Sujet Précédent Sujet Suivant

Rootkit Fichier caché.

Kira -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
je viens chercher de l'aide car en effet AVG 8.0, fonctin Anti-Rootkit m'a détecté un Rootkit qui malheurseusement n'est pas supprimable, c'est un "Pilote Masqué" et plus ennyeux c'est qu'il change de nom a chaque nouvelle analyse...
De plus il semble avoir affecté mon lecteur CD/DVD qui réagit lorsque j'insère un CD mais qui ne s'affiche pas sur l'ordi...
Si quelqu'un pouvait me sauver...
A voir également:

73 réponses

Précédent
Réponse 41 / 73
Kira
 
y'a vraiment rien a faire?
0
Réponse 42 / 73
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
on va refaire:

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 43 / 73
Kira
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by Step at 2009-02-07 20:17:39
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 13 GB (18%) free of 75 GB
Total RAM: 893 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19, on 2009-02-07
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\vVX1000.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Users\Step\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Step\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Step\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Users\Step\Downloads\RSIT.exe
C:\Program Files\trend micro\Step.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fhome.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Step\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Step\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 44 / 73
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_____________________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver ::
awiugvj5
File::
C:\Windows\system32\drivers\awiugvj5.sys

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 73
Kira
 
ComboFix 09-02-06.04 - Step 2009-02-07 21:22:12.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.893.206 [GMT 1:00]
Lancé depuis: c:\users\Step\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Step\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\drivers\awiugvj5.sys
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-07 au 2009-02-07 ))))))))))))))))))))))))))))))))))))
.

2009-02-07 21:12 . 2009-02-07 21:13 153,372,961 --a------ c:\windows\MEMORY.DMP
2009-02-04 18:22 . 2009-02-05 20:51 <REP> d-------- c:\program files\Common Files\Softwin
2009-02-04 18:04 . 2009-02-04 18:04 <REP> d-------- C:\_OTMoveIt
2009-02-02 13:10 . 2009-02-07 14:21 <REP> d-------- c:\program files\Panda Security
2009-02-02 13:02 . 2009-02-05 21:15 <REP> d-------- c:\windows\BDOSCAN8
2009-02-02 12:59 . 2009-02-07 14:19 <REP> d-------- c:\program files\Sophos
2009-02-02 12:34 . 2009-02-05 21:15 <REP> d-------- c:\program files\Navilog1
2009-02-01 20:20 . 2009-02-05 21:15 <REP> d-------- C:\ToolBar SD
2009-02-01 19:47 . 2009-02-01 19:48 <REP> d-------- C:\rsit
2009-02-01 19:47 . 2009-02-07 20:17 <REP> d-------- c:\program files\trend micro
2009-02-01 01:43 . 2009-02-01 01:43 <REP> d-------- c:\users\Step\AppData\Roaming\Malwarebytes
2009-02-01 01:42 . 2009-02-01 01:42 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-01 01:42 . 2009-02-01 01:42 <REP> d-------- c:\programdata\Malwarebytes
2009-02-01 01:42 . 2009-02-02 20:31 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-01 00:10 . 2009-02-01 16:43 250 --a------ c:\windows\gmer.ini
2009-01-24 05:24 . 2009-02-05 21:15 <REP> d-------- c:\program files\aquaplay
2009-01-23 20:26 . 2009-02-05 20:04 <REP> d-------- c:\users\All Users\Sports Interactive
2009-01-23 20:26 . 2009-02-05 20:04 <REP> d-------- c:\programdata\Sports Interactive
2009-01-23 20:24 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-01-23 20:24 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-01-23 20:24 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-01-23 20:24 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-01-23 20:24 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-01-23 20:24 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-01-23 20:24 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-01-23 20:24 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-01-23 20:24 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-01-23 20:24 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-01-23 19:14 . 2009-02-05 21:15 <REP> d-------- c:\program files\Common Files\Steam
2009-01-23 19:13 . 2009-02-05 21:15 <REP> d-------- c:\program files\Steam
2009-01-15 18:12 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 20:49 . 2009-01-13 20:49 <REP> d-------- c:\users\Step\AppData\Roaming\aAvgApi

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 20:23 --------- d-----w c:\program files\Paint.NET
2009-02-05 20:15 --------- d-----w c:\users\Step\AppData\Roaming\DAEMON Tools
2009-02-05 20:15 --------- d-----w c:\users\Step\AppData\Roaming\Azureus
2009-02-05 20:15 --------- d-----w c:\program files\Windows Defender
2009-01-24 04:45 --------- d-----w c:\users\Step\AppData\Roaming\Sports Interactive
2009-01-23 18:09 --------- d-----w c:\program files\Sports Interactive
2009-01-21 20:30 --------- d-----w c:\program files\Azureus
2009-01-15 16:58 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-12 20:18 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-12 20:18 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-12 20:18 --------- d-----w c:\programdata\avg8
2009-01-12 20:17 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-11 16:00 --------- d-----w c:\program files\Common Files\Adobe
2009-01-11 12:23 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-31 13:55 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-30 14:56 --------- d-----w c:\users\Step\AppData\Roaming\InterVideo
2008-12-28 12:35 --------- d-----w c:\programdata\Messenger Plus!
2008-12-28 11:55 --------- d-----w c:\users\Step\AppData\Roaming\Canneverbe_Limited
2008-12-28 11:54 --------- d-----w c:\program files\CDBurnerXP
2008-12-28 10:32 --------- d-----w c:\users\Step\AppData\Roaming\Ahead
2008-12-28 10:10 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 10:10 --------- d-----w c:\program files\Microsoft Reader
2008-12-28 10:03 --------- d-----w c:\users\TEMP\AppData\Roaming\ATI
2008-12-28 00:46 --------- d-----w c:\program files\BitTorrent
2008-12-28 00:24 --------- d-----w c:\program files\iPod
2008-12-28 00:24 --------- d-----w c:\program files\Bonjour
2008-12-28 00:21 --------- d-----w c:\program files\Windows Sidebar
2008-12-28 00:21 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-28 00:21 --------- d-----w c:\program files\SplitCam
2008-12-28 00:21 --------- d-----w c:\program files\QuickTime
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft Sync Framework
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft
2008-12-27 23:47 --------- d-----w c:\users\Step\AppData\Roaming\Apple Computer
2008-12-27 23:46 --------- d-----w c:\program files\iTunes
2008-12-27 23:46 --------- d-----w c:\program files\Common Files\Apple
2008-12-27 23:45 --------- d-----w c:\programdata\Apple Computer
2008-12-27 23:37 --------- d-----w c:\program files\Apple Software Update
2008-12-27 21:16 --------- d-----w c:\programdata\ma-config.com
2008-12-27 21:16 --------- d-----w c:\program files\ma-config.com
2008-12-18 10:57 --------- d-----w c:\program files\Windows Live
2008-12-18 09:45 --------- d-----w c:\program files\Windows Mail
2008-12-18 09:06 --------- d-----w c:\program files\Yahoo!
2008-12-17 20:10 --------- d-----w c:\programdata\WLInstaller
2008-12-17 19:25 174 --sha-w c:\program files\desktop.ini
2008-12-17 19:12 --------- d-----w c:\program files\Windows Calendar
2008-12-17 19:11 --------- d-----w c:\program files\Windows Collaboration
2008-12-17 18:38 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-17 18:38 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-17 14:58 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-17 14:57 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-17 14:45 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-17 14:34 --------- d-----w c:\program files\Common Files\Windows Live
2008-12-08 16:01 55,264 ----a-w c:\windows\system32\drivers\fssfltr.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-06-25 17:58 1,664,591 ----a-w c:\users\2007\pf-setup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-07_20.59.53.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-07 08:33:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-07 20:12:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-07 08:33:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-07 20:12:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-07 08:36:59 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-07 20:14:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-07 20:14:20 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-07 09:18:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-07 20:14:26 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-07 20:14:26 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-07 19:49:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-07 20:20:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-07 19:49:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-07 20:20:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-07 19:49:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-07 20:20:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-07 14:26:44 101,556 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-07 20:20:19 101,556 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-07 14:26:44 123,896 ----a-w c:\windows\System32\perfc00C.dat
+ 2009-02-07 20:20:19 123,896 ----a-w c:\windows\System32\perfc00C.dat
- 2009-02-07 14:26:44 587,484 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-07 20:20:19 587,484 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-07 14:26:44 669,890 ----a-w c:\windows\System32\perfh00C.dat
+ 2009-02-07 20:20:19 669,890 ----a-w c:\windows\System32\perfh00C.dat
- 2009-02-07 08:37:51 13,546 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3104662218-1256191170-3440181771-1002_UserData.bin
+ 2009-02-07 20:15:09 13,782 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3104662218-1256191170-3440181771-1002_UserData.bin
- 2009-02-07 08:37:49 70,176 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-07 20:15:09 70,230 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Google Update"="c:\users\Step\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-20 77824]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-12 1601304]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\2007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\Step\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-17 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2009-01-23 19:15 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5FD91A4C-4DB7-4928-B53A-6D5FC34295DB}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{419DCCF4-F449-4FAA-9255-14B244D9CD47}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{6DF018C9-6C18-4C79-AA7D-1E3C34979C0B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{1B957FE3-F7B2-45B8-B14B-20E8D8BF36E3}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"TCP Query User{BBBE5863-238E-4B75-8719-4F5342394360}c:\\users\\2007\\appdata\\local\\temp\\rar$ex00.171\\emule\\emule.exe"= UDP:c:\users\2007\appdata\local\temp\rar$ex00.171\emule\emule.exe:emule.exe
"UDP Query User{67500115-DC8F-4C89-BA3C-A4744AD4E436}c:\\users\\2007\\appdata\\local\\temp\\rar$ex00.171\\emule\\emule.exe"= TCP:c:\users\2007\appdata\local\temp\rar$ex00.171\emule\emule.exe:emule.exe
"TCP Query User{9CEF591D-A89A-4C92-BAEB-0D3CB26BD49F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{4B70F833-BC74-460F-9282-3FB9FB9BB736}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F56905EA-E544-4CC3-AB7E-EE1214E1E8CC}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{F78F6B5B-FEF5-47C6-A315-7DE628CA3D75}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{D7C874C2-43D8-479E-8B7A-AB41451EEF90}"= Disabled:UDP:c:\program files\fm.exe:Football Manager 2008
"{5B3DCBAC-B132-46F6-9393-B35D886DC396}"= Disabled:TCP:c:\program files\fm.exe:Football Manager 2008
"TCP Query User{20EDBEE9-47B9-4FDB-A3B1-41A241D2A7FE}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{9521B02B-9AC6-4227-8949-0E57CEB5B2B8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{161C8511-8AA2-4B90-98E3-4E7160E5F9E8}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{F4AA48FC-F466-4A90-9A76-9EA89684E16E}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{39F9BBEB-2BC8-43E3-BB42-FBCBCDCA3EAD}c:\\program files\\ppmate\\ppmate\\ppmate.exe"= UDP:c:\program files\ppmate\ppmate\ppmate.exe:PPMate P2P TV
"UDP Query User{ACBAF6E3-97E3-45CB-8842-CAE637A0EF29}c:\\program files\\ppmate\\ppmate\\ppmate.exe"= TCP:c:\program files\ppmate\ppmate\ppmate.exe:PPMate P2P TV
"TCP Query User{2A05CA98-2A5A-4F74-9CEF-7672D26610B5}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{75F44963-AB3D-44C1-A755-9B8940C9C4AB}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{9DDA4A41-30BD-4196-85D0-9EA7DB44F854}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6763BFB0-A49B-4277-A9CE-A19578701E25}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{38713D86-3CA7-499A-9B2A-14AF270526B4}c:\\users\\2007\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\2007\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{299B3A3B-3B1C-4974-8F50-0153917864D8}c:\\users\\2007\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\2007\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{0D9D7D59-AADB-4947-87D4-98C717CDE973}c:\\users\\2007\\appdata\\local\\temp\\rar$ex02.766\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= UDP:c:\users\2007\appdata\local\temp\rar$ex02.766\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"UDP Query User{6DF04E2B-4701-4509-8054-4AE12924940E}c:\\users\\2007\\appdata\\local\\temp\\rar$ex02.766\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= TCP:c:\users\2007\appdata\local\temp\rar$ex02.766\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"TCP Query User{17A35D09-AE7C-4F5C-B13D-FC286C30EF4D}c:\\users\\2007\\desktop\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= UDP:c:\users\2007\desktop\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"UDP Query User{9A5627BA-9821-424D-8218-EF7212B6654F}c:\\users\\2007\\desktop\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= TCP:c:\users\2007\desktop\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"{41459E7D-92F3-4E24-8F71-D5C96095655D}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{13B6E290-630B-4DA0-84A9-1F716AFFAB55}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{A4673DA1-B535-40B4-94BC-1C31865E8EA3}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{620635BF-FE10-4A5E-8303-A28AC3A25581}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{55EE90A1-CE93-47BB-AE27-65FE0F2B89CA}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{414DF850-822B-4472-A942-E2B9C9F47B22}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{FCF6337D-B51F-488B-8F32-325683A80121}c:\\program files\\x-chat 2\\xchat.exe"= UDP:c:\program files\x-chat 2\xchat.exe:X-Chat IRC Client
"UDP Query User{86EF4704-CDAE-4FFC-A2E3-2233AA84B20B}c:\\program files\\x-chat 2\\xchat.exe"= TCP:c:\program files\x-chat 2\xchat.exe:X-Chat IRC Client
"{8EE34478-C877-4132-8760-01BA327FEEA2}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A2A9274B-85DB-4921-A9B9-0AB54253676B}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{84BD71E7-5322-40FC-9D41-75009201E747}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{CCE87925-0BEA-4C21-A2C2-36BB72ECC53A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{EB21003F-AFFE-4796-9980-E3DA1E3D189F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{5DDEEE1B-4615-4B66-AFCE-91AD14CEEFD8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D21EC17D-59F9-4560-AF55-965F1D2F1680}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{5967084E-B8D9-4D40-AFE7-3EA8E4830CA3}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= c:\program files\PPMate\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\uusee\\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-11-15 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-11-15 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-11-15 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-12 298264]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2008-12-18 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenu du dossier 'Tâches planifiées'

2009-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3104662218-1256191170-3440181771-1002.job
- c:\users\Step\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-18 11:19]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/home.php
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 21:28:21
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????P?Qe?U??0???X?????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-02-07 21:33:08
ComboFix-quarantined-files.txt 2009-02-07 20:32:59
ComboFix2.txt 2009-02-02 14:04:21

Avant-CF: 13,447,319,552 octets libres
Après-CF: 13,244,776,448 octets libres

279 --- E O F --- 2009-02-06 16:22:08
0
Réponse 46 / 73
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
c'est bon ou pas cette fois?
0
Réponse 47 / 73
Kira
 
Non il est encore et toujours trouvé par AVG ...
0
Réponse 48 / 73
Kira
 
Eh bien je préviens que je pars en vacances, ainsi je ne pourrais répondre avant samedi prochain. (le 14)
0
Réponse 49 / 73
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok tu collera un rapport AVG pour voir
0
Réponse 50 / 73
Kira
 
https://imageshack.com/

Voilà

ou

[URL=https://imageshack.com/][IMG]http://img12.imageshack.us/img12/3123/avgrslib1.jpg[/IMG][/URL]
[URL=http://g.imageshack.us/img12/avgrslib1.jpg/1/][IMG]http://img12.imageshack.us/img12/avgrslib1.jpg/1/w1280.png[/IMG][/URL]
0
Réponse 51 / 73
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
il faut le nom complet du fichier infecté

donne le svp
0
Réponse 52 / 73
Kira
 
https://imageshack.com/
0
Réponse 53 / 73
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:services
amhoiqo
:files
c:\windows\system32\Drivers\amhoiqo.sys
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
Réponse 54 / 73
Kira
 
Merci de ta patience Jlpjlp...
Malheureusement nouveau scan avec AVG ce matin même et :

https://imageshack.com/
0
Réponse 55 / 73
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
il faut coller le rapport

____________

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:services
amhoiqo
ackxxyqt
:files
c:\windows\system32\Drivers\amhoiqo.sys
c:\windows\system32\Drivers\ackxxyqt.sys
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
Réponse 56 / 73
Kira
 
========== SERVICES/DRIVERS ==========
Unable to stop service amhoiqo .
Unable to stop service ackxxyqt .
========== FILES ==========
File/Folder c:\windows\system32\Drivers\amhoiqo.sys not found.
File/Folder c:\windows\system32\Drivers\ackxxyqt.sys not found.
========== COMMANDS ==========
File delete failed. C:\Users\Step\AppData\Local\Temp\hsperfdata_Step\5796 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\0344890f-2bbf-4b4d-baf5-aa89a51b8942.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\06fd00f1-1bda-4958-9a04-e5d633bdabed.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\08293b17-f9dd-43cf-a5a5-cfc43db7c88a.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\0e3f7bc9-8b37-4ee6-bad8-a3024f15ee57.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\0fc3cdee-bfdc-4776-84b4-8a88fe7bdbe5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\117e6c6f-b4eb-411e-bec6-aaf7d0f69eca.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\1486010b-aeef-4e6e-95cd-90b52d7f09d6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\15e17546-dcec-4f3e-bcaf-83334e6df035.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\16206712-7d28-4571-a136-7a53cf73ae3a.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\1788025f-5bdd-4557-91a0-6c91fcd9d266.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\19e920f7-adcf-4c1c-86a4-e63f8e7f3ebf.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\1c1a1d8e-7fcb-4dd5-b2dc-08b5ce14c0b9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\1d15c231-f42b-437e-a77f-edee7bd6af96.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\1e02cfac-3668-4534-8fc5-3cbe74cfbab9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\2007e9f1-83ba-4e6b-a6de-ab58c60bbaa8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\229acb5d-686e-4856-97d1-de779fc5286c.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\39307130-a2ae-4043-9418-14ba24418bba.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\3b987ad7-e6b4-4da5-a53c-e21d12b5fb8e.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\3c14b38f-3e15-44ff-bb7e-4009f120d22e.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\3dbe2c3c-6f60-428b-b3c1-bc4b8f9cd830.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\40393d56-c9a7-4a8a-8e7a-fe0b49d410b2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\4121b77e-0498-46d9-897c-8ec54af241af.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\41d0c0cb-0674-4f4d-84a7-99a1df52e613.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\44295a9b-10f8-491e-85dc-e29bc14aeebb.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\455e09d5-f72b-45db-8ac4-b4bb12fae7e5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\472a5e15-29b8-4880-a356-18b8537cc0a6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\4a1cc986-70fc-4c11-b4ca-77d10d2d43cd.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\4ece81c3-1e1d-4c99-a236-de6d5d27af54.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\566d02a2-d963-43f8-a8bf-370818d09e3e.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\5958ca96-7aec-48eb-b1dd-8fccca9afcd3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\5d769c85-afb5-422d-aba2-18995b7091c0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\5db7d998-dcb9-4461-8d43-207e729f6eaa.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\6219bbb2-a5f7-4b03-934b-1d28ee9a8d03.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\64719b5f-b966-43d2-80fa-ed1ce6353699.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\64cd4a99-85a3-460d-aaf8-49990fe764d0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\68d6d822-c020-4247-a91c-aa3e38dd22e3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\6ff064cf-268b-4da2-8431-219b3e4da9ac.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\703e1346-4669-4dab-a009-2443422319d9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\7421bfe6-9783-456b-9893-88a979dfdc45.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\742edb71-4aa2-4569-a58a-c3526695b578.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\76a159b5-8611-46b9-bfdf-5b0134da18fb.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\7ac17ad1-b7f3-49b6-b33c-9561e64550eb.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\7b5f7cfa-6ff4-4dd7-8761-47a8ba91d8cd.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\7b73128c-4dee-4e95-bfb2-f490c76d493d.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\7ca1f5a6-ba79-473a-a869-780465a7668a.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\7e215496-ae7c-46fb-91e1-a75e91a54fcb.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\812bda79-84de-4cbb-b6a1-ba90a0e91434.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\81302c0f-0e8a-4efc-81cc-8cd880503964.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\81932e9a-8c43-465a-9702-090caefaeb46.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\834ea858-4108-49e4-bfee-8fd4bb515fb6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\895b26f5-2629-4b94-9821-798d2a3230e8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\8b9378fe-3cc6-498a-986c-22dc8b95249f.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\9601c946-7e3b-460b-be97-a659cb412d71.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\974641ad-0221-4c15-9e1b-8803f8db1ffb.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\97950f34-3743-423f-a0b1-8dc1fe2aaa0f.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\9ac1294b-07dc-44d5-a40d-408e2550afe0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\9fafeae7-158b-48d7-96d0-2f9ce7bec112.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\9ff909f1-a149-4b76-a15d-def29fcbdd51.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\a17dbb7d-f3c9-4095-b050-09be328d05f0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\a7a8e2ed-5282-49a3-b978-a58d35103bf8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\a8a2e189-92e8-46fb-a4bc-e40edff3cfdd.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ab25951b-b93c-4e38-8d01-3a04f91111a8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\b0a6505f-fa06-4eae-843f-c9aa79e683b0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\b26e3033-c106-4d13-b5b2-7f7cc4e48ea0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\bc10de03-16c6-40f3-9429-6f3f1628dfe6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\bc17b3cb-efae-4b44-ab43-4168c4aab452.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\bc323d06-5eed-4d98-8815-46589d10e604.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cc33fb98-131d-44ee-be51-4266424622c9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ccb03b25-3937-4b22-8643-ffe45e24245b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\d4ccbfbf-e5f7-43a8-a8ef-bc1d50a70047.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\d55a4f8f-6552-4af4-94ec-28d4a2f72f92.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\d5ea1e18-9a30-4dc9-87a7-ed1ac3aafdde.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\db5003a8-ad36-4df1-b051-c1ac6a21d711.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\e0b66e88-a67a-4a83-ad40-c335193151ae.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\e5eaaa73-b214-4bcc-bbf9-caa7d4f1ddbe.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\e5f91237-2c10-4c49-b305-cbf6acd998f2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\e7c5be89-b478-4da0-a73f-1e773d6a9282.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\e823829f-4550-4cce-b83d-93ce1a2d3f97.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\e841e033-1883-430c-a3d8-bf29fdf5a307.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ea319a10-4cac-4194-9417-f45ecf5b4a36.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\edfae5d9-0fa9-493f-9f78-73a2e4211236.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ee064a08-9c29-415a-ae98-d90818c31e2c.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\eee653fb-6769-4400-9182-f635d83bdc8c.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f2714296-32c3-4297-9fed-803f8753762a.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f3816969-f1ad-4071-8242-5b779cac32f1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f4048a4a-c31c-452b-b831-d75f0c2c86b8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f5254253-965a-45c0-9548-89e81a866da5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f553a7d1-956e-4434-9c07-137b4e9d86be.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f7fffc76-a865-4145-84b8-79902ce098a9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fb49f1b5-e4d4-422d-ba56-286f1894ecf1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fcf97554-b2d8-4019-9c2b-e95cf198de0d.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fe1b6bf4-98e3-4d5c-bab6-2e71558c7197.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fef5578e-44bb-4ef2-9036-f70c32427dbd.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile01.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile02.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile03.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile04.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpSigStub.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP0000000D2E9B9DC52984B950 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\VisioCA.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02162009_195120
0
Réponse 57 / 73
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\windows\system32\Drivers\amhoiqo.sys
Driver ::
amhoiqo

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_________________

lance AVG antirootkit et vire ce qui est trouvé:
http://www.commentcamarche.net/telecharger/telecharger 34055015 avg anti rootkit
https://www.clubic.com/telecharger-fiche34515-avg-anti-rootkit.html
0
Réponse 58 / 73
Kira
 
ComboFix 09-02-15.01 - Step 2009-02-17 3:14:42.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.893.122 [GMT 1:00]
Lancé depuis: c:\users\Step\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Step\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\Drivers\amhoiqo.sys
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-17 au 2009-02-17 ))))))))))))))))))))))))))))))))))))
.

2009-02-17 03:08 . 2009-02-17 03:08 <REP> d-------- C:\32788R22FWJFW.0.tmp
2009-02-16 16:05 . 2009-02-16 16:05 <REP> d-------- c:\users\Step\AppData\Roaming\OpenOffice.org
2009-02-16 15:56 . 2009-02-16 15:56 <REP> d-------- c:\program files\OpenOffice.org 3
2009-02-15 23:54 . 2009-02-15 23:54 0 --ah---t- c:\windows\wusa.lock
2009-02-15 23:53 . 2009-02-16 20:01 <REP> d-------- C:\edfe6c060c8fb4b80e95eb6092f8
2009-02-08 21:53 . 2009-02-14 19:25 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-08 21:53 . 2009-02-14 19:25 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-08 21:53 . 2009-02-15 00:06 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-08 21:48 . 2009-02-15 00:06 <REP> d-------- c:\program files\eMule
2009-02-08 10:16 . 2009-02-08 10:16 <REP> d-------- c:\users\All Users\Yahoo! Companion
2009-02-08 10:16 . 2009-02-08 10:16 <REP> d-------- c:\programdata\Yahoo! Companion
2009-02-04 18:22 . 2009-02-05 20:51 <REP> d-------- c:\program files\Common Files\Softwin
2009-02-04 18:04 . 2009-02-04 18:04 <REP> d-------- C:\_OTMoveIt
2009-02-02 13:10 . 2009-02-07 14:21 <REP> d-------- c:\program files\Panda Security
2009-02-02 13:02 . 2009-02-05 21:15 <REP> d-------- c:\windows\BDOSCAN8
2009-02-02 12:59 . 2009-02-07 14:19 <REP> d-------- c:\program files\Sophos
2009-02-02 12:34 . 2009-02-05 21:15 <REP> d-------- c:\program files\Navilog1
2009-02-01 20:20 . 2009-02-05 21:15 <REP> d-------- C:\ToolBar SD
2009-02-01 19:47 . 2009-02-01 19:48 <REP> d-------- C:\rsit
2009-02-01 19:47 . 2009-02-07 20:17 <REP> d-------- c:\program files\trend micro
2009-02-01 01:43 . 2009-02-01 01:43 <REP> d-------- c:\users\Step\AppData\Roaming\Malwarebytes
2009-02-01 01:42 . 2009-02-01 01:42 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-01 01:42 . 2009-02-01 01:42 <REP> d-------- c:\programdata\Malwarebytes
2009-02-01 01:42 . 2009-02-02 20:31 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-01 00:10 . 2009-02-01 16:43 250 --a------ c:\windows\gmer.ini
2009-01-24 05:24 . 2009-02-05 21:15 <REP> d-------- c:\program files\aquaplay
2009-01-23 20:26 . 2009-02-05 20:04 <REP> d-------- c:\users\All Users\Sports Interactive
2009-01-23 20:26 . 2009-02-05 20:04 <REP> d-------- c:\programdata\Sports Interactive
2009-01-23 20:24 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-01-23 20:24 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-01-23 20:24 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-01-23 20:24 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2009-01-23 20:24 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-01-23 20:24 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-01-23 20:24 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2009-01-23 20:24 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-01-23 20:24 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-01-23 20:24 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2009-01-23 19:14 . 2009-02-05 21:15 <REP> d-------- c:\program files\Common Files\Steam
2009-01-23 19:13 . 2009-02-05 21:15 <REP> d-------- c:\program files\Steam

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 23:06 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-14 23:06 --------- d-----w c:\program files\CCleaner
2009-02-08 09:16 --------- d-----w c:\program files\Yahoo!
2009-02-05 20:23 --------- d-----w c:\program files\Paint.NET
2009-02-05 20:15 --------- d-----w c:\users\Step\AppData\Roaming\DAEMON Tools
2009-02-05 20:15 --------- d-----w c:\users\Step\AppData\Roaming\Azureus
2009-02-05 20:15 --------- d-----w c:\program files\Windows Defender
2009-01-24 04:45 --------- d-----w c:\users\Step\AppData\Roaming\Sports Interactive
2009-01-23 18:09 --------- d-----w c:\program files\Sports Interactive
2009-01-21 20:30 --------- d-----w c:\program files\Azureus
2009-01-15 16:58 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-13 19:49 --------- d-----w c:\users\Step\AppData\Roaming\aAvgApi
2009-01-12 20:18 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-12 20:18 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-12 20:18 --------- d-----w c:\programdata\avg8
2009-01-12 20:17 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-11 16:00 --------- d-----w c:\program files\Common Files\Adobe
2008-12-31 13:55 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-30 14:56 --------- d-----w c:\users\Step\AppData\Roaming\InterVideo
2008-12-28 12:35 --------- d-----w c:\programdata\Messenger Plus!
2008-12-28 11:55 --------- d-----w c:\users\Step\AppData\Roaming\Canneverbe_Limited
2008-12-28 11:54 --------- d-----w c:\program files\CDBurnerXP
2008-12-28 10:32 --------- d-----w c:\users\Step\AppData\Roaming\Ahead
2008-12-28 10:10 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 10:10 --------- d-----w c:\program files\Microsoft Reader
2008-12-28 10:03 --------- d-----w c:\users\TEMP\AppData\Roaming\ATI
2008-12-28 00:46 --------- d-----w c:\program files\BitTorrent
2008-12-28 00:24 --------- d-----w c:\program files\iPod
2008-12-28 00:24 --------- d-----w c:\program files\Bonjour
2008-12-28 00:21 --------- d-----w c:\program files\Windows Sidebar
2008-12-28 00:21 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-28 00:21 --------- d-----w c:\program files\SplitCam
2008-12-28 00:21 --------- d-----w c:\program files\QuickTime
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft Sync Framework
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-28 00:20 --------- d-----w c:\program files\Microsoft
2008-12-27 23:47 --------- d-----w c:\users\Step\AppData\Roaming\Apple Computer
2008-12-27 23:46 --------- d-----w c:\program files\iTunes
2008-12-27 23:46 --------- d-----w c:\program files\Common Files\Apple
2008-12-27 23:45 --------- d-----w c:\programdata\Apple Computer
2008-12-27 23:37 --------- d-----w c:\program files\Apple Software Update
2008-12-27 21:16 --------- d-----w c:\programdata\ma-config.com
2008-12-27 21:16 --------- d-----w c:\program files\ma-config.com
2008-12-18 10:57 --------- d-----w c:\program files\Windows Live
2008-12-18 09:45 --------- d-----w c:\program files\Windows Mail
2008-12-17 20:10 --------- d-----w c:\programdata\WLInstaller
2008-12-17 19:25 174 --sha-w c:\program files\desktop.ini
2008-12-17 19:12 --------- d-----w c:\program files\Windows Calendar
2008-12-17 19:11 --------- d-----w c:\program files\Windows Collaboration
2008-12-17 18:38 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-17 18:38 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-17 14:58 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-17 14:57 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-17 14:45 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-17 14:34 --------- d-----w c:\program files\Common Files\Windows Live
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-06-25 17:58 1,664,591 ----a-w c:\users\2007\pf-setup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-07_20.59.53.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-17 02:13:29 6,041,600 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
- 2009-01-16 11:42:53 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-02-17 02:07:40 593,920 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-01-16 11:42:53 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-17 02:07:40 12,288 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-01-16 11:42:53 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-02-17 02:07:40 86,016 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-16 11:42:52 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-02-17 02:07:40 135,168 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-16 11:42:53 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-02-17 02:07:40 11,264 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-16 11:42:53 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-02-17 02:07:40 27,136 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-16 11:42:53 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-02-17 02:07:40 4,096 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-16 11:42:53 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-02-17 02:07:40 794,624 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-01-16 11:42:53 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-02-17 02:07:40 249,856 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-16 11:42:52 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-02-17 02:07:40 61,440 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-01-16 11:42:53 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-02-17 02:07:41 23,040 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-16 11:42:52 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-02-17 02:07:40 286,720 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-16 11:42:52 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-02-17 02:07:40 409,600 ----a-r c:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-11-16 08:20:06 12,288 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-17 02:10:43 12,288 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-16 08:20:06 135,168 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-02-17 02:10:45 135,168 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-16 08:20:06 4,096 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-02-17 02:10:47 4,096 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-16 08:20:05 176,128 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2009-02-17 02:10:41 176,128 ----a-r c:\windows\Installer\{9051040C-6000-11D3-8CFE-0150048383C9}\visicon.exe
- 2009-02-06 22:07:16 941,680 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-02-16 18:54:51 941,680 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-02-07 08:33:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-17 02:00:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-07 08:33:53 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-17 02:00:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-07 08:36:59 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-17 02:02:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-02-07 09:18:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-17 02:02:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-02-07 19:49:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-17 02:14:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-07 19:49:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-17 02:14:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-07 19:49:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-17 02:14:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 15:10:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-02-07 19:51:58 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-17 01:54:36 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-17 01:54:36 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2009-02-07 14:26:44 101,556 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-15 18:40:04 101,556 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-07 14:26:44 123,896 ----a-w c:\windows\System32\perfc00C.dat
+ 2009-02-15 18:40:04 123,896 ----a-w c:\windows\System32\perfc00C.dat
- 2009-02-07 14:26:44 587,484 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-15 18:40:04 587,484 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-07 14:26:44 669,890 ----a-w c:\windows\System32\perfh00C.dat
+ 2009-02-15 18:40:04 669,890 ----a-w c:\windows\System32\perfh00C.dat
- 2009-01-16 12:00:29 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-02-17 02:08:10 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-02-07 08:37:51 13,546 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3104662218-1256191170-3440181771-1002_UserData.bin
+ 2009-02-17 02:02:51 13,846 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3104662218-1256191170-3440181771-1002_UserData.bin
- 2009-02-07 08:37:49 70,176 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-17 02:02:50 71,036 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-06 16:10:58 4,370 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-16 18:54:42 4,370 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-02-07 08:37:49 57,288 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 13:06:53 58,406 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-02 13:33:38 218,276 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-02-09 15:33:13 220,984 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-01-15 17:00:18 155,339,540 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-17 02:08:18 191,005,605 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-04-11 06:42:20 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WininetPlugin.dll
+ 2007-09-23 10:44:58 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16809_none_f9b4de176e8fd9a5\ieapfltr.dat
+ 2007-09-23 10:44:58 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20996_none_f9da2ab887f928e3\ieapfltr.dat
+ 2008-01-19 07:36:35 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\sqmapi.dll
+ 2008-01-19 07:34:31 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18203_none_64a57149ae1c4f9c\ieui.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Google Update"="c:\users\Step\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-20 77824]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"TOSHIBA Volume Indicator"="c:\program files\Toshiba\Utilities\VolControl.exe" [2006-12-13 94208]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-12 1601304]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\2007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\Step\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-17 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2009-01-23 19:15 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{5FD91A4C-4DB7-4928-B53A-6D5FC34295DB}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{419DCCF4-F449-4FAA-9255-14B244D9CD47}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{6DF018C9-6C18-4C79-AA7D-1E3C34979C0B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{1B957FE3-F7B2-45B8-B14B-20E8D8BF36E3}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"TCP Query User{BBBE5863-238E-4B75-8719-4F5342394360}c:\\users\\2007\\appdata\\local\\temp\\rar$ex00.171\\emule\\emule.exe"= UDP:c:\users\2007\appdata\local\temp\rar$ex00.171\emule\emule.exe:emule.exe
"UDP Query User{67500115-DC8F-4C89-BA3C-A4744AD4E436}c:\\users\\2007\\appdata\\local\\temp\\rar$ex00.171\\emule\\emule.exe"= TCP:c:\users\2007\appdata\local\temp\rar$ex00.171\emule\emule.exe:emule.exe
"TCP Query User{9CEF591D-A89A-4C92-BAEB-0D3CB26BD49F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{4B70F833-BC74-460F-9282-3FB9FB9BB736}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F56905EA-E544-4CC3-AB7E-EE1214E1E8CC}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{F78F6B5B-FEF5-47C6-A315-7DE628CA3D75}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{D7C874C2-43D8-479E-8B7A-AB41451EEF90}"= Disabled:UDP:c:\program files\fm.exe:Football Manager 2008
"{5B3DCBAC-B132-46F6-9393-B35D886DC396}"= Disabled:TCP:c:\program files\fm.exe:Football Manager 2008
"TCP Query User{20EDBEE9-47B9-4FDB-A3B1-41A241D2A7FE}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{9521B02B-9AC6-4227-8949-0E57CEB5B2B8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{161C8511-8AA2-4B90-98E3-4E7160E5F9E8}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{F4AA48FC-F466-4A90-9A76-9EA89684E16E}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{39F9BBEB-2BC8-43E3-BB42-FBCBCDCA3EAD}c:\\program files\\ppmate\\ppmate\\ppmate.exe"= UDP:c:\program files\ppmate\ppmate\ppmate.exe:PPMate P2P TV
"UDP Query User{ACBAF6E3-97E3-45CB-8842-CAE637A0EF29}c:\\program files\\ppmate\\ppmate\\ppmate.exe"= TCP:c:\program files\ppmate\ppmate\ppmate.exe:PPMate P2P TV
"TCP Query User{2A05CA98-2A5A-4F74-9CEF-7672D26610B5}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{75F44963-AB3D-44C1-A755-9B8940C9C4AB}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{9DDA4A41-30BD-4196-85D0-9EA7DB44F854}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6763BFB0-A49B-4277-A9CE-A19578701E25}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{38713D86-3CA7-499A-9B2A-14AF270526B4}c:\\users\\2007\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\2007\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{299B3A3B-3B1C-4974-8F50-0153917864D8}c:\\users\\2007\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\2007\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{0D9D7D59-AADB-4947-87D4-98C717CDE973}c:\\users\\2007\\appdata\\local\\temp\\rar$ex02.766\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= UDP:c:\users\2007\appdata\local\temp\rar$ex02.766\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"UDP Query User{6DF04E2B-4701-4509-8054-4AE12924940E}c:\\users\\2007\\appdata\\local\\temp\\rar$ex02.766\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= TCP:c:\users\2007\appdata\local\temp\rar$ex02.766\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"TCP Query User{17A35D09-AE7C-4F5C-B13D-FC286C30EF4D}c:\\users\\2007\\desktop\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= UDP:c:\users\2007\desktop\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"UDP Query User{9A5627BA-9821-424D-8218-EF7212B6654F}c:\\users\\2007\\desktop\\portable limewire pro 4.14.10_multilang\\limewire pro 4.14.10 portable.exe"= TCP:c:\users\2007\desktop\portable limewire pro 4.14.10_multilang\limewire pro 4.14.10 portable.exe:limewire pro 4.14.10 portable.exe
"{41459E7D-92F3-4E24-8F71-D5C96095655D}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{13B6E290-630B-4DA0-84A9-1F716AFFAB55}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{A4673DA1-B535-40B4-94BC-1C31865E8EA3}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{620635BF-FE10-4A5E-8303-A28AC3A25581}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{55EE90A1-CE93-47BB-AE27-65FE0F2B89CA}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{414DF850-822B-4472-A942-E2B9C9F47B22}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{FCF6337D-B51F-488B-8F32-325683A80121}c:\\program files\\x-chat 2\\xchat.exe"= UDP:c:\program files\x-chat 2\xchat.exe:X-Chat IRC Client
"UDP Query User{86EF4704-CDAE-4FFC-A2E3-2233AA84B20B}c:\\program files\\x-chat 2\\xchat.exe"= TCP:c:\program files\x-chat 2\xchat.exe:X-Chat IRC Client
"{8EE34478-C877-4132-8760-01BA327FEEA2}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A2A9274B-85DB-4921-A9B9-0AB54253676B}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{84BD71E7-5322-40FC-9D41-75009201E747}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{CCE87925-0BEA-4C21-A2C2-36BB72ECC53A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{EB21003F-AFFE-4796-9980-E3DA1E3D189F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{5DDEEE1B-4615-4B66-AFCE-91AD14CEEFD8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{D21EC17D-59F9-4560-AF55-965F1D2F1680}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{5967084E-B8D9-4D40-AFE7-3EA8E4830CA3}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= c:\program files\PPMate\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\uusee\\UUSeePlayer.exe"= c:\program files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2008-11-15 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-11-15 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2008-11-15 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-12 298264]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2008-12-18 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenu du dossier 'Tâches planifiées'

2009-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3104662218-1256191170-3440181771-1002.job
- c:\users\Step\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-18 11:19]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/home.php
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 03:27:41
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????P?Qe?U??0???X?????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(564)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Heure de fin: 2009-02-17 3:33:50
ComboFix-quarantined-files.txt 2009-02-17 02:33:12
ComboFix2.txt 2009-02-07 20:33:12
ComboFix3.txt 2009-02-02 14:04:21

Avant-CF: 12,762,099,712 octets libres
Après-CF: 14,489,235,456 octets libres

351 --- E O F --- 2009-02-17 02:10:15

Voiilà ce que sa m'a rendu.
0
Réponse 59 / 73
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
lance avg antirootkit
0
Réponse 60 / 73
Kira
 
https://imageshack.com/

et

https://imageshack.com/

Voilà ;-)
0

Discussions similaires

question pix mot caché
aorum10 -
astrid-g85 -

6 réponses