA9-76F72F13CA68}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{16FF35E0-603F-412E-ADF4-C383653DF969}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{2D8B81D7-FE41-40FF-B621-B2CEEF50A2F7}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{DFB8BF6A-874C-45FA-831E-2D64C7F8031A}c:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:c:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"UDP Query User{E6BB6367-DC46-4457-9F38-804C2D3505D8}c:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:c:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"TCP Query User{8B169AD8-D48E-4674-AC20-8A7E28427E32}c:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:c:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"UDP Query User{4ED1FA09-F984-4F5B-9E27-A98CD5874055}c:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:c:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"TCP Query User{572A9C6A-B03A-4F04-8581-1B41991D056C}c:\\program files\\pd\\bin\\pd.exe"= UDP:c:\program files\pd\bin\pd.exe:pd
"UDP Query User{E816905C-628B-449E-AA2B-CCE305E6A344}c:\\program files\\pd\\bin\\pd.exe"= TCP:c:\program files\pd\bin\pd.exe:pd
"TCP Query User{9706FCC9-B3CC-4718-B295-49483BF40664}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{977779E3-16DC-401F-93A6-92E3F56CFD2A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{17F014EF-035F-4899-925E-58B64F1B8416}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{90F0575B-CEAD-4F0F-900E-11C6FAEE5EC4}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{54BB51F8-41B7-40A7-B728-4BE579252180}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{815920A3-8CA2-40F8-8C0D-813C1F3A6030}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D2D66015-04D1-4007-8FD4-10134A1BFFEE}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{5CFCE66A-54ED-49DC-8220-DA431506F223}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BF55EE47-46EB-4FD7-9A47-4650B00A849D}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{CCAE8065-0C3A-47CE-96F4-375077F334BD}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{E4CCB6C8-A02B-48C3-AD21-0D1B6416AEB2}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{51061CCB-8962-456E-854D-6AE5048DA4A5}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{14F6080B-BBD5-45A8-920C-24A79A2386CE}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{623EFD64-D19C-4653-B56D-9290F42320AB}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{4FF6297D-4BE4-4CAF-9916-545E0E58310D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{910BDA22-73C0-4BAD-93B9-BCDB8332A251}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2D193707-C177-461A-AB3C-9A105865077D}"= UDP:c:\windows\System32\lxbacoms.exe:Lexmark Communications System
"{38A3FC1A-3F72-431F-9210-D10468C2E99C}"= TCP:c:\windows\System32\lxbacoms.exe:Lexmark Communications System
"{5922DEBF-9263-4959-9B8B-8AB0670CFE5C}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbapswx.exe:Printer Status Window
"{D18118AE-3AE6-4F54-8FA9-5C35BD362F96}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbapswx.exe:Printer Status Window
"TCP Query User{D9503405-B0A0-4827-A069-4030FBEEE950}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{53A5F95C-6FDB-4D8C-B12C-1E611C82C20E}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"{9D6ECD7C-348F-4AFE-AC3D-7E40D4A4EAD7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0EA17E44-BA45-4402-89C6-6FF960BD2970}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {A99EA07E-96DF-41BA-8D87-9762425B111C}

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-09 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-09 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-10-09 51792]
R2 lxba_device;lxba_device;c:\windows\system32\lxbacoms.exe -service []
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE []
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-01 337800]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-10-15 3077632]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service []
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\cmusbser.sys [2008-08-13 97408]
S4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e1a7747-17aa-11dd-8f05-001b38b6e84b}]
\shell\AutoRun\command - yo2mq6.exe
\shell\explore\Command - yo2mq6.exe
\shell\open\Command - yo2mq6.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e1a77c3-17aa-11dd-8f05-001b38b6e84b}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e1a7817-17aa-11dd-8f05-001b38b6e84b}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fbb6999-fce6-11dc-831f-001b38b6e84b}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24e133a3-07cb-11dd-89bb-001cbfaf979b}]
\shell\AutoRun\command - D:\xo8wr9.exe
\shell\explore\Command - D:\xo8wr9.exe
\shell\open\Command - D:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{296b8c92-692a-11dd-9ae6-001b38b6e84b}]
\shell\AutoRun\command - d:\.\ShowModem.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31cf98e0-00dc-11dd-9794-001cbfaf979b}]
\shell\AutoRun\command - D:\xih9.cmd
\shell\explore\Command - D:\xih9.cmd
\shell\open\Command - D:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3861a41d-962c-11dd-8d2d-001cbfaf979b}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ccaf607-0aec-11dd-9790-001cbfaf979b}]
\shell\AutoRun\command - D:\d6fagcs8.cmd
\shell\explore\Command - D:\d6fagcs8.cmd
\shell\open\Command - D:\d6fagcs8.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50310893-1cdb-11dd-8712-001cbfaf979b}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55f34ca9-03fc-11dd-90ea-001b38b6e84b}]
\shell\AutoRun\command - oufddh.exe
\shell\explore\Command - oufddh.exe
\shell\open\Command - oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e699016-84d8-11dd-ac0a-001cbfaf979b}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NetMonster.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83ce98eb-1f5c-11dd-ba37-f47413154a78}]
\shell\AutoRun\command - v.com
\shell\explore\Command - v.com
\shell\open\Command - v.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{912e6e47-fe7a-11dc-b5c6-001cbfaf979b}]
\shell\AutoRun\command - D:\oufddh.exe
\shell\explore\Command - D:\oufddh.exe
\shell\open\Command - D:\oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95ce1e71-07be-11dd-b3f9-001cbfaf979b}]
\shell\AutoRun\command - xo8wr9.exe
\shell\explore\Command - xo8wr9.exe
\shell\open\Command - xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a75722b4-3598-11dd-9124-001b38b6e84b}]
\shell\AutoRun\command - ln9.exe
\shell\explore\Command - ln9.exe
\shell\open\Command - ln9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9741e13-fcf8-11dc-8f2f-9f7657496829}]
\shell\AutoRun\command - G:\0u.cmd
\shell\explore\Command - G:\0u.cmd
\shell\open\Command - G:\0u.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d55b8b0d-1206-11dd-b4c9-001b38b6e84b}]
\shell\AutoRun\command - G:\2ifetri.cmd
\shell\explore\Command - G:\2ifetri.cmd
\shell\open\Command - G:\2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2a65d4a-2e3f-11dd-9bbe-001cbfaf979b}]
\shell\AutoRun\command - wscript.exe .\.vbs
\shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2c44c54-4362-11dd-a3c5-ff1d5cebf324}]
\shell\AutoRun\command - D:\n6t1h.cmd
\shell\explore\Command - D:\n6t1h.cmd
\shell\open\Command - D:\n6t1h.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f570992c-0a0d-11dd-b3e4-001cbfaf979b}]
\shell\AutoRun\command - mgjpcfdg.cmd
\shell\explore\Command - mgjpcfdg.cmd
\shell\open\Command - mgjpcfdg.cmd

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-12-02 c:\windows\Tasks\User_Feed_Synchronization-{68564FE2-CFBE-409B-98A0-BEB845E7BD93}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-HWSetup - \HWSetup.exe
HKLM-Run-MSServer - c:\windows\system32\yayaWNef.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\icgf0mt6.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 12:34:57
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-03 12:37:23
ComboFix-quarantined-files.txt 2008-12-03 11:37:18

Avant-CF: 55 952 687 104 octets libres
Après-CF: 55,706,025,984 octets libres

392 --- E O F --- 2008-11-29 02:02:20

Répondre à nizzo
nizzo   03-12-2008 à 12:42:21
- 0 +

je fait koi ?????
de l'aide svp

Répondre à nizzo
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > aide
Aller à :

Il y a 308 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,355 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens