Sujet Précédent Sujet Suivant

Rapport HiJackThis

Fermé
Sumertom - 14 avril 2009 à 19:08
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 17 avril 2009 à 15:01
Bonjour,j'aimerais savoir quels lignes supprimer dans mon rapport HiJackThis car j' avais plusieurs malwares que j'ai éliminer grâce à Panda IS 2009, mais je me suis rendu compte après que explorer.exe à été endommager.
Par conséquent quand je vais dans ma session, les icones, la barre des taches ne sont pas affichés.
Je suis obligé de l'exécuter manuellement via le gestionnaire des taches à chaque fois.

VOICI LE RAPPORT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:14, on 14/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\ApVxdWin.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\IFACE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\avciman.exe
C:\Users\Thom's_2\Downloads\a garder\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1.5FO\STREAM~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service Google Update (gupdate1c9b50a73c0614f) (gupdate1c9b50a73c0614f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrvx86.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

11 réponses

Réponse 1 / 11
Sumertom
15 avril 2009 à 10:39
Voila le rapport demandé, dis moi si tout est OK:

ComboFix 09-04-15.08 - Thom's_2 15/04/2009 10:12.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2045.1308 [GMT 2:00]
Lancé depuis: c:\users\Thom's_2\Desktop\ComboFix.exe
AV: Antivirus BitDefender *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *disabled*
* Un nouveau point de restauration a été créé
.
[i] ADS - Windows: deleted 72 bytes in 1 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\vlc-0.9.4-win32.exe
c:\programdata\vlc-0.9.6-win32.exe
c:\users\Thom's_2\AppData\Roaming\ezpinst.log
c:\users\Thom's_2\AppData\Roaming\inst.exe
c:\windows\system32\AutoRun.inf
D:\resycled

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-15 au 2009-04-15 ))))))))))))))))))))))))))))))))))))
.

2009-04-14 16:29 . 2009-04-14 16:29 -------- d-----w c:\users\All Users\WEBREG
2009-04-14 16:29 . 2009-04-14 16:29 -------- d-----w c:\programdata\WEBREG
2009-04-14 11:26 . 2009-04-14 11:26 -------- d-----w c:\users\Abigail\Program Files
2009-04-14 10:44 . 2009-04-14 10:44 -------- d-----w c:\users\Thom's_2\AppData\Local\VirtualStore
2009-04-12 18:30 . 2009-04-12 18:30 8627 ----a-w c:\windows\system32\PAV_FOG.OPC
2009-04-12 18:16 . 2009-04-12 18:16 -------- d-----w c:\users\All Users\Backup
2009-04-12 18:16 . 2009-04-12 18:16 -------- d-----w c:\programdata\Backup
2009-04-12 18:14 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-11 14:58 . 2003-05-22 10:26 221215 ----a-w c:\windows\system32\divxdec.ax
2009-04-11 14:58 . 2003-05-21 21:50 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-04-11 14:58 . 2003-05-22 10:26 638976 ----a-w c:\windows\system32\divx.dll
2009-04-10 12:57 . 1997-01-16 11:42 6114 ----a-w c:\windows\system32\SHELLLNK.TLB
2009-04-10 12:57 . 1997-01-15 22:00 29696 ----a-w c:\windows\system32\VB5STKIT.DLL
2009-04-10 12:57 . 2007-08-23 13:05 185344 ----a-w c:\windows\system32\iwpsetup.exe
2009-04-09 18:52 . 2009-04-09 18:52 40 ----a-w c:\windows\NAVIGMA.INI
2009-04-09 12:06 . 2009-04-09 12:06 194 ----a-w c:\windows\w32dasm8.ini
2009-04-09 12:05 . 2009-04-09 12:05 30 ----a-w c:\windows\SWPRODPB.INI
2009-04-09 11:07 . 2009-04-09 11:07 -------- d-----w c:\users\Thom's_2\AppData\Roaming\vlc
2009-04-05 11:32 . 2009-04-05 11:32 -------- d-----w c:\users\Thom's_2\SparkAngels
2009-04-01 20:21 . 2005-04-27 14:36 245408 ----a-w c:\windows\system32\unicows.dll
2009-03-31 14:16 . 2009-03-31 14:16 -------- d-----w C:\CloneDVDTemp
2009-03-26 20:05 . 2009-04-09 17:09 -------- d-----r c:\users\Abigail\Nouveau dossier (1)
2009-03-25 19:14 . 2009-04-10 21:02 375 ----a-w c:\windows\system32\BDUpdateV1.xml
2009-03-18 15:18 . 2009-04-14 11:16 -------- d-----w c:\users\Thom's_2\Tracing
2009-03-18 15:16 . 2009-04-14 14:56 263367710 ----a-w c:\windows\MEMORY.DMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 08:08 . 2009-04-15 08:08 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-15 08:08 . 2009-04-15 08:08 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-15 08:08 . 2009-04-12 15:48 -------- d-----w c:\program files\Panda Security
2009-04-15 08:08 . 2007-12-05 02:48 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-15 08:06 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-15 08:06 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-15 08:06 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-15 08:04 . 2009-04-07 10:52 245760 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
2009-04-15 08:04 . 2008-03-05 15:21 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-15 08:04 . 2008-03-05 15:21 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-15 08:04 . 2008-03-05 15:21 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-15 07:31 . 2009-02-13 12:00 -------- d-----w c:\users\Abigail\AppData\Roaming\DNA
2009-04-14 16:29 . 2008-09-13 10:23 159758 ----a-w c:\windows\hpoins14.dat
2009-04-14 14:45 . 2009-02-09 11:14 -------- d-----w c:\users\Thom's_2\AppData\Roaming\DNA
2009-04-14 11:31 . 2008-03-15 16:12 -------- d-----w c:\programdata\Google Updater
2009-04-14 10:44 . 2009-02-09 11:14 -------- d-----w c:\program files\DNA
2009-04-13 19:31 . 2009-02-09 11:15 -------- d-----w c:\users\Thom's_2\AppData\Roaming\BitTorrent
2009-04-13 18:58 . 2008-06-15 17:50 -------- d-----w c:\users\Thom's_2\AppData\Roaming\FrostWire
2009-04-12 18:25 . 2007-12-05 10:50 672084 ----a-w c:\windows\System32\perfh00C.dat
2009-04-12 18:25 . 2007-12-05 10:50 124228 ----a-w c:\windows\System32\perfc00C.dat
2009-04-12 11:18 . 2008-03-05 18:44 108248 ----a-w c:\users\Abigail\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-12 10:29 . 2008-04-26 18:18 108248 ----a-w c:\windows\System32\GDIPFONTCACHEV1.DAT
2009-04-12 10:09 . 2008-06-26 20:45 81984 ----a-w c:\windows\System32\bdod.bin
2009-04-12 09:40 . 2008-10-28 10:07 1356 ----a-w c:\users\Thom's_2\AppData\Local\d3d9caps.dat
2009-04-10 17:59 . 2008-10-27 20:48 47360 ----a-w c:\users\Thom's_2\AppData\Roaming\pcouffin.sys
2009-04-10 16:34 . 2008-04-13 20:32 -------- d---a-w c:\programdata\TEMP
2009-04-10 12:35 . 2008-03-08 16:22 -------- d-----w c:\programdata\BVRP Software
2009-04-07 12:36 . 2009-02-13 10:54 -------- d-----w c:\program files\halo
2009-04-07 11:07 . 2009-04-07 11:07 245760 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
2009-04-07 11:07 . 2008-11-19 18:05 32768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-07 11:07 . 2008-11-19 18:05 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-07 11:07 . 2008-11-19 18:05 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-07 10:10 . 2007-12-05 02:48 319456 ----a-w c:\windows\DIFxAPI.dll
2009-04-04 09:48 . 2008-03-07 21:33 -------- d-----w c:\program files\Google
2009-04-01 20:22 . 2009-04-01 20:21 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-01 20:22 . 2008-07-29 13:53 -------- d-----w c:\programdata\ArcSoft
2009-04-01 20:21 . 2009-04-01 20:21 -------- d-----w c:\program files\ArcSoft
2009-03-29 19:19 . 2009-02-14 09:17 -------- d-----w c:\users\Juliana\AppData\Roaming\DNA
2009-03-29 18:49 . 2008-03-24 12:11 1630 ----a-w c:\users\Juliana\AppData\Roaming\wklnhst.dat
2009-03-28 15:12 . 2007-12-05 03:00 -------- d-----w c:\program files\Microsoft Works
2009-03-26 17:05 . 2007-12-05 02:45 -------- d-----w c:\program files\ATI Technologies
2009-03-26 16:48 . 2007-12-05 02:59 -------- d-----w c:\program files\Java
2009-03-22 10:01 . 2008-07-07 16:31 -------- d-----w c:\program files\AGEIA Technologies
2009-03-21 16:48 . 2009-03-21 16:48 -------- d-----w c:\program files\Sony Corporation
2009-03-17 18:04 . 2009-03-17 18:04 -------- d-----w c:\program files\alaplaya
2009-03-16 16:53 . 2008-03-05 20:28 -------- d-----w c:\programdata\Microsoft Help
2009-03-15 17:04 . 2008-09-27 09:44 -------- d-----w c:\program files\Common Files\Adobe
2009-03-14 12:55 . 2009-03-14 12:55 -------- d-----w c:\users\Abigail\AppData\Roaming\TuneUp Software
2009-03-14 12:26 . 2009-03-14 12:26 -------- d-----w c:\users\Juliana\AppData\Roaming\TuneUp Software
2009-03-11 17:47 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-10 19:21 . 2007-12-05 03:06 -------- d-----w c:\programdata\WildTangent
2009-03-09 04:19 . 2009-01-31 14:06 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 15:37 . 2008-09-20 11:31 1772 ----a-w c:\users\Abigail\AppData\Roaming\wklnhst.dat
2009-03-08 15:06 . 2008-10-05 12:56 -------- d-----w c:\users\Abigail\AppData\Roaming\dvdcss
2009-03-08 11:34 . 2009-04-07 10:15 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-04-07 10:15 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-04-07 10:15 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-04-07 10:15 109056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 . 2009-04-07 10:15 109568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-07 10:15 132608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-07 10:15 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-07 10:15 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-07 10:15 103936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-07 10:15 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-04-07 10:15 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-04-07 10:15 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-04-07 10:15 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-04-07 10:15 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-04-07 10:15 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-04-07 10:15 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-04-07 10:15 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-04-07 10:15 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-07 19:28 . 2009-02-12 21:11 603904 ----a-w c:\windows\System32\TUProgSt.exe
2009-03-07 19:28 . 2009-03-07 19:28 360192 ----a-w c:\windows\System32\TuneUpDefragService.exe
2009-03-07 19:28 . 2009-03-07 19:28 -------- d-----w c:\users\Thom's_2\AppData\Roaming\TuneUp Software
2009-03-07 19:28 . 2009-03-07 19:28 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-05 16:56 . 2009-03-05 16:50 -------- d-----w c:\users\Thom's_2\AppData\Roaming\NwDocx
2009-03-01 15:22 . 2009-03-01 15:22 -------- d-----w c:\programdata\Fugazo
2009-03-01 15:21 . 2009-03-01 15:21 -------- d-----w c:\program files\Cooking Academy 2 - World Cuisine
2009-02-26 21:08 . 2008-03-08 15:57 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 20:42 . 2009-02-25 20:42 135168 ----a-w c:\windows\System32\atiadlxx.dll
2009-02-21 21:09 . 2008-03-07 21:40 -------- d-----w c:\program files\Windows Live
2009-02-21 11:04 . 2007-12-05 02:58 -------- d-----w c:\programdata\muvee Technologies
2009-02-21 10:42 . 2009-02-17 18:55 -------- d-----w c:\users\Thom's_2\AppData\Roaming\muvee Technologies
2009-02-17 19:40 . 2009-02-15 12:38 -------- d-----w c:\program files\muvee Technologies
2009-02-17 19:24 . 2008-08-29 19:00 -------- d-----w c:\program files\Common Files\muvee Technologies
2009-02-17 18:14 . 2009-02-17 18:13 -------- d-----w c:\program files\QuickTime
2009-02-17 18:13 . 2009-02-17 18:13 -------- d-----w c:\programdata\Apple Computer
2009-02-17 18:12 . 2009-02-17 18:12 -------- d-----w c:\program files\Apple Software Update
2009-02-17 18:12 . 2009-02-17 18:12 -------- d-----w c:\programdata\Apple
2009-02-17 17:11 . 2009-02-17 17:11 24232 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 . 2009-02-17 13:33 89256 ----a-w c:\windows\System32\ElbyCDIO.dll
2009-02-15 12:55 . 2007-12-05 02:48 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-15 10:12 . 2009-02-15 10:12 -------- d-----w c:\programdata\Elaborate Bytes
2009-02-15 10:11 . 2009-02-15 10:11 -------- d-----w c:\program files\Elaborate Bytes
2009-02-14 13:31 . 2009-01-14 15:03 30520 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-14 13:31 . 2009-01-14 15:03 107832 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-09 03:10 . 2009-03-11 12:30 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 18:39 . 2009-02-06 18:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Thom's_2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent Ultra Accelerator.lnk]
path=c:\users\Thom's_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent Ultra Accelerator.lnk
backup=c:\windows\pss\BitTorrent Ultra Accelerator.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Thom's_2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire Ultra Accelerator.lnk]
path=c:\users\Thom's_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire Ultra Accelerator.lnk
backup=c:\windows\pss\FrostWire Ultra Accelerator.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 17:51 3885408 ----a-w c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"WMAAD"=c:\program files\Sony\WALKMAN Launcher\WMAAD.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-31559053-1006822257-528400971-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-31559053-1006822257-528400971-1005]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85B46774-5E93-44A5-8B83-71E63AD0F949}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9FE18557-B9ED-4C83-B547-5723C0CEB839}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{E8AE5819-B204-403B-AA94-8B7B631552FA}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{BBCC0731-E6B4-41ED-86AF-AFDC0172CFFD}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{0717275B-D677-48AB-A13A-9675B6E5B6AD}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{3CEEA0DB-B37C-4CCE-953A-EC6542E10E12}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{65AFA5D8-8E2B-4304-929D-C785CCD26450}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{01CDCBEF-60D9-4552-9CF5-D6F5CFF418E5}"= UDP:c:\users\Thom's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6H1JKU3\utorrent[1].exe:µTorrent
"{36EB83D5-06C6-4F71-ADA5-511C47FDD1BB}"= TCP:c:\users\Thom's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6H1JKU3\utorrent[1].exe:µTorrent
"{38680BD3-E8C1-49C3-892B-A663A587F4FF}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{63913B1E-68C9-4BC2-AAEE-C3FFC718C799}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{44770733-4AE3-4B66-AF0E-13808BDFFC17}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{B4B89FF2-0ABE-4E4D-991E-487A40B36F47}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{7BE3F108-602F-43EC-824E-6969C50AB812}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{339E8968-E290-46C8-9BA6-51CC1A913BA4}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{E1F1A04E-0A8A-40E7-9A86-41B5678AE96B}"= UDP:c:\program files\Microsoft LifeCam\LifeEnC2.exe:LifeEnC2.exe
"{B31A2D20-529A-4C69-92F5-12524FCA1D38}"= TCP:c:\program files\Microsoft LifeCam\LifeEnC2.exe:LifeEnC2.exe
"{BD97B886-7F83-4223-B027-8CA3C881EF63}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{C59F206A-5DFE-402F-BF23-24EB9063FD8C}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{96CB3128-A615-4665-9429-1B5FAA58B745}"= UDP:c:\program files\Microsoft LifeCam\LifeTray.exe:LifeTray.exe
"{EFAE476F-C26F-4840-B5BB-2F3DBDA3BCEC}"= TCP:c:\program files\Microsoft LifeCam\LifeTray.exe:LifeTray.exe
"{A142D31A-390E-40EE-AF79-F6D608136178}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A8E4C823-209B-48E1-B602-3007DC0E5240}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{E4A9BE2F-FD16-4B69-876F-AB7A9EF45658}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{2DEE8FE0-256B-4E23-84C8-E86E1E480761}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{DBB138A4-AC03-4AE9-9B60-63560F179F9C}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{AD2DE5DA-EF2D-48B1-8464-D47B909ECB97}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{0E924E98-EC5F-46B3-9209-16DC9FD9DDC6}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{C8B29332-0753-45F2-95D8-FDDBD1CADEFF}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{6325D84C-D32E-4D32-8717-8A3AC763882F}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{55DACCBD-7365-477E-9D8D-ADD0CE780280}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{15EF7A3F-3DF9-40F8-BC1B-EC075C4DF689}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{BA0E4607-65A9-433D-8D79-91E49224D857}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{24F6C1A3-C261-4BBD-8608-ED65F131C171}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EAF37EFB-BADD-4290-96D7-F8AE023FD4E6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A0F9E64D-1EBF-4DFC-9D0F-0A1B250F73EC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3326515E-3A8B-4098-A528-980DDA8EC105}"= UDP:c:\users\Thom's_2\Desktop\uTorrent.exe:µTorrent (TCP-In)
"{31123EF8-6D4C-48A6-8E9E-2F8A31A5B6BB}"= TCP:c:\users\Thom's_2\Desktop\uTorrent.exe:µTorrent (UDP-In)
"{A71DE5DC-6D1A-4CD6-8A91-0044766202AB}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{B65ACEEF-B3C9-4B0F-80EF-225FB8CE51E7}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{56B9C124-D135-460A-9E9A-8F960F6D7110}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{15776568-E251-4961-B14C-CB7AF29A2E41}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{55986810-25B6-4225-96C1-9F79E5894EB3}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{829B3B8E-B184-42AE-9877-776314503116}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{D47FB66D-4112-4BE4-8289-7C0202014BA7}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 gupdate1c9b50a73c0614f;Service Google Update (gupdate1c9b50a73c0614f);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
R3 ATIXPGAA;ATIXPGAA; [x]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
R3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
S1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [2008-01-15 47470]
S1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557762;c:\windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2008-04-13 22304]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-07 603904]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2008-08-04 33808]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4219a36-5da1-11dd-b654-001c255688c0}]
\shell\Auto\command - cmd /C launch.bat
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-15 16:44]

2009-04-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 09:47]

2009-04-04 c:\windows\Tasks\HPCeeScheduleForJuliana.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-12-05 15:34]

2009-04-15 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:04]

2009-04-15 c:\windows\Tasks\User_Feed_Synchronization-{05191834-CA4B-4B6C-A8BC-29026934ED1C}.job
- c:\windows\system32\msfeedssync.exe [2009-04-07 11:31]
.
.
------- Examen supplémentaire -------
.
IE: Transfert par Image Converter 3 - c:\program files\SONY\IMAGE CONVERTER 3\menu.htm
FF - ProfilePath - c:\users\Thom's_2\AppData\Roaming\Mozilla\Firefox\Profiles\u5s0nu09.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - component: c:\users\Thom's_2\AppData\Roaming\Mozilla\Firefox\Profiles\u5s0nu09.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 10:20
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
Heure de fin: 2009-04-15 10:26
ComboFix-quarantined-files.txt 2009-04-15 08:24

Avant-CF: 281 786 429 440 octets libres
Après-CF: 280 887 345 152 octets libres

335 --- E O F --- 2009-04-14 09:05
1
Réponse 2 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
14 avril 2009 à 19:10
slt

tu es encore infecté":


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 3 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 avril 2009 à 12:41
remets un rapport RSIt pour verifier et dis si encore des soucis avec ton pc



Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 4 / 11
Sumertom
15 avril 2009 à 16:44
voila les 2 rapports:

1er log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Thom's_2 at 2009-04-15 16:21:44
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 264 GB (57%) free of 466 GB
Total RAM: 2045 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:58, on 15/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Users\Thom's_2\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Thom's_2\Downloads\a garder\Thom's_2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1.5FO\STREAM~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service Google Update (gupdate1c9b50a73c0614f) (gupdate1c9b50a73c0614f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 avril 2009 à 16:53
ok

il en reste

________________
quel antivirus as tu ??????????,,

_________________


Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________


Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
C:\Windows\tasks\nqbievdf.job
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4219a36-5da1-11dd-b654-001c255688c0}]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 6 / 11
Sumertom
15 avril 2009 à 17:53
En antivirus, j'ai bitdefender IS 2009 + mawarebytes en complément(version gratuite) mais je me suis
rendu compte qu'ils n'ont pas assurés sur ce coup là(ou moi!!!) donc j'ai fait un active scan chez Panda
et il m'a détecté des cookies et un trojan mais pour la désinfection je devais installer Panda alors j'ai installer
Panda IS 2009 mais il me plait pas je l'ai mis en attendant d'aller courir a la Fnac chercher NOD32 (l'heureux
élu...).En ce moment j'ai juste windows defender+ pare feu windows + contrôle de compte d'utilisateur.
Entre temps j'ai zappé de faire un petit nettoyage avec TuneUp notamment du registre c'est sans doute pour ca que tu dois voir plein de noms différent d'antivirus.

Bon voici le log:

ComboFix 09-04-15.08 - Thom's_2 15/04/2009 17:19.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2045.1060 [GMT 2:00]
Lancé depuis: c:\users\Thom's_2\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Thom's_2\Desktop\CFscript.txt
AV: Antivirus BitDefender *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *disabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\tasks\nqbievdf.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\tasks\nqbievdf.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-15 au 2009-04-15 ))))))))))))))))))))))))))))))))))))
.

2009-04-15 14:21 . 2009-04-15 14:22 -------- d-----w C:\rsit
2009-04-15 09:12 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 09:12 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 09:12 . 2009-04-15 09:12 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-15 09:12 . 2009-04-15 09:12 -------- d-----w c:\programdata\Malwarebytes
2009-04-14 16:29 . 2009-04-14 16:29 -------- d-----w c:\users\All Users\WEBREG
2009-04-14 16:29 . 2009-04-14 16:29 -------- d-----w c:\programdata\WEBREG
2009-04-14 11:26 . 2009-04-14 11:26 -------- d-----w c:\users\Abigail\Program Files
2009-04-14 10:44 . 2009-04-14 10:44 -------- d-----w c:\users\Thom's_2\AppData\Local\VirtualStore
2009-04-12 18:30 . 2009-04-12 18:30 8627 ----a-w c:\windows\system32\PAV_FOG.OPC
2009-04-12 18:16 . 2009-04-12 18:16 -------- d-----w c:\users\All Users\Backup
2009-04-12 18:16 . 2009-04-12 18:16 -------- d-----w c:\programdata\Backup
2009-04-12 18:14 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-11 14:58 . 2003-05-22 10:26 221215 ----a-w c:\windows\system32\divxdec.ax
2009-04-11 14:58 . 2003-05-21 21:50 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-04-11 14:58 . 2003-05-22 10:26 638976 ----a-w c:\windows\system32\divx.dll
2009-04-10 12:57 . 1997-01-16 11:42 6114 ----a-w c:\windows\system32\SHELLLNK.TLB
2009-04-10 12:57 . 1997-01-15 22:00 29696 ----a-w c:\windows\system32\VB5STKIT.DLL
2009-04-10 12:57 . 2007-08-23 13:05 185344 ----a-w c:\windows\system32\iwpsetup.exe
2009-04-09 18:52 . 2009-04-09 18:52 40 ----a-w c:\windows\NAVIGMA.INI
2009-04-09 12:06 . 2009-04-09 12:06 194 ----a-w c:\windows\w32dasm8.ini
2009-04-09 12:05 . 2009-04-09 12:05 30 ----a-w c:\windows\SWPRODPB.INI
2009-04-09 11:07 . 2009-04-09 11:07 -------- d-----w c:\users\Thom's_2\AppData\Roaming\vlc
2009-04-05 11:32 . 2009-04-05 11:32 -------- d-----w c:\users\Thom's_2\SparkAngels
2009-04-01 20:21 . 2005-04-27 14:36 245408 ----a-w c:\windows\system32\unicows.dll
2009-03-31 14:16 . 2009-03-31 14:16 -------- d-----w C:\CloneDVDTemp
2009-03-26 20:05 . 2009-04-09 17:09 -------- d-----r c:\users\Abigail\Nouveau dossier (1)
2009-03-25 19:14 . 2009-04-10 21:02 375 ----a-w c:\windows\system32\BDUpdateV1.xml
2009-03-18 15:18 . 2009-04-14 11:16 -------- d-----w c:\users\Thom's_2\Tracing
2009-03-18 15:16 . 2009-04-14 14:56 263367710 ----a-w c:\windows\MEMORY.DMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 12:32 . 2008-03-15 16:12 -------- d-----w c:\programdata\Google Updater
2009-04-15 12:32 . 2008-03-05 15:21 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-15 12:32 . 2008-03-05 15:21 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-15 12:32 . 2008-03-05 15:21 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-15 09:12 . 2009-04-15 09:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 08:58 . 2008-08-30 17:22 108248 ----a-w c:\users\Thom's_2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-15 08:57 . 2009-04-15 08:57 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-15 08:57 . 2009-04-15 08:57 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-15 08:29 . 2008-03-05 15:53 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-15 08:29 . 2008-03-05 15:53 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-15 08:29 . 2008-03-05 15:53 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-15 08:08 . 2009-04-12 15:48 -------- d-----w c:\program files\Panda Security
2009-04-15 08:08 . 2007-12-05 02:48 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-15 08:06 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-15 08:06 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-15 08:06 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-15 08:04 . 2009-04-07 10:52 245760 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
2009-04-15 07:31 . 2009-02-13 12:00 -------- d-----w c:\users\Abigail\AppData\Roaming\DNA
2009-04-14 16:29 . 2008-09-13 10:23 159758 ----a-w c:\windows\hpoins14.dat
2009-04-14 14:45 . 2009-02-09 11:14 -------- d-----w c:\users\Thom's_2\AppData\Roaming\DNA
2009-04-14 10:44 . 2009-02-09 11:14 -------- d-----w c:\program files\DNA
2009-04-13 19:31 . 2009-02-09 11:15 -------- d-----w c:\users\Thom's_2\AppData\Roaming\BitTorrent
2009-04-13 18:58 . 2008-06-15 17:50 -------- d-----w c:\users\Thom's_2\AppData\Roaming\FrostWire
2009-04-12 18:25 . 2007-12-05 10:50 672084 ----a-w c:\windows\System32\perfh00C.dat
2009-04-12 18:25 . 2007-12-05 10:50 124228 ----a-w c:\windows\System32\perfc00C.dat
2009-04-12 11:18 . 2008-03-05 18:44 108248 ----a-w c:\users\Abigail\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-12 10:29 . 2008-04-26 18:18 108248 ----a-w c:\windows\System32\GDIPFONTCACHEV1.DAT
2009-04-12 10:09 . 2008-06-26 20:45 81984 ----a-w c:\windows\System32\bdod.bin
2009-04-12 09:40 . 2008-10-28 10:07 1356 ----a-w c:\users\Thom's_2\AppData\Local\d3d9caps.dat
2009-04-10 17:59 . 2008-10-27 20:48 47360 ----a-w c:\users\Thom's_2\AppData\Roaming\pcouffin.sys
2009-04-10 16:34 . 2008-04-13 20:32 -------- d---a-w c:\programdata\TEMP
2009-04-10 12:35 . 2008-03-08 16:22 -------- d-----w c:\programdata\BVRP Software
2009-04-07 12:36 . 2009-02-13 10:54 -------- d-----w c:\program files\halo
2009-04-07 11:07 . 2009-04-07 11:07 245760 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
2009-04-07 11:07 . 2008-11-19 18:05 32768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-07 11:07 . 2008-11-19 18:05 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-07 11:07 . 2008-11-19 18:05 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-07 10:10 . 2007-12-05 02:48 319456 ----a-w c:\windows\DIFxAPI.dll
2009-04-04 09:48 . 2008-03-07 21:33 -------- d-----w c:\program files\Google
2009-04-01 20:22 . 2009-04-01 20:21 -------- d-----w c:\program files\Common Files\ArcSoft
2009-04-01 20:22 . 2008-07-29 13:53 -------- d-----w c:\programdata\ArcSoft
2009-04-01 20:21 . 2009-04-01 20:21 -------- d-----w c:\program files\ArcSoft
2009-03-29 19:19 . 2009-02-14 09:17 -------- d-----w c:\users\Juliana\AppData\Roaming\DNA
2009-03-29 18:49 . 2008-03-24 12:11 1630 ----a-w c:\users\Juliana\AppData\Roaming\wklnhst.dat
2009-03-28 15:12 . 2007-12-05 03:00 -------- d-----w c:\program files\Microsoft Works
2009-03-26 17:05 . 2007-12-05 02:45 -------- d-----w c:\program files\ATI Technologies
2009-03-26 16:48 . 2007-12-05 02:59 -------- d-----w c:\program files\Java
2009-03-22 10:01 . 2008-07-07 16:31 -------- d-----w c:\program files\AGEIA Technologies
2009-03-21 16:48 . 2009-03-21 16:48 -------- d-----w c:\program files\Sony Corporation
2009-03-17 18:04 . 2009-03-17 18:04 -------- d-----w c:\program files\alaplaya
2009-03-16 16:53 . 2008-03-05 20:28 -------- d-----w c:\programdata\Microsoft Help
2009-03-15 17:04 . 2008-09-27 09:44 -------- d-----w c:\program files\Common Files\Adobe
2009-03-14 12:55 . 2009-03-14 12:55 -------- d-----w c:\users\Abigail\AppData\Roaming\TuneUp Software
2009-03-14 12:26 . 2009-03-14 12:26 -------- d-----w c:\users\Juliana\AppData\Roaming\TuneUp Software
2009-03-11 17:47 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-10 19:21 . 2007-12-05 03:06 -------- d-----w c:\programdata\WildTangent
2009-03-09 04:19 . 2009-01-31 14:06 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 15:37 . 2008-09-20 11:31 1772 ----a-w c:\users\Abigail\AppData\Roaming\wklnhst.dat
2009-03-08 15:06 . 2008-10-05 12:56 -------- d-----w c:\users\Abigail\AppData\Roaming\dvdcss
2009-03-08 11:34 . 2009-04-07 10:15 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-04-07 10:15 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-04-07 10:15 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-04-07 10:15 109056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 . 2009-04-07 10:15 109568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-07 10:15 132608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-07 10:15 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-07 10:15 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-07 10:15 103936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-07 10:15 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-04-07 10:15 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-04-07 10:15 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-04-07 10:15 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-04-07 10:15 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-04-07 10:15 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-04-07 10:15 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-04-07 10:15 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-04-07 10:15 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-07 19:28 . 2009-02-12 21:11 603904 ----a-w c:\windows\System32\TUProgSt.exe
2009-03-07 19:28 . 2009-03-07 19:28 360192 ----a-w c:\windows\System32\TuneUpDefragService.exe
2009-03-07 19:28 . 2009-03-07 19:28 -------- d-----w c:\users\Thom's_2\AppData\Roaming\TuneUp Software
2009-03-07 19:28 . 2009-03-07 19:28 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-05 16:56 . 2009-03-05 16:50 -------- d-----w c:\users\Thom's_2\AppData\Roaming\NwDocx
2009-03-01 15:22 . 2009-03-01 15:22 -------- d-----w c:\programdata\Fugazo
2009-03-01 15:21 . 2009-03-01 15:21 -------- d-----w c:\program files\Cooking Academy 2 - World Cuisine
2009-02-26 21:08 . 2008-03-08 15:57 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 20:42 . 2009-02-25 20:42 135168 ----a-w c:\windows\System32\atiadlxx.dll
2009-02-21 21:09 . 2008-03-07 21:40 -------- d-----w c:\program files\Windows Live
2009-02-21 11:04 . 2007-12-05 02:58 -------- d-----w c:\programdata\muvee Technologies
2009-02-21 10:42 . 2009-02-17 18:55 -------- d-----w c:\users\Thom's_2\AppData\Roaming\muvee Technologies
2009-02-17 19:40 . 2009-02-15 12:38 -------- d-----w c:\program files\muvee Technologies
2009-02-17 19:24 . 2008-08-29 19:00 -------- d-----w c:\program files\Common Files\muvee Technologies
2009-02-17 18:14 . 2009-02-17 18:13 -------- d-----w c:\program files\QuickTime
2009-02-17 18:13 . 2009-02-17 18:13 -------- d-----w c:\programdata\Apple Computer
2009-02-17 18:12 . 2009-02-17 18:12 -------- d-----w c:\program files\Apple Software Update
2009-02-17 18:12 . 2009-02-17 18:12 -------- d-----w c:\programdata\Apple
2009-02-17 17:11 . 2009-02-17 17:11 24232 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys
2009-02-17 13:33 . 2009-02-17 13:33 89256 ----a-w c:\windows\System32\ElbyCDIO.dll
2009-02-15 12:55 . 2007-12-05 02:48 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-15 10:12 . 2009-02-15 10:12 -------- d-----w c:\programdata\Elaborate Bytes
2009-02-15 10:11 . 2009-02-15 10:11 -------- d-----w c:\program files\Elaborate Bytes
.

((((((((((((((((((((((((((((( SnapShot@2009-04-15_08.20.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-05 02:37 . 2009-04-15 08:59 74766 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-15 08:59 90740 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-05 17:15 . 2009-04-15 08:59 13050 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-31559053-1006822257-528400971-1005_UserData.bin
- 2008-06-05 17:15 . 2009-04-15 08:10 13050 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-31559053-1006822257-528400971-1005_UserData.bin
+ 2009-04-15 09:12 . 2009-04-06 13:32 38496 c:\windows\System32\drivers\mbamswissarmy.sys
+ 2009-04-15 09:12 . 2009-04-06 13:32 15504 c:\windows\System32\drivers\mbam.sys
- 2008-03-05 15:21 . 2009-04-15 08:04 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-05 15:21 . 2009-04-15 12:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-05 15:21 . 2009-04-15 12:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-05 15:21 . 2009-04-15 08:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-05 15:21 . 2009-04-15 12:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-05 15:21 . 2009-04-15 08:04 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-05 15:53 . 2009-01-10 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-05 15:53 . 2009-04-15 08:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-05 15:53 . 2009-04-15 08:29 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-05 15:53 . 2009-01-10 20:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-05 15:53 . 2009-01-10 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-05 15:53 . 2009-04-15 08:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-05 18:34 . 2009-04-14 21:18 6020 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-03-05 18:34 . 2009-04-15 08:53 6020 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-04-15 08:57 . 2009-04-15 08:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-15 08:08 . 2009-04-15 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-15 08:57 . 2009-04-15 08:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-15 08:08 . 2009-04-15 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:47 . 2009-04-15 08:59 1572864 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-15 08:20 1572864 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2006-11-02 12:47 . 2009-04-15 08:59 1572864 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-15 08:20 1572864 c:\windows\ServiceProfiles\LocalService\ntuser.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2009-03-08 11063808]

[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2009-03-24 16:44 668656 ----a-w c:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-03-09 04:18 35840 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"= "c:\windows\system32\ieframe.dll" [2009-03-08 11063808]

[HKEY_CLASSES_ROOT\clsid\{f2cf5485-4e02-4f68-819c-b92de9277049}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\System32\webcheck.dll [2009-03-08 236544]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Thom's_2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent Ultra Accelerator.lnk]
path=c:\users\Thom's_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent Ultra Accelerator.lnk
backup=c:\windows\pss\BitTorrent Ultra Accelerator.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Thom's_2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire Ultra Accelerator.lnk]
path=c:\users\Thom's_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire Ultra Accelerator.lnk
backup=c:\windows\pss\FrostWire Ultra Accelerator.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 17:51 3885408 ----a-w c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"WMAAD"=c:\program files\Sony\WALKMAN Launcher\WMAAD.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-31559053-1006822257-528400971-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-31559053-1006822257-528400971-1005]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85B46774-5E93-44A5-8B83-71E63AD0F949}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9FE18557-B9ED-4C83-B547-5723C0CEB839}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{E8AE5819-B204-403B-AA94-8B7B631552FA}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{44770733-4AE3-4B66-AF0E-13808BDFFC17}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{B4B89FF2-0ABE-4E4D-991E-487A40B36F47}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{7BE3F108-602F-43EC-824E-6969C50AB812}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{339E8968-E290-46C8-9BA6-51CC1A913BA4}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{E1F1A04E-0A8A-40E7-9A86-41B5678AE96B}"= UDP:c:\program files\Microsoft LifeCam\LifeEnC2.exe:LifeEnC2.exe
"{B31A2D20-529A-4C69-92F5-12524FCA1D38}"= TCP:c:\program files\Microsoft LifeCam\LifeEnC2.exe:LifeEnC2.exe
"{BD97B886-7F83-4223-B027-8CA3C881EF63}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{C59F206A-5DFE-402F-BF23-24EB9063FD8C}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{96CB3128-A615-4665-9429-1B5FAA58B745}"= UDP:c:\program files\Microsoft LifeCam\LifeTray.exe:LifeTray.exe
"{EFAE476F-C26F-4840-B5BB-2F3DBDA3BCEC}"= TCP:c:\program files\Microsoft LifeCam\LifeTray.exe:LifeTray.exe
"{A142D31A-390E-40EE-AF79-F6D608136178}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A8E4C823-209B-48E1-B602-3007DC0E5240}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{E4A9BE2F-FD16-4B69-876F-AB7A9EF45658}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{2DEE8FE0-256B-4E23-84C8-E86E1E480761}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{DBB138A4-AC03-4AE9-9B60-63560F179F9C}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{AD2DE5DA-EF2D-48B1-8464-D47B909ECB97}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{0E924E98-EC5F-46B3-9209-16DC9FD9DDC6}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{C8B29332-0753-45F2-95D8-FDDBD1CADEFF}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{6325D84C-D32E-4D32-8717-8A3AC763882F}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{55DACCBD-7365-477E-9D8D-ADD0CE780280}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{15EF7A3F-3DF9-40F8-BC1B-EC075C4DF689}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{BA0E4607-65A9-433D-8D79-91E49224D857}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{24F6C1A3-C261-4BBD-8608-ED65F131C171}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EAF37EFB-BADD-4290-96D7-F8AE023FD4E6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A0F9E64D-1EBF-4DFC-9D0F-0A1B250F73EC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3326515E-3A8B-4098-A528-980DDA8EC105}"= UDP:c:\users\Thom's_2\Desktop\uTorrent.exe:µTorrent (TCP-In)
"{31123EF8-6D4C-48A6-8E9E-2F8A31A5B6BB}"= TCP:c:\users\Thom's_2\Desktop\uTorrent.exe:µTorrent (UDP-In)
"{A71DE5DC-6D1A-4CD6-8A91-0044766202AB}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{B65ACEEF-B3C9-4B0F-80EF-225FB8CE51E7}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{56B9C124-D135-460A-9E9A-8F960F6D7110}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{15776568-E251-4961-B14C-CB7AF29A2E41}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{55986810-25B6-4225-96C1-9F79E5894EB3}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{829B3B8E-B184-42AE-9877-776314503116}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{D47FB66D-4112-4BE4-8289-7C0202014BA7}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 gupdate1c9b50a73c0614f;Service Google Update (gupdate1c9b50a73c0614f);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
R3 ATIXPGAA;ATIXPGAA; [x]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
R3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [2007-01-26 75952]
R3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [2007-01-26 67760]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
S1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [2008-01-15 47470]
S1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557762;c:\windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2008-04-13 22304]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-03-07 603904]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2008-08-04 33808]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-15 16:44]

2009-04-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 09:47]

2009-04-04 c:\windows\Tasks\HPCeeScheduleForJuliana.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-12-05 15:34]

2009-04-15 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 14:04]

2009-04-15 c:\windows\Tasks\User_Feed_Synchronization-{05191834-CA4B-4B6C-A8BC-29026934ED1C}.job
- c:\windows\system32\msfeedssync.exe [2009-04-07 11:31]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - (no file)


.
------- Examen supplémentaire -------
.
IE: Transfert par Image Converter 3 - c:\program files\SONY\IMAGE CONVERTER 3\menu.htm
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\System32\MSVidCtl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
FF - ProfilePath - c:\users\Thom's_2\AppData\Roaming\Mozilla\Firefox\Profiles\u5s0nu09.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - component: c:\users\Thom's_2\AppData\Roaming\Mozilla\Firefox\Profiles\u5s0nu09.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 17:22
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-04-15 17:25
ComboFix-quarantined-files.txt 2009-04-15 15:25
ComboFix2.txt 2009-04-15 08:26

Avant-CF: 275 747 545 088 octets libres
Après-CF: 275 693 916 160 octets libres

376 --- E O F --- 2009-04-14 09:05
0
Réponse 7 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 avril 2009 à 18:40
ok en payant antivir premium, GDATA c'est très bien (mais ce dernier necessite un ordi puissant)

panda , bitdefender, nod 32 sont bon

mais aucun actuellement n'est efficace pour l'infection que tu avais !!! qui transite par les supports externes (clé usb ...)


___________________

pour eviter d'attraper a nouveau cette infection vaccine ton ordi après avoir branché tes clés avec usbfix ici:
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe



________________________


encore des soucis????







__________________



sinon en gratuit:

pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MALWAREBYTE ANTIMALWARE + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
(celui de Windows) ou mieux COMODO ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.clubic.com/telecharger-fiche11071-sunbelt-persona­l-firewall-e(...)
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 8 / 11
Sumertom
16 avril 2009 à 13:16
OK merci j'ai plus de problème, mon core2 duo à retrouvé sa force de début!!
Affaire résolue mais ce malware j'aimerais en savoir plus si possible car c'était du jour au lendemain
que explorer.exe ne marchait plus alors merci beaucoup.
0
Réponse 9 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 avril 2009 à 13:19
ok pour virer ce qui a été utilisé:


Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
0
Réponse 10 / 11
Sumertom
17 avril 2009 à 10:21
J'ai fait comme tu m'a dis mais j'ai l'impression que le logiciel n'est pas compatible Vista
mais c'est pas grave j'ai plus de problème maintenant.
0
Réponse 11 / 11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 avril 2009 à 15:01
si il est compatible vista. Sinon désactive le compte utilisateur ou alors vire manuellement ce qui à été utilisé. Bonne suite
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Accés au cloud
Dadou1968 -
loisou17 -

3 réponses