Rapports HijackThis

Résolu
Utilisateur anonyme -  
 Utilisateur anonyme -
Bonjour,

vue que j'ai quelque probleme ( virus , et que je n'arive a rien , j'ai fait un log hijackthis , je vous remerci d'avance !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:00, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\WINDOWS\System32\inf\rundll33.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0375C1E4-FB3B-479A-BC96-F6A4D5F029FA} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {448C8294-49D1-4FB0-B32A-ED739EE37219} - C:\Windows\system32\wvULDsqR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56B26E77-EB7D-4FCA-B4AD-5BA412BDA468} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A03A24F6-7888-43EE-B25A-242F31663224} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Explorer] C:\Windows\system32\msrstart.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\Windows\system32\inf\rundll33.exe C:\Windows\xccdf16_090131a.dll xccd16
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Kyuubi-Barre.lnk = Halo-Roro\AppData\Roaming\KyuubiBarre\PF\KyuubiBarre.exe
O4 - Startup: SMS Services.lnk = Halo-Roro\Documents\smss.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/htdocs/srl_bin/sysreqlab_srl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236090623564&h=96e15b781d3538908dbb3b94f84632df/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0348833B-C3C3-4D81-BD64-CE2B08842F17}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE8812A8-9D6F-4939-A1B7-4D123C2B6B3A}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{0348833B-C3C3-4D81-BD64-CE2B08842F17}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CS4\Services\Tcpip\..\{0348833B-C3C3-4D81-BD64-CE2B08842F17}: NameServer = 212.30.96.108,213.203.124.146
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\Windows\system32\sopidkc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Tcp ipx Service (Tcpipsrv) - Unknown owner - c:\windows\$ntunistalls\svchost.exe

--
End of file - 10263 bytes

46 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Des symptômes d'infection virale apparaissent sur un PC sous Windows Vista, comme l’indique le log HijackThis et les nombreux programmes et services lancés au démarrage. Des solutions proposées incluent l’exécution de GenProc puis l’envoi du rapport, puis l’emploi de ComboFix avec CFScript pour nettoyer les éléments malveillants détectés sur le système. En parallèle, une création d’un point de restauration est envisagée et certains éléments problématiques apparaissent dans les services et les pilotes, nécessitant une suppression ou une désactivation. D’autres éléments du log indiquent des noms de fichiers et des services potentiellement liés à des malwares, tels que des pilotes et des programmes de sécurité qui pourraient devoir être réinstaller ou remplacés après nettoyage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. eZula Messages postés 3509 Statut Contributeur 392
     
    Bonjour,

    télécharge GenProc http://www.genproc.com/GenProc.exe

    double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
    0
  2. Utilisateur anonyme
     
    voila :

    Rapport GenProc 2.398 [2] - 03/03/2009 à 16:34:18,32 - Windows Vista

    Il est impératif de désactiver le résident TeaTimer de Spybot pendant l'ensemble des manipulations qui vont suivre. Aide Tea-Timer : http://ww11.genproc.com/spybot/spybot.html

    # Etape 1/ Télécharge :

    - ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.

    Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** Halo-Roro ***

    # Etape 2/

    Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

    # Etape 3/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 4/

    Redémarre normalement et poste, dans la même réponse :

    - Le contenu du rapport situé dans C:\Combofix.txt;
    - Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

    ----------------------------------------------------------------------
    Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
    ----------------------------------------------------------------------

    ~~ Arguments ~~

    # Détections GenProc 2.398 03/03/2009 à 16:32:36,07
    Vundo:le 03/03/2009 à 16:32:40,83 "C:\Windows\system32\*.ini2"

    # Détections GenProc 2.398 03/03/2009 à 16:33:54,85
    Vundo:le 03/03/2009 à 16:34:00,18 "C:\Windows\system32\*.ini2"
    0
  3. eZula Messages postés 3509 Statut Contributeur 392
     
    Ok vas-y
    0
  4. Utilisateur anonyme
     
    c'est fait , je fait un scan avec spybots , je reposte un log hijackthis ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. eZula Messages postés 3509 Statut Contributeur 392
     
    - Le contenu du rapport situé dans C:\Combofix.txt;
    - Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
    0
  7. Utilisateur anonyme
     
    tout d'abord le ComboFix :

    ComboFix 09-03-02.03 - Halo-Roro 2009-03-03 16:50:39.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3582.2597 [GMT 1:00]
    Lancé depuis: c:\users\Halo-Roro\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\emMON.exe
    c:\windows\Install.txt
    c:\windows\patch.exe
    c:\windows\System32\200923556.dll
    c:\windows\system32\afisicx.exe
    c:\windows\system32\comsa32.sys
    c:\windows\system32\drivers\senekapmtyfhij.sys
    c:\windows\system32\inf\rundll33.exe
    c:\windows\system32\inf\xccdfb16_090131.dll
    c:\windows\system32\inf\xccefb090131.scr
    c:\windows\system32\Install.txt
    c:\windows\system32\mabidwe.exe
    c:\windows\system32\MPG4c32.dll
    c:\windows\system32\RqsDLUvw.ini
    c:\windows\System32\RqsDLUvw.ini2
    c:\windows\system32\senekaedpkxsms.dll
    c:\windows\system32\senekaftcqdmty.dll
    c:\windows\system32\senekamxpdmwji.dat
    c:\windows\system32\senekapsfcogkx.dat
    c:\windows\system32\senekavhyvppgj.dll
    c:\windows\system32\w.exe
    c:\windows\system32\wvULDsqR.dll
    c:\windows\system32\xcchit32.ini
    c:\windows\xccdf16_090131a.dll
    c:\windows\xccwinsys.ini
    G:\AutoRun.INF

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://shefo2.fileave.com
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_SENEKA
    -------\Service_SENEKA
    -------\Service_afisicx
    -------\Service_defaultlib
    -------\Service_mabidwe
    -------\Service_softyinforwow1

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-03 16:54 . 2009-03-03 16:56 1,464 --a------ c:\windows\System32\senekacdptuxqi.dat
    2009-03-03 16:53 . 2009-03-03 16:53 0 --a------ c:\windows\System32\senekapop.dll
    2009-03-03 16:53 . 2009-03-03 16:53 0 --a------ c:\windows\System32\drivers\seneka.sys
    2009-03-03 16:32 . 2009-03-03 16:33 <REP> d-------- C:\GenProc
    2009-03-03 16:15 . 2009-03-03 16:15 <REP> d-------- c:\program files\Trend Micro
    2009-03-03 15:34 . 2009-03-03 15:34 <REP> d-------- c:\users\Halo-Roro\.kyuubibarrec
    2009-03-03 15:33 . 2009-03-03 15:33 <REP> d-------- c:\windows\Sun
    2009-03-03 15:33 . 2009-03-03 15:31 410,984 --a------ c:\windows\System32\deploytk.dll
    2009-03-03 15:27 . 2009-03-03 15:27 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\KyuubiBarre
    2009-03-03 15:27 . 2009-03-03 15:27 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\Kyuubi-Barre
    2009-03-03 15:27 . 2006-12-29 04:51 45,056 --a------ c:\windows\System32\jniwrap.dll
    2009-03-03 15:27 . 2008-04-04 10:19 293 --a------ c:\windows\System32\jniwrap.lic
    2009-03-03 15:27 . 2008-04-04 10:19 292 --a------ c:\windows\System32\jexplorer.lic
    2009-03-03 15:27 . 2008-04-04 10:19 289 --a------ c:\windows\System32\comfyj.lic
    2009-03-03 14:45 . 2009-03-03 14:45 <REP> d-------- c:\program files\Alwil Software
    2009-03-03 14:45 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
    2009-03-03 12:52 . 2009-03-03 12:52 <REP> d--hs---- c:\windows\$ntunistalls
    2009-03-03 04:26 . 2009-03-03 16:58 <REP> d-------- c:\users\Halo-Roro\Tracing
    2009-03-02 23:21 . 2009-03-02 23:21 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\FlashGet
    2009-03-02 23:19 . 2009-03-02 23:21 <REP> d-------- c:\program files\FlashGet
    2009-03-02 05:27 . 2009-03-02 05:27 107,888 --a------ c:\windows\System32\CmdLineExt.dll
    2009-03-02 05:11 . 2009-03-02 05:11 <REP> d-------- c:\program files\CAPCOM
    2009-03-02 05:10 . 2009-03-02 05:10 <REP> d-------- c:\windows\System32\xlive
    2009-03-02 03:45 . 2009-03-03 04:29 <REP> d-------- c:\users\Halo-Roro\Incomplete
    2009-03-02 03:31 . 2009-03-03 05:28 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\FrostWire
    2009-03-02 03:30 . 2009-03-03 15:31 <REP> d-------- c:\program files\Java
    2009-03-02 03:30 . 2009-03-02 03:30 <REP> d-------- c:\program files\Common Files\Java
    2009-03-02 03:17 . 2009-03-02 03:31 <REP> d-------- c:\program files\FrostWire
    2009-03-01 21:30 . 2009-03-01 21:30 <REP> d-------- c:\program files\CCleaner
    2009-03-01 17:44 . 2009-03-01 17:44 313,654 --a------ c:\windows\System32\hguest.exe
    2009-03-01 17:44 . 2009-03-01 17:44 107,756 --a------ c:\windows\System32\hgcheck.exe
    2009-03-01 17:44 . 2009-03-01 17:44 227 --a------ c:\windows\System32\hgset.ini
    2009-03-01 17:44 . 2009-03-01 17:44 77 --a------ c:\windows\System32\work.ini
    2009-03-01 03:05 . 2009-03-01 03:05 <REP> d-------- c:\windows\report
    2009-03-01 03:05 . 2009-03-01 03:04 22,310,977 --a------ c:\windows\LPT$VPN.873
    2009-03-01 03:04 . 2009-03-01 03:04 <REP> d-------- c:\windows\AU_Backup
    2009-03-01 03:04 . 2009-03-01 03:04 22,310,977 --a------ c:\windows\VPTNFILE.873
    2009-03-01 03:04 . 2009-03-01 03:04 1,980,182 --a------ c:\windows\tsc.ptn
    2009-03-01 03:04 . 2009-03-01 03:04 1,213,784 --a------ c:\windows\vsapi32.dll
    2009-03-01 03:04 . 2009-03-01 03:04 345,157 --a------ c:\windows\tsc.exe
    2009-03-01 03:04 . 2009-03-01 03:04 91,744 --a------ c:\windows\BPMNT.dll
    2009-03-01 03:04 . 2009-03-01 03:04 71,749 --a------ c:\windows\hcextoutput.dll
    2009-03-01 03:04 . 2009-03-01 17:15 823 --a------ c:\windows\tsc.ini
    2009-03-01 03:03 . 2009-03-01 03:04 <REP> d-------- c:\windows\AU_Temp
    2009-03-01 03:03 . 2009-03-01 03:03 <REP> d-------- c:\windows\AU_Log
    2009-03-01 03:03 . 2009-03-01 03:03 507,904 --a------ c:\windows\TMUPDATE.DLL
    2009-03-01 03:03 . 2009-03-01 03:03 69,689 --a------ c:\windows\UNZIP.DLL
    2009-03-01 03:03 . 2009-03-01 03:03 170 --a------ c:\windows\GetServer.ini
    2009-03-01 01:49 . 2009-03-01 21:09 <REP> d-a------ c:\users\All Users\TEMP
    2009-03-01 01:49 . 2009-03-01 21:09 <REP> d-------- c:\users\All Users\SpeedBit
    2009-03-01 01:49 . 2009-03-01 21:09 <REP> d-a------ c:\programdata\TEMP
    2009-03-01 01:49 . 2009-03-01 21:09 <REP> d-------- c:\programdata\SpeedBit
    2009-03-01 01:49 . 2009-03-01 21:10 <REP> d-------- c:\program files\DAP
    2009-02-28 22:26 . 2009-02-28 22:26 0 --a------ c:\windows\System32\drivers\senekautocxcqw.sys
    2009-02-28 19:10 . 2009-03-03 00:49 1,377 --a------ c:\windows\wininit.ini
    2009-02-28 18:36 . 2009-02-28 22:48 <REP> d-------- c:\windows\System32\3361
    2009-02-28 18:36 . 2009-02-28 18:36 108,336 --a------ c:\windows\System32\MSWINSCK.OCX
    2009-02-28 18:35 . 2002-02-15 14:02 676,352 --a------ c:\windows\System32\rtl60.bpl
    2009-02-28 18:35 . 2009-02-28 18:35 77,824 --a------ c:\windows\System32\u182859850.dll
    2009-02-28 18:34 . 2009-03-03 16:53 <REP> d-------- c:\windows\System32\inf
    2009-02-28 18:34 . 2009-02-28 18:34 155,175 --a------ c:\windows\System32\icv.exe
    2009-02-28 18:34 . 2009-02-28 18:34 155,175 --a------ c:\windows\system\xccef090131.exe
    2009-02-28 00:02 . 2009-02-28 00:02 <REP> d-------- c:\program files\RivaTuner v2.23
    2009-02-27 23:44 . 2009-02-27 23:44 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\DivX
    2009-02-27 19:00 . 2009-02-27 19:00 <REP> d-------- c:\program files\Lionhead Studios
    2009-02-27 04:34 . 2009-02-27 04:34 <REP> d-------- c:\users\All Users\NortonInstaller
    2009-02-27 04:34 . 2009-02-27 04:34 <REP> d-------- c:\programdata\NortonInstaller
    2009-02-26 21:39 . 2009-03-01 21:10 <REP> d-------- c:\program files\Common Files\PX Storage Engine
    2009-02-26 21:38 . 2009-03-01 21:11 <REP> d-------- c:\program files\DivX
    2009-02-26 21:35 . 2009-02-26 21:35 <REP> d-------- c:\program files\SystemRequirementsLab
    2009-02-26 20:40 . 2009-02-26 20:40 <REP> d-------- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
    2009-02-26 19:46 . 2009-02-26 19:46 42,320 --a------ c:\windows\System32\xfcodec.dll
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Searches
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Saved Games
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Links
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
    2009-02-26 04:58 . 2009-02-26 04:58 1,540 --a------ c:\windows\System32\ealregsnapshot1.reg
    2009-02-26 04:44 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
    2009-02-25 23:12 . 2009-02-25 23:12 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-02-25 20:19 . 2009-02-25 20:19 <REP> d-------- c:\program files\AIDA32 - Personal System Information
    2009-02-25 19:38 . 2009-02-25 19:38 <REP> d-------- c:\program files\Microsoft Silverlight
    2009-02-25 19:35 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
    2009-02-25 19:35 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
    2009-02-25 19:35 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
    2009-02-25 19:35 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
    2009-02-25 18:12 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Music
    2009-02-24 22:45 . 2006-11-02 11:23 <REP> dr------- c:\users\Mcx1\Videos
    2009-02-24 22:45 . 2006-11-02 11:23 <REP> d-------- c:\users\Mcx1\Saved Games
    2009-02-24 22:45 . 2006-11-02 11:23 <REP> dr------- c:\users\Mcx1\Pictures
    2009-02-24 22:45 . 2009-02-27 04:56 <REP> dr------- c:\users\Mcx1\Music
    2009-02-24 22:45 . 2006-11-02 11:23 <REP> dr------- c:\users\Mcx1\Links
    2009-02-24 22:45 . 2006-11-02 11:23 <REP> dr------- c:\users\Mcx1\Downloads
    2009-02-24 22:45 . 2009-02-24 22:45 <REP> dr------- c:\users\Mcx1\Documents
    2009-02-24 22:45 . 2009-02-24 22:45 <REP> d--h----- c:\users\Mcx1\AppData
    2009-02-24 22:45 . 2009-02-24 22:45 <REP> d-------- c:\users\Mcx1
    2009-02-24 19:11 . 2009-02-24 19:11 <REP> d-------- C:\PerfLogs
    2009-02-24 00:08 . 2009-02-24 00:08 9,728 --a------ c:\program files\setup_bs.exe
    2009-02-23 05:21 . 2009-02-26 20:42 <REP> d-------- c:\program files\EA GAMES
    2009-02-23 05:21 . 2004-08-18 09:34 442,368 -ra------ c:\windows\System32\vp6vfw.dll
    2009-02-23 05:20 . 2009-02-23 05:20 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\DAEMON Tools Pro
    2009-02-23 05:20 . 2009-02-23 05:20 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\DAEMON Tools
    2009-02-23 05:19 . 2009-02-23 05:19 <REP> d-------- c:\users\All Users\DAEMON Tools Lite
    2009-02-23 05:19 . 2009-02-23 05:19 <REP> d-------- c:\programdata\DAEMON Tools Lite
    2009-02-23 05:19 . 2009-02-23 05:19 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-02-23 05:06 . 2009-02-23 05:06 717,296 --a------ c:\windows\System32\drivers\sptd.sys
    2009-02-23 05:05 . 2009-02-23 05:20 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\DAEMON Tools Lite
    2009-02-23 01:33 . 2009-02-23 01:33 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-02-23 01:33 . 2009-02-23 01:33 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2009-02-22 21:27 . 2008-01-19 08:33 2,623,488 --a------ c:\windows\System32\SLsvc.exe
    2009-02-22 21:27 . 2008-01-19 08:36 1,541,120 --a------ c:\windows\System32\onex.dll
    2009-02-22 21:25 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
    2009-02-22 21:24 . 2008-01-19 08:32 5,714,432 --a------ c:\windows\System32\logon.scr
    2009-02-22 21:23 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
    2009-02-22 21:23 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
    2009-02-22 21:23 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
    2009-02-22 21:23 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
    2009-02-22 21:23 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
    2009-02-22 21:23 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
    2009-02-22 21:23 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
    2009-02-22 21:23 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
    2009-02-22 21:23 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
    2009-02-22 21:23 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-01 20:10 --------- d-----w c:\program files\Google
    2009-02-27 18:00 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-27 03:34 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-02-24 18:31 174 --sha-w c:\program files\desktop.ini
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Sidebar
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Photo Gallery
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Mail
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Journal
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Defender
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Collaboration
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Calendar
    2009-02-23 00:32 --------- d-----w c:\program files\Microsoft Works
    2009-02-21 23:35 --------- d-----w c:\program files\HP
    2009-02-21 23:33 --------- d-----w c:\program files\Intel
    2009-02-21 23:28 319,456 ----a-w c:\windows\DIFxAPI.dll
    2009-02-21 23:28 --------- d-----w c:\program files\Realtek
    2009-02-21 00:40 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2009-02-21 00:40 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2009-02-21 00:40 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2009-02-21 00:40 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
    2009-02-21 00:40 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2009-02-21 00:40 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2009-02-21 00:32 --------- d-----w c:\program files\Common Files\Roxio Shared
    2009-02-20 22:46 --------- d-----w c:\program files\Common Files\InstallShield
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Modèles
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Menu Démarrer
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Favoris
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Documents
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Bureau
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Application Data
    2009-02-20 22:24 --------- d-sh--w c:\program files\Fichiers communs
    2009-02-09 12:18 7,764,672 ----a-w c:\windows\system32\drivers\nvlddmkm.sys
    2009-02-09 12:18 4,160 ----a-w c:\windows\system32\drivers\nvBridge.kmd
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-21 342848]
    "Steam"="c:\program files\steam\steam.exe" [2009-02-21 1410296]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCUTRAYICON"="FactoryMode" [X]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "Explorer"="c:\windows\system32\msrstart.exe" [2006-11-02 240640]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

    c:\users\Halo-Roro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Kyuubi-Barre.lnk - c:\users\Halo-Roro\AppData\Roaming\KyuubiBarre\PF\KyuubiBarre.exe [2009-03-03 61952]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-02-20 495616]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    "msacm.divxa32"= divxa32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdss.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xcommsvr.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E77CF33D-6C07-4636-827B-E4A2A139A82D}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{0CA4CCB7-952B-4723-B7B4-C7B9853E7EEB}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{BEA96267-04DD-44FA-BAD3-B069F3F7243B}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{82183388-A487-4BCB-BAF2-CE5133326DAA}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{F22D71E8-C211-4975-8F5D-3C9DE1676D53}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{F3AD6A74-9AE2-47DF-BFAA-D54272845B0F}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{8551BBB6-387A-41FD-B396-D4A9396BB088}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
    "{5A4E1C30-017A-4EC2-84A2-FEA429A44A63}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
    "{6AEB06E6-E66C-45FE-8284-12F189B10DBC}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{43397F41-E95F-494D-9D8C-95A33B28DBED}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{4C5EEA69-FD81-4F9A-8247-9C090972ED57}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{4933A42D-7E59-41A9-95DF-2A19F9151518}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{23C650A1-D3D6-4DBA-8116-35D49E601782}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
    "{9C4D81D5-BC13-4B39-8030-B2E9FA666149}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
    "{B6525A6C-5584-4798-876D-9811B11EE0AD}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
    "{E4D55A75-9F72-45AA-8898-8C2FE8DCF038}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
    "TCP Query User{B7E9F68C-B1A6-4BD5-9105-C6B487EC4D54}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{9E01EFBD-0424-4B52-9671-05C51F0D9AED}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{B8D1ECA2-0DFE-489E-92DD-A647C31F4E89}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
    "UDP Query User{57A46E9B-B875-400E-8D43-FE2B5E0E0712}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
    "TCP Query User{BC29744A-21B3-4899-B874-5F36A1F24D95}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "UDP Query User{9DC0EC7A-6145-4D0C-86F3-00FE6F8E372A}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "TCP Query User{FA611B4B-35C9-4EE0-9DCB-C6E81DD38F9D}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{B635EA4A-498F-4F5F-B2E8-0F8F0A869300}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
    "{48103C77-73AC-4B49-BCA9-D4083DD35270}"= UDP:c:\program files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
    "{DBC5F29C-2463-4551-9DE8-A4E94D043354}"= TCP:c:\program files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
    "TCP Query User{64EF6523-2D47-4B55-86D4-31E9FF1E42F1}c:\\program files\\saints row 2\\sr2_pc.exe"= UDP:c:\program files\saints row 2\sr2_pc.exe:SR2_pc
    "UDP Query User{1B8F0107-211F-47C7-A03A-15AC251CBC79}c:\\program files\\saints row 2\\sr2_pc.exe"= TCP:c:\program files\saints row 2\sr2_pc.exe:SR2_pc
    "{CFFF8149-51DD-4AC5-966D-37FBCF31E8AB}"= UDP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX9.exe:LOSTPLANETCOLONIES_DX9
    "{CD1A23EE-8AFC-4A27-981E-09B84471A434}"= TCP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX9.exe:LOSTPLANETCOLONIES_DX9
    "{636A8E8A-4575-4F64-B8E8-230C5155E4CD}"= UDP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX10.exe:LOSTPLANETCOLONIES_DX10
    "{5E3C3E9C-D7B0-4EFB-A203-F223C1FC9FF7}"= TCP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX10.exe:LOSTPLANETCOLONIES_DX10
    "TCP Query User{730BAF62-55E6-46B3-AA2A-C67F38640AAD}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
    "UDP Query User{4F6451AD-3923-4987-ADB6-ACC9777C0B29}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
    "TCP Query User{3818922F-72CF-4B84-9C7E-60937A367C53}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
    "UDP Query User{0B47C5D2-EA19-4F5A-BA58-04E89439363A}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
    "c:\\Windows\\system32\\3361\\svchost.exe"= c:\windows\system32\3361\svchost.exe:*:Enabled:SVCHOST.EXE
    "c:\\Users\\HALO-R~1\\DOCUME~1\\smss.exe"= c:\users\HALO-R~1\DOCUME~1\smss.exe:*:Enabled:SMS Services

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-03 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-03 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-03 51792]
    R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
    R2 sopidkc;sopidkc Service;c:\windows\System32\sopidkc.exe [2006-11-02 48128]
    R2 Tcpipsrv;Tcp ipx Service;c:\windows\$ntunistalls\svchost.exe [2009-03-03 197120]
    S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-21 1153368]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - sptd
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0375C1E4-FB3B-479A-BC96-F6A4D5F029FA} - (no file)
    BHO-{448C8294-49D1-4FB0-B32A-ED739EE37219} - (no file)
    BHO-{56B26E77-EB7D-4FCA-B4AD-5BA412BDA468} - (no file)
    BHO-{A03A24F6-7888-43EE-B25A-242F31663224} - (no file)
    BHO-{BD4462D0-2934-4BDC-B886-C6D4CCE4CBB9} - c:\windows\system32\wvULDsqR.dll
    HKLM-Run-<NO NAME> - (no file)
    HKLM-Explorer_Run-xccinit - c:\windows\system32\inf\rundll33.exe

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://google.fr/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=desktop
    IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
    TCP: {0348833B-C3C3-4D81-BD64-CE2B08842F17} = 212.30.96.108,213.203.124.146
    TCP: {CE8812A8-9D6F-4939-A1B7-4D123C2B6B3A} = 212.30.96.108,213.203.124.146
    FF - ProfilePath - c:\users\Halo-Roro\AppData\Roaming\Mozilla\Firefox\Profiles\cj7m7hph.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr/
    1 fichier(s) déplacé(s).
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    .
    .
    ------- Associations de fichier -------
    .
    txtfile="c:\windows\system32\nxtepad.exe" "%1"
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-03 16:58:27
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\System32\nvvsvc.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\System32\conime.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Java\jre6\bin\jusched.exe
    c:\program files\Alwil Software\Avast4\ashDisp.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\System32\ntvdm.exe
    c:\windows\System32\net.exe
    c:\windows\System32\net1.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-03 17:04:20 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-03 16:04:15

    Avant-CF: 69,233,553,408 octets libres
    Après-CF: 68,950,110,208 octets libres

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    402 --- E O F --- 2009-02-25 18:38:55
    0
  8. Utilisateur anonyme
     
    et le nouveau raport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:57:22, on 03/03/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\hp\support\hpsysdrv.exe
    C:\hp\KBD\kbd.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {0375C1E4-FB3B-479A-BC96-F6A4D5F029FA} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {448C8294-49D1-4FB0-B32A-ED739EE37219} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {56B26E77-EB7D-4FCA-B4AD-5BA412BDA468} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A03A24F6-7888-43EE-B25A-242F31663224} - (no file)
    O2 - BHO: (no name) - {BD4462D0-2934-4BDC-B886-C6D4CCE4CBB9} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Explorer] C:\Windows\system32\msrstart.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-21-1743233917-621825338-3690092286-1001\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
    O4 - HKUS\S-1-5-21-1743233917-621825338-3690092286-1001\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent (User '?')
    O4 - HKUS\S-1-5-21-1743233917-621825338-3690092286-1001\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
    O4 - HKUS\S-1-5-21-1743233917-621825338-3690092286-1001\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-1743233917-621825338-3690092286-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
    O4 - S-1-5-21-1743233917-621825338-3690092286-1001 Startup: Kyuubi-Barre.lnk = Halo-Roro\AppData\Roaming\KyuubiBarre\PF\KyuubiBarre.exe (User '?')
    O4 - S-1-5-21-1743233917-621825338-3690092286-1001 Startup: SMS Services.lnk = Halo-Roro\Documents\smss.exe (User '?')
    O4 - Startup: Kyuubi-Barre.lnk = Halo-Roro\AppData\Roaming\KyuubiBarre\PF\KyuubiBarre.exe
    O4 - Startup: SMS Services.lnk = Halo-Roro\Documents\smss.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/htdocs/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236090623564&h=96e15b781d3538908dbb3b94f84632df/&filename=jinstall-6u12-windows-i586-jc.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
    O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0348833B-C3C3-4D81-BD64-CE2B08842F17}: NameServer = 212.30.96.108,213.203.124.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CE8812A8-9D6F-4939-A1B7-4D123C2B6B3A}: NameServer = 212.30.96.108,213.203.124.146
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0348833B-C3C3-4D81-BD64-CE2B08842F17}: NameServer = 212.30.96.108,213.203.124.146
    O17 - HKLM\System\CS4\Services\Tcpip\..\{0348833B-C3C3-4D81-BD64-CE2B08842F17}: NameServer = 212.30.96.108,213.203.124.146
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\Windows\system32\sopidkc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: Tcp ipx Service (Tcpipsrv) - Unknown owner - c:\windows\$ntunistalls\svchost.exe
    0
  9. eZula Messages postés 3509 Statut Contributeur 392
     
    Tu n'as pas suivi cette instruction :

    Il est impératif de désactiver le résident TeaTimer de Spybot pendant l'ensemble des manipulations qui vont suivre. Aide Tea-Timer : http://www.genproc.com/spybot/spybot.html</code>
    

    pourquoi ?
    0
  10. Utilisateur anonyme
     
    si si , tea timer , je l'avait belle et bien desactiver
    0
  11. eZula Messages postés 3509 Statut Contributeur 392
     
    Il s'est réactivé, la conséquence c'est que tu as encore des clés orphelines visibles dans le log HijackThis. eteins-le, définitivement.

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en italique :

    Driver::
    seneka
    senekautocxcqw

    File::
    c:\windows\System32\senekacdptuxqi.dat­
    c:\windows\System32\senekapop.dll
    c:\windows\System32\drivers\seneka.sys
    c:\windows\System32\drivers\senekautocxcqw.sys
    c:\windows\System32\u182859850.dll
    c:\windows\$ntunistalls\svchost.exe
    C:\Windows\system32\msrstart.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Explorer"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000000


    Enregistre ce fichier sous le nom CFScript

    [*]Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture [img]http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif[/img]
    [*]Une fenêtre bleue va apparaître : au message "Type 1 to continue, or 2 to abort", tape 1 puis valide.
    [*]Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal.
    Ne touche à rien tant que le scan n'est pas terminé.
    [*]Une fois le scan achevé, un rapport va s'afficher : poste son contenu.
    [*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  12. Utilisateur anonyme
     
    voila :

    ComboFix 09-03-02.03 - Halo-Roro 2009-03-03 18:22:52.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3582.2527 [GMT 1:00]
    Lancé depuis: c:\users\Halo-Roro\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\Halo-Roro\Desktop\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\$ntunistalls\svchost.exe
    c:\windows\System32\drivers\seneka.sys
    c:\windows\System32\drivers\senekautocxcqw.sys
    c:\windows\system32\msrstart.exe
    c:\windows\System32\senekacdptuxqi.dat­
    c:\windows\System32\senekapop.dll
    c:\windows\System32\u182859850.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\$ntunistalls\svchost.exe
    c:\windows\System32\drivers\seneka.sys
    c:\windows\System32\drivers\senekautocxcqw.sys
    c:\windows\system32\msrstart.exe
    c:\windows\system32\senekacdptuxqi.dat
    c:\windows\System32\senekapop.dll
    c:\windows\System32\u182859850.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_seneka

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-03 16:32 . 2009-03-03 16:33 <REP> d-------- C:\GenProc
    2009-03-03 16:15 . 2009-03-03 16:15 <REP> d-------- c:\program files\Trend Micro
    2009-03-03 15:34 . 2009-03-03 15:34 <REP> d-------- c:\users\Halo-Roro\.kyuubibarrec
    2009-03-03 15:33 . 2009-03-03 15:33 <REP> d-------- c:\windows\Sun
    2009-03-03 15:33 . 2009-03-03 15:31 410,984 --a------ c:\windows\System32\deploytk.dll
    2009-03-03 15:27 . 2009-03-03 15:27 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\KyuubiBarre
    2009-03-03 15:27 . 2009-03-03 15:27 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\Kyuubi-Barre
    2009-03-03 15:27 . 2006-12-29 04:51 45,056 --a------ c:\windows\System32\jniwrap.dll
    2009-03-03 15:27 . 2008-04-04 10:19 293 --a------ c:\windows\System32\jniwrap.lic
    2009-03-03 15:27 . 2008-04-04 10:19 292 --a------ c:\windows\System32\jexplorer.lic
    2009-03-03 15:27 . 2008-04-04 10:19 289 --a------ c:\windows\System32\comfyj.lic
    2009-03-03 14:45 . 2009-03-03 14:45 <REP> d-------- c:\program files\Alwil Software
    2009-03-03 14:45 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
    2009-03-03 12:52 . 2009-03-03 18:23 <REP> d--hs---- c:\windows\$ntunistalls
    2009-03-03 04:26 . 2009-03-03 17:45 <REP> d-------- c:\users\Halo-Roro\Tracing
    2009-03-02 23:21 . 2009-03-02 23:21 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\FlashGet
    2009-03-02 23:19 . 2009-03-02 23:21 <REP> d-------- c:\program files\FlashGet
    2009-03-02 05:27 . 2009-03-02 05:27 107,888 --a------ c:\windows\System32\CmdLineExt.dll
    2009-03-02 05:11 . 2009-03-02 05:11 <REP> d-------- c:\program files\CAPCOM
    2009-03-02 05:10 . 2009-03-02 05:10 <REP> d-------- c:\windows\System32\xlive
    2009-03-02 03:45 . 2009-03-03 04:29 <REP> d-------- c:\users\Halo-Roro\Incomplete
    2009-03-02 03:31 . 2009-03-03 05:28 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\FrostWire
    2009-03-02 03:30 . 2009-03-03 15:31 <REP> d-------- c:\program files\Java
    2009-03-02 03:30 . 2009-03-02 03:30 <REP> d-------- c:\program files\Common Files\Java
    2009-03-02 03:17 . 2009-03-02 03:31 <REP> d-------- c:\program files\FrostWire
    2009-03-01 21:30 . 2009-03-01 21:30 <REP> d-------- c:\program files\CCleaner
    2009-03-01 17:44 . 2009-03-01 17:44 313,654 --a------ c:\windows\System32\hguest.exe
    2009-03-01 17:44 . 2009-03-01 17:44 107,756 --a------ c:\windows\System32\hgcheck.exe
    2009-03-01 17:44 . 2009-03-01 17:44 227 --a------ c:\windows\System32\hgset.ini
    2009-03-01 17:44 . 2009-03-01 17:44 77 --a------ c:\windows\System32\work.ini
    2009-03-01 03:05 . 2009-03-01 03:05 <REP> d-------- c:\windows\report
    2009-03-01 03:05 . 2009-03-01 03:04 22,310,977 --a------ c:\windows\LPT$VPN.873
    2009-03-01 03:04 . 2009-03-01 03:04 <REP> d-------- c:\windows\AU_Backup
    2009-03-01 03:04 . 2009-03-01 03:04 22,310,977 --a------ c:\windows\VPTNFILE.873
    2009-03-01 03:04 . 2009-03-01 03:04 1,980,182 --a------ c:\windows\tsc.ptn
    2009-03-01 03:04 . 2009-03-01 03:04 1,213,784 --a------ c:\windows\vsapi32.dll
    2009-03-01 03:04 . 2009-03-01 03:04 345,157 --a------ c:\windows\tsc.exe
    2009-03-01 03:04 . 2009-03-01 03:04 91,744 --a------ c:\windows\BPMNT.dll
    2009-03-01 03:04 . 2009-03-01 03:04 71,749 --a------ c:\windows\hcextoutput.dll
    2009-03-01 03:04 . 2009-03-01 17:15 823 --a------ c:\windows\tsc.ini
    2009-03-01 03:03 . 2009-03-01 03:04 <REP> d-------- c:\windows\AU_Temp
    2009-03-01 03:03 . 2009-03-01 03:03 <REP> d-------- c:\windows\AU_Log
    2009-03-01 03:03 . 2009-03-01 03:03 507,904 --a------ c:\windows\TMUPDATE.DLL
    2009-03-01 03:03 . 2009-03-01 03:03 69,689 --a------ c:\windows\UNZIP.DLL
    2009-03-01 03:03 . 2009-03-01 03:03 170 --a------ c:\windows\GetServer.ini
    2009-03-01 01:49 . 2009-03-01 21:09 <REP> d-a------ c:\users\All Users\TEMP
    2009-03-01 01:49 . 2009-03-01 21:09 <REP> d-------- c:\users\All Users\SpeedBit
    2009-03-01 01:49 . 2009-03-01 21:09 <REP> d-a------ c:\programdata\TEMP
    2009-03-01 01:49 . 2009-03-01 21:09 <REP> d-------- c:\programdata\SpeedBit
    2009-03-01 01:49 . 2009-03-01 21:10 <REP> d-------- c:\program files\DAP
    2009-02-28 19:10 . 2009-03-03 00:49 1,377 --a------ c:\windows\wininit.ini
    2009-02-28 18:36 . 2009-02-28 22:48 <REP> d-------- c:\windows\System32\3361
    2009-02-28 18:36 . 2009-02-28 18:36 108,336 --a------ c:\windows\System32\MSWINSCK.OCX
    2009-02-28 18:35 . 2002-02-15 14:02 676,352 --a------ c:\windows\System32\rtl60.bpl
    2009-02-28 18:34 . 2009-03-03 16:53 <REP> d-------- c:\windows\System32\inf
    2009-02-28 18:34 . 2009-02-28 18:34 155,175 --a------ c:\windows\System32\icv.exe
    2009-02-28 18:34 . 2009-02-28 18:34 155,175 --a------ c:\windows\system\xccef090131.exe
    2009-02-28 00:02 . 2009-02-28 00:02 <REP> d-------- c:\program files\RivaTuner v2.23
    2009-02-27 23:44 . 2009-02-27 23:44 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\DivX
    2009-02-27 19:00 . 2009-02-27 19:00 <REP> d-------- c:\program files\Lionhead Studios
    2009-02-27 04:34 . 2009-02-27 04:34 <REP> d-------- c:\users\All Users\NortonInstaller
    2009-02-27 04:34 . 2009-02-27 04:34 <REP> d-------- c:\programdata\NortonInstaller
    2009-02-26 21:39 . 2009-03-01 21:10 <REP> d-------- c:\program files\Common Files\PX Storage Engine
    2009-02-26 21:38 . 2009-03-01 21:11 <REP> d-------- c:\program files\DivX
    2009-02-26 21:35 . 2009-02-26 21:35 <REP> d-------- c:\program files\SystemRequirementsLab
    2009-02-26 20:40 . 2009-02-26 20:40 <REP> d-------- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
    2009-02-26 19:46 . 2009-02-26 19:46 42,320 --a------ c:\windows\System32\xfcodec.dll
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Searches
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Saved Games
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Links
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
    2009-02-26 04:58 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
    2009-02-26 04:58 . 2009-02-26 04:58 1,540 --a------ c:\windows\System32\ealregsnapshot1.reg
    2009-02-26 04:44 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
    2009-02-25 23:12 . 2009-02-25 23:12 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-02-25 20:19 . 2009-02-25 20:19 <REP> d-------- c:\program files\AIDA32 - Personal System Information
    2009-02-25 19:38 . 2009-02-25 19:38 <REP> d-------- c:\program files\Microsoft Silverlight
    2009-02-25 19:35 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
    2009-02-25 19:35 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
    2009-02-25 19:35 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
    2009-02-25 19:35 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
    2009-02-25 18:12 . 2009-02-26 04:58 <REP> dr------- c:\windows\System32\config\systemprofile\Music
    2009-02-24 22:45 . 2006-11-02 11:23 <REP> dr------- c:\users\Mcx1\Videos
    2009-02-24 22:45 . 2006-11-02 11:23 <REP> d-------- c:\users\Mcx1\Saved Games
    2009-02-24 22:45 . 2006-11-02 11:23 <REP> dr------- c:\users\Mcx1\Pictures
    2009-02-24 22:45 . 2009-02-27 04:56 <REP> dr------- c:\users\Mcx1\Music
    2009-02-24 22:45 . 2006-11-02 11:23 <REP> dr------- c:\users\Mcx1\Links
    2009-02-24 22:45 . 2006-11-02 11:23 <REP> dr------- c:\users\Mcx1\Downloads
    2009-02-24 22:45 . 2009-02-24 22:45 <REP> dr------- c:\users\Mcx1\Documents
    2009-02-24 22:45 . 2009-02-24 22:45 <REP> d--h----- c:\users\Mcx1\AppData
    2009-02-24 22:45 . 2009-02-24 22:45 <REP> d-------- c:\users\Mcx1
    2009-02-24 19:11 . 2009-02-24 19:11 <REP> d-------- C:\PerfLogs
    2009-02-24 00:08 . 2009-02-24 00:08 9,728 --a------ c:\program files\setup_bs.exe
    2009-02-23 05:21 . 2009-02-26 20:42 <REP> d-------- c:\program files\EA GAMES
    2009-02-23 05:21 . 2004-08-18 09:34 442,368 -ra------ c:\windows\System32\vp6vfw.dll
    2009-02-23 05:20 . 2009-02-23 05:20 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\DAEMON Tools Pro
    2009-02-23 05:20 . 2009-02-23 05:20 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\DAEMON Tools
    2009-02-23 05:19 . 2009-02-23 05:19 <REP> d-------- c:\users\All Users\DAEMON Tools Lite
    2009-02-23 05:19 . 2009-02-23 05:19 <REP> d-------- c:\programdata\DAEMON Tools Lite
    2009-02-23 05:19 . 2009-02-23 05:19 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-02-23 05:06 . 2009-02-23 05:06 717,296 --a------ c:\windows\System32\drivers\sptd.sys
    2009-02-23 05:05 . 2009-02-23 05:20 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\DAEMON Tools Lite
    2009-02-23 01:33 . 2009-02-23 01:33 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-02-23 01:33 . 2009-02-23 01:33 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2009-02-22 21:27 . 2008-01-19 08:33 2,623,488 --a------ c:\windows\System32\SLsvc.exe
    2009-02-22 21:27 . 2008-01-19 08:36 1,541,120 --a------ c:\windows\System32\onex.dll
    2009-02-22 21:25 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
    2009-02-22 21:24 . 2008-01-19 08:32 5,714,432 --a------ c:\windows\System32\logon.scr
    2009-02-22 21:23 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
    2009-02-22 21:23 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
    2009-02-22 21:23 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
    2009-02-22 21:23 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
    2009-02-22 21:23 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
    2009-02-22 21:23 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
    2009-02-22 21:23 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
    2009-02-22 21:23 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
    2009-02-22 21:23 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
    2009-02-22 21:23 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
    2009-02-22 04:12 . 2009-02-23 00:47 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\Audacity
    2009-02-22 04:12 . 2009-02-22 04:12 <REP> d-------- c:\program files\Audacity 1.3 Beta (Unicode)
    2009-02-22 04:03 . 2009-02-22 04:03 <REP> d-------- c:\users\Halo-Roro\AppData\Roaming\AdobeUM
    2009-02-22 03:32 . 2009-02-22 03:33 <REP> d-------- c:\program files\One Touch Grabber
    2009-02-22 03:21 . 2009-02-22 03:24 <REP> d-------- c:\program files\Mydrv

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-01 20:10 --------- d-----w c:\program files\Google
    2009-02-27 18:00 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-27 03:34 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-02-24 18:31 174 --sha-w c:\program files\desktop.ini
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Sidebar
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Photo Gallery
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Mail
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Journal
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Defender
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Collaboration
    2009-02-24 18:12 --------- d-----w c:\program files\Windows Calendar
    2009-02-23 00:32 --------- d-----w c:\program files\Microsoft Works
    2009-02-21 23:35 --------- d-----w c:\program files\HP
    2009-02-21 23:33 --------- d-----w c:\program files\Intel
    2009-02-21 23:28 319,456 ----a-w c:\windows\DIFxAPI.dll
    2009-02-21 23:28 --------- d-----w c:\program files\Realtek
    2009-02-21 00:40 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2009-02-21 00:40 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2009-02-21 00:40 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2009-02-21 00:40 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
    2009-02-21 00:40 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2009-02-21 00:40 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2009-02-21 00:32 --------- d-----w c:\program files\Common Files\Roxio Shared
    2009-02-20 22:46 --------- d-----w c:\program files\Common Files\InstallShield
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Modèles
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Menu Démarrer
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Favoris
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Documents
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Bureau
    2009-02-20 22:24 --------- d-sh--w c:\programdata\Application Data
    2009-02-20 22:24 --------- d-sh--w c:\program files\Fichiers communs
    2009-02-09 12:18 7,764,672 ----a-w c:\windows\system32\drivers\nvlddmkm.sys
    2009-02-09 12:18 4,160 ----a-w c:\windows\system32\drivers\nvBridge.kmd
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-03_17.02.18.57 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-03-03 15:57:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-03-03 17:26:35 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-03-03 15:57:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-03-03 17:26:35 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-03-03 15:57:39 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-03-03 17:26:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-03-03 17:26:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2009-03-03 15:57:39 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-03-03 17:26:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-03-03 17:26:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2009-03-03 15:57:48 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-03-03 16:52:36 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-03-03 15:57:48 409,600 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-03 16:52:36 425,984 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-03 16:51:16 91,136 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYSLXSV3\w[1].bin
    - 2009-03-03 15:57:48 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-03 16:52:36 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-03-03 15:52:06 7,892 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1743233917-621825338-3690092286-1001_UserData.bin
    + 2009-03-03 16:46:58 8,436 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1743233917-621825338-3690092286-1001_UserData.bin
    - 2009-03-03 15:52:06 53,316 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-03-03 16:46:58 53,528 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-03-03 15:51:59 42,338 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-03-03 16:46:56 44,398 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-21 342848]
    "Steam"="c:\program files\steam\steam.exe" [2009-02-21 1410296]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CCUTRAYICON"="FactoryMode" [X]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

    c:\users\Halo-Roro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Kyuubi-Barre.lnk - c:\users\Halo-Roro\AppData\Roaming\KyuubiBarre\PF\KyuubiBarre.exe [2009-03-03 61952]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-02-20 495616]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    "msacm.divxa32"= divxa32.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashDisp.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashserv.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Antivirus-ashSimpl.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avesvc.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdmcon.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdnagent.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdss.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdswitch.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DefWatch.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xcommsvr.exe]
    "Debugger"=c:\windows\system32\alg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E77CF33D-6C07-4636-827B-E4A2A139A82D}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{0CA4CCB7-952B-4723-B7B4-C7B9853E7EEB}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{BEA96267-04DD-44FA-BAD3-B069F3F7243B}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{82183388-A487-4BCB-BAF2-CE5133326DAA}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{F22D71E8-C211-4975-8F5D-3C9DE1676D53}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{F3AD6A74-9AE2-47DF-BFAA-D54272845B0F}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{8551BBB6-387A-41FD-B396-D4A9396BB088}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
    "{5A4E1C30-017A-4EC2-84A2-FEA429A44A63}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
    "{6AEB06E6-E66C-45FE-8284-12F189B10DBC}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{43397F41-E95F-494D-9D8C-95A33B28DBED}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{4C5EEA69-FD81-4F9A-8247-9C090972ED57}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{4933A42D-7E59-41A9-95DF-2A19F9151518}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{23C650A1-D3D6-4DBA-8116-35D49E601782}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
    "{9C4D81D5-BC13-4B39-8030-B2E9FA666149}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
    "{B6525A6C-5584-4798-876D-9811B11EE0AD}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
    "{E4D55A75-9F72-45AA-8898-8C2FE8DCF038}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
    "TCP Query User{B7E9F68C-B1A6-4BD5-9105-C6B487EC4D54}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{9E01EFBD-0424-4B52-9671-05C51F0D9AED}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{B8D1ECA2-0DFE-489E-92DD-A647C31F4E89}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
    "UDP Query User{57A46E9B-B875-400E-8D43-FE2B5E0E0712}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
    "TCP Query User{BC29744A-21B3-4899-B874-5F36A1F24D95}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "UDP Query User{9DC0EC7A-6145-4D0C-86F3-00FE6F8E372A}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
    "TCP Query User{FA611B4B-35C9-4EE0-9DCB-C6E81DD38F9D}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{B635EA4A-498F-4F5F-B2E8-0F8F0A869300}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
    "{48103C77-73AC-4B49-BCA9-D4083DD35270}"= UDP:c:\program files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
    "{DBC5F29C-2463-4551-9DE8-A4E94D043354}"= TCP:c:\program files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
    "TCP Query User{64EF6523-2D47-4B55-86D4-31E9FF1E42F1}c:\\program files\\saints row 2\\sr2_pc.exe"= UDP:c:\program files\saints row 2\sr2_pc.exe:SR2_pc
    "UDP Query User{1B8F0107-211F-47C7-A03A-15AC251CBC79}c:\\program files\\saints row 2\\sr2_pc.exe"= TCP:c:\program files\saints row 2\sr2_pc.exe:SR2_pc
    "{CFFF8149-51DD-4AC5-966D-37FBCF31E8AB}"= UDP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX9.exe:LOSTPLANETCOLONIES_DX9
    "{CD1A23EE-8AFC-4A27-981E-09B84471A434}"= TCP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX9.exe:LOSTPLANETCOLONIES_DX9
    "{636A8E8A-4575-4F64-B8E8-230C5155E4CD}"= UDP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX10.exe:LOSTPLANETCOLONIES_DX10
    "{5E3C3E9C-D7B0-4EFB-A203-F223C1FC9FF7}"= TCP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX10.exe:LOSTPLANETCOLONIES_DX10
    "TCP Query User{730BAF62-55E6-46B3-AA2A-C67F38640AAD}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
    "UDP Query User{4F6451AD-3923-4987-ADB6-ACC9777C0B29}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
    "TCP Query User{3818922F-72CF-4B84-9C7E-60937A367C53}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
    "UDP Query User{0B47C5D2-EA19-4F5A-BA58-04E89439363A}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
    "c:\\Windows\\system32\\3361\\svchost.exe"= c:\windows\system32\3361\svchost.exe:*:Enabled:SVCHOST.EXE
    "c:\\Users\\HALO-R~1\\DOCUME~1\\smss.exe"= c:\users\HALO-R~1\DOCUME~1\smss.exe:*:Enabled:SMS Services

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-03 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-03 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-03 51792]
    R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
    S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-21 1153368]
    S2 sopidkc;sopidkc Service;c:\windows\System32\sopidkc.exe [2006-11-02 48128]
    S2 Tcpipsrv;Tcp ipx Service;c:\windows\$ntunistalls\svchost.exe --> c:\windows\$ntunistalls\svchost.exe [?]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - sptd
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0375C1E4-FB3B-479A-BC96-F6A4D5F029FA} - (no file)
    BHO-{448C8294-49D1-4FB0-B32A-ED739EE37219} - (no file)
    BHO-{56B26E77-EB7D-4FCA-B4AD-5BA412BDA468} - (no file)
    BHO-{A03A24F6-7888-43EE-B25A-242F31663224} - (no file)
    BHO-{BD4462D0-2934-4BDC-B886-C6D4CCE4CBB9} - (no file)

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://google.fr/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=desktop
    IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
    TCP: {0348833B-C3C3-4D81-BD64-CE2B08842F17} = 212.30.96.108,213.203.124.146
    TCP: {CE8812A8-9D6F-4939-A1B7-4D123C2B6B3A} = 212.30.96.108,213.203.124.146
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - ProfilePath - c:\users\Halo-Roro\AppData\Roaming\Mozilla\Firefox\Profiles\cj7m7hph.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr/
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-03 18:27:23
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\System32\nvvsvc.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\System32\conime.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Alwil Software\Avast4\ashDisp.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-03 18:33:30 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-03 17:33:26
    ComboFix2.txt 2009-03-03 16:04:21

    Avant-CF: 67 260 506 112 octets libres
    Après-CF: 67,015,815,168 octets libres

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    395 --- E O F --- 2009-02-25 18:38:55
    0
  13. eZula Messages postés 3509 Statut Contributeur 392
     
    1. Vas sur ce site https://www.virustotal.com/gui/
    Colle dans la case à gauche de "parcourir" :
    c:\users\HALO-R~1\DOCUME~1\smss.exe
    clique ensuite sur "Envoyer le fichier" puis patiente jusqu'à apparition du message "Situation actuelle: terminé " ; copie alors le rapport dans ta réponse.
    Recommence avec ce chemin :
    c:\windows\system32\3361\svchost.exe
    c:\windows\System32\sopidkc.exe

    2. Que vois-tu dans ces dossiers :
    c:\windows\$ntunistalls ?
    c:\windows\system32\3361

    3. C'est toi qui as installé cette barre kyuubibarre ?
    0
  14. Utilisateur anonyme
     
    je suis en train de faire se que tu ma dit , et oui , c'est moi qui l'ai installer , c'est une barre rémunératrice en affichant des pub ( du style eurobarre )
    0
  15. Utilisateur anonyme
     
    alors heu probleme smss.exe existe pas ,

    pour le 2 eme , dans le dossier il n'y a que mlog , pas de svchost.exe , et sopidkc.exe existe pas non plus

    dans le dossier c:\windows\$ntunistalls , le dossier est video
    dans le dossier c:\windows\system32\3361 il y a le fichier mlog
    0
  16. Utilisateur anonyme
     
    je suis sous Vista , donc je n'ai pas le menu "option des dossier"
    0
  17. Utilisateur anonyme
     
    oui , mais je n'ai pas poste de travail > outils .....
    0
  18. eZula Messages postés 3509 Statut Contributeur 392
     
    ne pouvant pas faire toutes les recherches à ta place, je compte sur toi pour trouver la manière d'afficher tous les fichiers sous vista. Après tu me dis si tu vois le fichier C:\windows\System32\sopidkc.exe
    0
  19. Utilisateur anonyme
     
    c'est bon j'ai trouver , le fichier se trouve par contre dans C:\Windows
    0
  • 1
  • 2
  • 3