Sujet Précédent Sujet Suivant

Cheval de 3

Fermé
lolit0 - 13 oct. 2009 à 17:57
 Utilisateur anonyme - 13 oct. 2009 à 22:04
Bonjour, a tous

Alors voila mon probleme j'ai un chevale de 3 , un antivirus Avast et je n'arrive pas à le supprimé du moin le logiciel avast ne le détécte pas ... mais windo** vista lui le détecte avec windo** défender :D ( Pas trés utile mais bon ) Donc ba voila je vous laise faire les fan de virus :D

Merci de toute vos réponse

Note comment supprimé IE :D
A voir également:

12 réponses

Réponse 1 / 12
lolit0
13 oct. 2009 à 18:02
Le nom de mon virus !! est attention Win32/Renos.JS Whou Whou :D mieu vos en rire que en pleuré non ?
2
lolit0
13 oct. 2009 à 19:01
Voici le rapport de hijackthis 2.0


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:01, on 13/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Mumble\bin\dbus-daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Steven\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PopRock] C:\Users\Steven\AppData\Local\Temp\b.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6EBC6744-5383-4213-AD5E-66434ECA1812} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/nordnet/orange/so-4.1/resources/fslauncher.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 2 / 12
Utilisateur anonyme
13 oct. 2009 à 20:55
Re...


> Avec Combofix :


- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes en gras:




File::
c:\program files\steam\steam.exe





- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).
- Désactive ton antivirus et tes autres protections résidentes (ex : Spybot) si tu en as (c'est important).
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image :


http://img517.imageshack.us/img517/8662/cfscript10uc2.gif


(Explications du glisser/coller : Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).

- Combofix va démarrer puis une fenêtre bleue va apparaître. Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1 puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.
PS : Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


> ENSUITE:

Fais un scan avec cet antispyware :
Telecharges Malwarebytes + tutoriel

Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

a+

















a+

1
Réponse 3 / 12
Utilisateur anonyme
13 oct. 2009 à 22:04
Changes le statut de ce topic :
et mets le en "résolu"

a+

https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/
1
Réponse 4 / 12
lolit0
13 oct. 2009 à 20:06
Bonjour , ...

Alors est t'il possible de m'aidé svp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
lolit0
13 oct. 2009 à 20:09
Personne a la réponse à mon probléme ?
0
Réponse 6 / 12
Utilisateur anonyme
13 oct. 2009 à 20:14
Bonsoir lolit0

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt


a+
0
Réponse 7 / 12
lolit0
13 oct. 2009 à 20:45
Voici le rapport merci de ton aide


ComboFix 09-10-13.01 - Steven 13/10/2009 20:34.1.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.1929 [GMT 2:00]
Lancé depuis: c:\users\Steven\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\msa.exe
E:\Autorun.inf

Une copie infectée de c:\windows\System32\drivers\nvstor32.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :^)
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-13 au 2009-10-13 ))))))))))))))))))))))))))))))))))))
.

2009-10-13 18:41 . 2009-10-13 18:41 -------- d-----w- c:\users\Steven\AppData\Local\temp
2009-10-13 18:41 . 2009-10-13 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-13 15:35 . 2009-10-13 15:36 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-12 19:32 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-12 19:32 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-12 19:32 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-12 19:32 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-12 19:32 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-12 19:32 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-12 19:32 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-12 19:32 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-12 19:32 . 2009-10-12 19:32 -------- d-----w- c:\program files\Alwil Software
2009-10-12 19:14 . 2009-10-12 19:14 -------- d-----w- c:\windows\BDOSCAN8
2009-10-11 15:53 . 2009-10-11 15:53 -------- d--h--w- c:\users\Steven\AppData\Local\Ahead
2009-10-06 15:49 . 2009-10-06 15:49 -------- d--h--r- c:\users\Steven\AppData\Roaming\SecuROM
2009-10-02 17:01 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 14:54 . 2009-10-02 14:54 -------- d-----w- c:\programdata\Media Center Programs
2009-10-02 14:42 . 2009-10-02 14:42 -------- d-----w- c:\program files\THQ
2009-10-02 14:40 . 2009-10-02 14:40 -------- d-sh--w- c:\windows\ftpcache
2009-10-01 21:09 . 2009-10-01 21:09 -------- d--h--w- c:\users\Steven\AppData\Roaming\Mostick
2009-09-29 13:18 . 2009-10-11 16:26 -------- d--h--w- c:\users\Steven\AppData\Roaming\Nero
2009-09-22 15:45 . 2009-09-26 21:52 -------- d--h--w- c:\users\Steven\AppData\Roaming\Notepad++
2009-09-22 15:45 . 2009-09-26 21:52 -------- d-----w- c:\program files\Notepad++
2009-09-17 21:03 . 2009-09-17 21:03 -------- d--h--w- c:\users\Steven\AppData\Roaming\Template
2009-09-14 19:29 . 2009-10-12 21:18 -------- d-----w- C:\Warcraft III
2009-09-14 18:48 . 2009-09-15 13:39 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 18:26 . 2009-03-17 16:22 -------- d--h--w- c:\users\Steven\AppData\Roaming\FileZilla
2009-10-13 18:25 . 2009-03-20 20:39 -------- d--h--w- c:\users\Steven\AppData\Roaming\HLSW
2009-10-13 18:08 . 2008-05-23 12:45 687158 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-13 18:08 . 2008-05-23 12:45 131034 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-13 18:02 . 2009-04-11 18:42 -------- d-----w- c:\program files\Steam
2009-10-13 15:31 . 2008-05-23 03:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-13 15:30 . 2009-03-30 20:21 -------- d--h--w- c:\users\Steven\AppData\Roaming\Samsung
2009-10-13 12:50 . 2009-09-10 19:17 -------- d--h--w- c:\users\Steven\AppData\Roaming\vlc
2009-10-13 12:33 . 2009-07-19 00:46 -------- d-----w- c:\program files\DivX
2009-10-13 11:10 . 2009-09-09 18:36 -------- d--h--w- c:\users\Steven\AppData\Roaming\dvdcss
2009-10-13 09:02 . 2009-03-14 19:08 -------- d-----w- c:\program files\Common Files\Steam
2009-10-11 16:15 . 2008-05-23 03:13 -------- d-----w- c:\program files\Common Files\Nero
2009-10-11 16:14 . 2008-05-23 03:13 -------- d-----w- c:\program files\Nero
2009-10-11 16:14 . 2008-05-23 03:13 -------- d-----w- c:\programdata\Nero
2009-10-11 12:40 . 2009-06-28 12:10 -------- d--h--w- c:\users\Steven\AppData\Roaming\Mumble
2009-10-02 20:43 . 2009-08-30 15:11 1356 ---ha-w- c:\users\Steven\AppData\Local\d3d9caps.dat
2009-09-28 21:21 . 2009-03-14 15:00 70872 ---ha-w- c:\users\Steven\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-26 21:53 . 2009-04-20 07:42 -------- d-----w- c:\programdata\BVRP Software
2009-09-26 08:40 . 2009-06-26 19:50 -------- d--h--w- c:\users\Steven\AppData\Roaming\gtk-2.0
2009-09-26 07:51 . 2009-09-17 21:03 282 ---ha-w- c:\users\Steven\AppData\Roaming\wklnhst.dat
2009-09-17 20:58 . 2008-05-23 03:09 -------- d-----w- c:\program files\Microsoft Works
2009-09-12 11:46 . 2008-05-23 03:11 -------- d-----w- c:\program files\Google
2009-09-12 00:53 . 2009-03-14 20:47 -------- d--h--w- c:\users\Steven\AppData\Roaming\teamspeak2
2009-09-10 18:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 18:44 . 2009-03-14 22:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 17:44 . 2009-04-23 22:21 -------- d--h--w- c:\users\Steven\AppData\Roaming\Hamachi
2009-09-09 18:29 . 2009-09-09 18:29 -------- d-----w- c:\program files\VideoLAN
2009-09-06 09:09 . 2009-09-06 09:05 -------- d-----w- c:\program files\World of Warcraft
2009-09-03 16:48 . 2009-09-03 16:48 -------- d-----w- c:\program files\SpeedFan
2009-09-03 16:21 . 2009-09-03 16:21 -------- d-----w- c:\programdata\WindowsSearch
2009-09-03 10:17 . 2009-03-21 20:06 -------- d-----w- c:\program files\Java
2009-09-02 12:45 . 2009-07-18 16:13 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-01 10:45 . 2008-05-23 03:02 -------- d-----w- c:\programdata\NVIDIA
2009-08-29 09:21 . 2009-08-29 09:21 -------- d--h--w- c:\users\Steven\AppData\Roaming\PeerNetworking
2009-08-29 00:27 . 2009-09-03 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 10:15 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-14 16:27 . 2009-09-10 17:59 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 17:59 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 17:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 17:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 17:59 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 17:59 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 17:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 17:59 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 17:59 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 17:59 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 17:59 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-31 20:12 . 2009-07-31 20:12 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-25 03:23 . 2009-03-21 20:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 12:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 12:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 12:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 12:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-09-01 15:22 71680 ----a-w- c:\windows\system32\atl.dll
2008-05-23 12:40 . 2008-05-23 12:55 65536 --sha-w- c:\windows\oem\mp\boot\bootstat.dat
2008-05-23 12:49 . 2008-05-23 12:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-14 39408]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-06-25 1578736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-23 29744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-12 122368]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Steven^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7f,9f,d7,c4,f3,ec,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5E46814E-7B32-413A-B620-62D85A584DAE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{43722BB9-A7F1-4446-8432-23185A3F3B49}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CD59BED3-9C91-4D9B-B814-A46F66655C73}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{768D6260-DD43-455A-AB1F-6A90D61F38EF}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A559B9E5-C77D-4DF4-B153-5890AC59C506}"= UDP:c:\program files\Cyanide\Dungeon Party\DungeonParty.exe:Dungeon Party
"{29ED4674-5763-4076-98F0-9A43B301C431}"= TCP:c:\program files\Cyanide\Dungeon Party\DungeonParty.exe:Dungeon Party
"{06FFDAD8-F1A2-4919-B42E-10CB28B08E5D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7BA528CA-94FE-460D-87FF-BC8E02397B46}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4F0808E1-2F8F-49FD-96A1-DE23B27EAB82}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E4004BF6-C102-4E64-8ED6-47A582D0CD7A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5F6752A3-A24D-48DA-A545-BBF4CC303F81}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{E27AC49E-169E-47A9-AA61-5C291F8B503F}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{2E43E0A4-AF85-448E-B846-0DBE0A97110E}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{2D4B5E62-136D-465C-A04E-648392BB9ECF}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{D9906624-F35D-46C7-B2B5-CD132AEB3E90}"= UDP:c:\program files\WinSCP\WinSCP.exe:WinSCP
"{45F1F97E-047D-43CA-8A79-EBCBC92B3003}"= TCP:c:\program files\WinSCP\WinSCP.exe:WinSCP
"{E9E8703F-ECB3-4119-A6F0-C8EA9519EA90}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{D6C80A06-3648-49B5-9119-AEB21C7DFBE9}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"TCP Query User{2DC26686-8AD4-4085-8870-72A398CCB240}c:\\program files\\steam\\steamapps\\terminator1207\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\terminator1207\counter-strike source\hl2.exe:hl2
"UDP Query User{99EBE682-92C3-4A32-B319-2746CEA2E5B9}c:\\program files\\steam\\steamapps\\terminator1207\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\terminator1207\counter-strike source\hl2.exe:hl2
"TCP Query User{D7953DA9-F9EF-4785-9946-474B3B07FE9B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{84654542-E828-4689-AB37-9B15EFC20DD9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{90885462-5CAA-4ADE-857F-363FFAEB4EDB}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{115787F3-0AA2-40B9-8205-5B445B06073F}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{71062D2C-332B-4856-88AA-244089D7F2DD}c:\\program files\\steam\\steamapps\\terminator1207\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\terminator1207\counter-strike source\hl2.exe:hl2
"UDP Query User{F6C4B81F-366B-4689-B573-C9C8EC46A082}c:\\program files\\steam\\steamapps\\terminator1207\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\terminator1207\counter-strike source\hl2.exe:hl2
"TCP Query User{3CDA4C8F-2C50-44BA-B454-106E893D8430}c:\\program files\\steam\\steamapps\\terminator1207\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\terminator1207\garrysmod\hl2.exe:hl2
"UDP Query User{03560F8D-8244-4BA0-B5AE-52CB9FD06465}c:\\program files\\steam\\steamapps\\terminator1207\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\terminator1207\garrysmod\hl2.exe:hl2
"TCP Query User{21111ED5-11FC-4D6C-99E4-F87E7B509AE3}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{8B9D152A-529D-4545-977C-3447439A858E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{5C5FD419-A037-45B8-8EFC-6DBD9E159E26}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{E5CE30C3-E6BA-4D3E-9467-D4FE846F0E6F}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{430C3A92-66E3-4350-9D82-E8FEEBF43A12}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{B2D894AF-A8E0-4C98-8829-A7D03B3E2C47}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{A3000B37-8A1B-46E5-BE6E-650FDDD6089A}"= UDP:6112:6112
"TCP Query User{0944B15C-066F-408B-BC32-C0A79FA57792}c:\\warcraft iii\\war3.exe"= UDP:c:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{E914F712-4683-4C6F-B6B8-DD1411A4FC92}c:\\warcraft iii\\war3.exe"= TCP:c:\warcraft iii\war3.exe:Warcraft III
"TCP Query User{B224E9CD-0649-4495-8C8D-67F32131FB4B}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{82859034-A696-4A2A-A30F-A1DB1E35EB77}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{BFFFEFB3-8C5F-420E-BAC8-935499BC5E27}c:\\program files\\steam\\steamapps\\terminator1207\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\terminator1207\team fortress 2\hl2.exe:hl2
"UDP Query User{33DEAE1A-08AF-477C-ABCD-2C75D3BF65C7}c:\\program files\\steam\\steamapps\\terminator1207\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\terminator1207\team fortress 2\hl2.exe:hl2
"{DFF63FDA-EE5F-478C-96BB-A1CD1447F1B4}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{9BFB31BD-5DA9-423A-9B92-D382FEB7DAFE}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{EE0F9494-BD93-4E03-B3DC-562D5858B292}"= UDP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{29E8D015-93D4-49A5-80A7-10FF750995AC}"= TCP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"TCP Query User{2B3EB1A4-FE17-4E5C-95DA-82F29E9D5E55}c:\\users\\steven\\appdata\\local\\temp\\9a9e9a83d2c84f1daab5ee88e133ff31\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\9a9e9a83d2c84f1daab5ee88e133ff31\relicdownloader.exe:relicdownloader.exe
"UDP Query User{3B4CA7D6-404E-4804-B75F-8A54D04F3262}c:\\users\\steven\\appdata\\local\\temp\\9a9e9a83d2c84f1daab5ee88e133ff31\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\9a9e9a83d2c84f1daab5ee88e133ff31\relicdownloader.exe:relicdownloader.exe
"TCP Query User{8EDA6D7D-A988-4FBA-B4B6-8F31490C6C72}c:\\users\\steven\\appdata\\local\\temp\\a73e96ca8ccb466ca7085d60608c75be\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\a73e96ca8ccb466ca7085d60608c75be\relicdownloader.exe:relicdownloader.exe
"UDP Query User{D8D3E87C-785E-49CC-9557-CBB9BF0288D3}c:\\users\\steven\\appdata\\local\\temp\\a73e96ca8ccb466ca7085d60608c75be\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\a73e96ca8ccb466ca7085d60608c75be\relicdownloader.exe:relicdownloader.exe
"TCP Query User{ECF7BF99-036A-4E31-A10C-65554D6E13AC}c:\\users\\steven\\appdata\\local\\temp\\1235c6571d05476f8d7be6c0a526942c\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\1235c6571d05476f8d7be6c0a526942c\relicdownloader.exe:relicdownloader.exe
"UDP Query User{6E9CE311-5F9D-4411-893A-624179E66A19}c:\\users\\steven\\appdata\\local\\temp\\1235c6571d05476f8d7be6c0a526942c\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\1235c6571d05476f8d7be6c0a526942c\relicdownloader.exe:relicdownloader.exe
"TCP Query User{044776A4-CF61-4A24-896F-C772AE3D3B08}c:\\users\\steven\\appdata\\local\\temp\\3180a05682674ca3aa8da213a2c71c1e\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\3180a05682674ca3aa8da213a2c71c1e\relicdownloader.exe:relicdownloader.exe
"UDP Query User{45D060A9-6ACF-4358-870D-0CC8894FE8FF}c:\\users\\steven\\appdata\\local\\temp\\3180a05682674ca3aa8da213a2c71c1e\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\3180a05682674ca3aa8da213a2c71c1e\relicdownloader.exe:relicdownloader.exe
"TCP Query User{CACD7EA6-AC69-4D27-8D91-FA9FCBEDF574}c:\\users\\steven\\appdata\\local\\temp\\1142488dd53b40f4891404e1a848677c\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\1142488dd53b40f4891404e1a848677c\relicdownloader.exe:relicdownloader.exe
"UDP Query User{37CD3547-FB4A-4CDE-AD1B-6404192641DC}c:\\users\\steven\\appdata\\local\\temp\\1142488dd53b40f4891404e1a848677c\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\1142488dd53b40f4891404e1a848677c\relicdownloader.exe:relicdownloader.exe
"TCP Query User{5AEDCC6E-12D6-445C-8194-6F23797B01F3}c:\\users\\steven\\appdata\\local\\temp\\dc75eeeeaa8e4444a9ed8617b0db3936\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\dc75eeeeaa8e4444a9ed8617b0db3936\relicdownloader.exe:relicdownloader.exe
"UDP Query User{752EE28F-1698-47C3-8707-CA5B45E1889B}c:\\users\\steven\\appdata\\local\\temp\\dc75eeeeaa8e4444a9ed8617b0db3936\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\dc75eeeeaa8e4444a9ed8617b0db3936\relicdownloader.exe:relicdownloader.exe
"{98DFA875-722B-4E10-B829-C6F8705207FE}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{1331F6D2-8F77-409A-922C-1AACF0B01BA8}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{FDF6D916-042F-4EB8-86AA-CDBCD15F1407}"= UDP:c:\program files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe:Nero StartSmart Essentials
"{EC44A7F1-4E57-4B57-B954-FB30DB4C0416}"= TCP:c:\program files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe:Nero StartSmart Essentials

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/10/2009 21:32 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/10/2009 21:32 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/10/2009 21:32 53328]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
.
Contenu du dossier 'Tâches planifiées'

2009-10-13 c:\windows\Tasks\Extension de garantie-Steven.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-05-23 10:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 20:41
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\TMP00000036A48CEABC2DC73BDB 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-10-13 20:42
ComboFix-quarantined-files.txt 2009-10-13 18:42

Avant-CF: 122 307 887 104 octets libres
Après-CF: 122 296 184 832 octets libres

256 --- E O F --- 2009-10-08 17:02
0
Réponse 8 / 12
lolit0
13 oct. 2009 à 21:04
Je vais le faire ! de suite merci
0
Réponse 9 / 12
lolit0
13 oct. 2009 à 21:25
combofix : je fait lotre aprés :D ps : steam est un logiciel pour des jeux video :D

ComboFix 09-10-13.01 - Steven 13/10/2009 21:13.2.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.2137 [GMT 2:00]
Lancé depuis: c:\users\Steven\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Steven\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\program files\steam\steam.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\steam\steam.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-13 au 2009-10-13 ))))))))))))))))))))))))))))))))))))
.

2009-10-13 19:18 . 2009-10-13 19:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-13 19:18 . 2009-10-13 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-13 18:42 . 2009-10-13 19:18 -------- d-----w- c:\users\Steven\AppData\Local\temp
2009-10-13 15:35 . 2009-10-13 15:36 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-12 19:32 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-12 19:32 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-12 19:32 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-12 19:32 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-12 19:32 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-12 19:32 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-12 19:32 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-12 19:32 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-10-12 19:32 . 2009-10-12 19:32 -------- d-----w- c:\program files\Alwil Software
2009-10-12 19:14 . 2009-10-12 19:14 -------- d-----w- c:\windows\BDOSCAN8
2009-10-11 15:53 . 2009-10-11 15:53 -------- d--h--w- c:\users\Steven\AppData\Local\Ahead
2009-10-06 15:49 . 2009-10-06 15:49 -------- d--h--r- c:\users\Steven\AppData\Roaming\SecuROM
2009-10-02 17:01 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 14:54 . 2009-10-02 14:54 -------- d-----w- c:\programdata\Media Center Programs
2009-10-02 14:42 . 2009-10-02 14:42 -------- d-----w- c:\program files\THQ
2009-10-02 14:40 . 2009-10-02 14:40 -------- d-sh--w- c:\windows\ftpcache
2009-10-01 21:09 . 2009-10-01 21:09 -------- d--h--w- c:\users\Steven\AppData\Roaming\Mostick
2009-09-29 13:18 . 2009-10-11 16:26 -------- d--h--w- c:\users\Steven\AppData\Roaming\Nero
2009-09-22 15:45 . 2009-09-26 21:52 -------- d--h--w- c:\users\Steven\AppData\Roaming\Notepad++
2009-09-22 15:45 . 2009-09-26 21:52 -------- d-----w- c:\program files\Notepad++
2009-09-17 21:03 . 2009-09-17 21:03 -------- d--h--w- c:\users\Steven\AppData\Roaming\Template
2009-09-14 19:29 . 2009-10-12 21:18 -------- d-----w- C:\Warcraft III
2009-09-14 18:48 . 2009-09-15 13:39 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 19:17 . 2009-04-11 18:42 -------- d-----w- c:\program files\Steam
2009-10-13 18:58 . 2008-05-23 12:45 687158 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-13 18:58 . 2008-05-23 12:45 131034 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-13 18:26 . 2009-03-17 16:22 -------- d--h--w- c:\users\Steven\AppData\Roaming\FileZilla
2009-10-13 18:25 . 2009-03-20 20:39 -------- d--h--w- c:\users\Steven\AppData\Roaming\HLSW
2009-10-13 15:31 . 2008-05-23 03:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-13 15:30 . 2009-03-30 20:21 -------- d--h--w- c:\users\Steven\AppData\Roaming\Samsung
2009-10-13 12:50 . 2009-09-10 19:17 -------- d--h--w- c:\users\Steven\AppData\Roaming\vlc
2009-10-13 12:33 . 2009-07-19 00:46 -------- d-----w- c:\program files\DivX
2009-10-13 11:10 . 2009-09-09 18:36 -------- d--h--w- c:\users\Steven\AppData\Roaming\dvdcss
2009-10-13 09:02 . 2009-03-14 19:08 -------- d-----w- c:\program files\Common Files\Steam
2009-10-11 16:15 . 2008-05-23 03:13 -------- d-----w- c:\program files\Common Files\Nero
2009-10-11 16:14 . 2008-05-23 03:13 -------- d-----w- c:\program files\Nero
2009-10-11 16:14 . 2008-05-23 03:13 -------- d-----w- c:\programdata\Nero
2009-10-11 12:40 . 2009-06-28 12:10 -------- d--h--w- c:\users\Steven\AppData\Roaming\Mumble
2009-10-02 20:43 . 2009-08-30 15:11 1356 ---ha-w- c:\users\Steven\AppData\Local\d3d9caps.dat
2009-09-28 21:21 . 2009-03-14 15:00 70872 ---ha-w- c:\users\Steven\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-26 21:53 . 2009-04-20 07:42 -------- d-----w- c:\programdata\BVRP Software
2009-09-26 08:40 . 2009-06-26 19:50 -------- d--h--w- c:\users\Steven\AppData\Roaming\gtk-2.0
2009-09-26 07:51 . 2009-09-17 21:03 282 ---ha-w- c:\users\Steven\AppData\Roaming\wklnhst.dat
2009-09-17 20:58 . 2008-05-23 03:09 -------- d-----w- c:\program files\Microsoft Works
2009-09-12 11:46 . 2008-05-23 03:11 -------- d-----w- c:\program files\Google
2009-09-12 00:53 . 2009-03-14 20:47 -------- d--h--w- c:\users\Steven\AppData\Roaming\teamspeak2
2009-09-10 18:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 18:44 . 2009-03-14 22:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 17:44 . 2009-04-23 22:21 -------- d--h--w- c:\users\Steven\AppData\Roaming\Hamachi
2009-09-09 18:29 . 2009-09-09 18:29 -------- d-----w- c:\program files\VideoLAN
2009-09-06 09:09 . 2009-09-06 09:05 -------- d-----w- c:\program files\World of Warcraft
2009-09-03 16:48 . 2009-09-03 16:48 -------- d-----w- c:\program files\SpeedFan
2009-09-03 16:21 . 2009-09-03 16:21 -------- d-----w- c:\programdata\WindowsSearch
2009-09-03 10:17 . 2009-03-21 20:06 -------- d-----w- c:\program files\Java
2009-09-02 12:45 . 2009-07-18 16:13 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-01 10:45 . 2008-05-23 03:02 -------- d-----w- c:\programdata\NVIDIA
2009-08-29 09:21 . 2009-08-29 09:21 -------- d--h--w- c:\users\Steven\AppData\Roaming\PeerNetworking
2009-08-29 00:27 . 2009-09-03 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 10:15 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-14 16:27 . 2009-09-10 17:59 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 17:59 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 17:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 17:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 17:59 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 17:59 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 17:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 17:59 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 17:59 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 17:59 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 17:59 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-31 20:12 . 2009-07-31 20:12 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-25 03:23 . 2009-03-21 20:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 12:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 12:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 12:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 12:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-09-01 15:22 71680 ----a-w- c:\windows\system32\atl.dll
2008-05-23 12:40 . 2008-05-23 12:55 65536 --sha-w- c:\windows\oem\mp\boot\bootstat.dat
2008-05-23 12:49 . 2008-05-23 12:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-10-13_18.41.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-13 18:54 48602 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-13 18:54 76956 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-14 14:59 . 2009-10-13 18:54 10988 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3662916568-1688099551-2962601309-1000_UserData.bin
+ 2009-03-14 14:55 . 2009-10-13 19:10 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-14 14:55 . 2009-10-13 18:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-14 14:55 . 2009-10-13 19:10 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-14 14:55 . 2009-10-13 18:21 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-14 14:55 . 2009-10-13 18:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-14 14:55 . 2009-10-13 19:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-13 18:34 . 2009-10-13 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-13 18:52 . 2009-10-13 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-13 18:58 604810 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-13 18:08 604810 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-13 18:58 108736 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-13 18:08 108736 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-14 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-06-25 1578736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-23 29744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-12 122368]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Steven^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7f,9f,d7,c4,f3,ec,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5E46814E-7B32-413A-B620-62D85A584DAE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{43722BB9-A7F1-4446-8432-23185A3F3B49}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CD59BED3-9C91-4D9B-B814-A46F66655C73}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{768D6260-DD43-455A-AB1F-6A90D61F38EF}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A559B9E5-C77D-4DF4-B153-5890AC59C506}"= UDP:c:\program files\Cyanide\Dungeon Party\DungeonParty.exe:Dungeon Party
"{29ED4674-5763-4076-98F0-9A43B301C431}"= TCP:c:\program files\Cyanide\Dungeon Party\DungeonParty.exe:Dungeon Party
"{06FFDAD8-F1A2-4919-B42E-10CB28B08E5D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7BA528CA-94FE-460D-87FF-BC8E02397B46}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4F0808E1-2F8F-49FD-96A1-DE23B27EAB82}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E4004BF6-C102-4E64-8ED6-47A582D0CD7A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5F6752A3-A24D-48DA-A545-BBF4CC303F81}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{E27AC49E-169E-47A9-AA61-5C291F8B503F}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{2E43E0A4-AF85-448E-B846-0DBE0A97110E}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{2D4B5E62-136D-465C-A04E-648392BB9ECF}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{D9906624-F35D-46C7-B2B5-CD132AEB3E90}"= UDP:c:\program files\WinSCP\WinSCP.exe:WinSCP
"{45F1F97E-047D-43CA-8A79-EBCBC92B3003}"= TCP:c:\program files\WinSCP\WinSCP.exe:WinSCP
"{E9E8703F-ECB3-4119-A6F0-C8EA9519EA90}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{D6C80A06-3648-49B5-9119-AEB21C7DFBE9}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"TCP Query User{2DC26686-8AD4-4085-8870-72A398CCB240}c:\\program files\\steam\\steamapps\\terminator1207\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\terminator1207\counter-strike source\hl2.exe:hl2
"UDP Query User{99EBE682-92C3-4A32-B319-2746CEA2E5B9}c:\\program files\\steam\\steamapps\\terminator1207\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\terminator1207\counter-strike source\hl2.exe:hl2
"TCP Query User{D7953DA9-F9EF-4785-9946-474B3B07FE9B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{84654542-E828-4689-AB37-9B15EFC20DD9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{90885462-5CAA-4ADE-857F-363FFAEB4EDB}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{115787F3-0AA2-40B9-8205-5B445B06073F}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{71062D2C-332B-4856-88AA-244089D7F2DD}c:\\program files\\steam\\steamapps\\terminator1207\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\terminator1207\counter-strike source\hl2.exe:hl2
"UDP Query User{F6C4B81F-366B-4689-B573-C9C8EC46A082}c:\\program files\\steam\\steamapps\\terminator1207\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\terminator1207\counter-strike source\hl2.exe:hl2
"TCP Query User{3CDA4C8F-2C50-44BA-B454-106E893D8430}c:\\program files\\steam\\steamapps\\terminator1207\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\terminator1207\garrysmod\hl2.exe:hl2
"UDP Query User{03560F8D-8244-4BA0-B5AE-52CB9FD06465}c:\\program files\\steam\\steamapps\\terminator1207\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\terminator1207\garrysmod\hl2.exe:hl2
"TCP Query User{21111ED5-11FC-4D6C-99E4-F87E7B509AE3}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{8B9D152A-529D-4545-977C-3447439A858E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{5C5FD419-A037-45B8-8EFC-6DBD9E159E26}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{E5CE30C3-E6BA-4D3E-9467-D4FE846F0E6F}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{430C3A92-66E3-4350-9D82-E8FEEBF43A12}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{B2D894AF-A8E0-4C98-8829-A7D03B3E2C47}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"{A3000B37-8A1B-46E5-BE6E-650FDDD6089A}"= UDP:6112:6112
"TCP Query User{0944B15C-066F-408B-BC32-C0A79FA57792}c:\\warcraft iii\\war3.exe"= UDP:c:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{E914F712-4683-4C6F-B6B8-DD1411A4FC92}c:\\warcraft iii\\war3.exe"= TCP:c:\warcraft iii\war3.exe:Warcraft III
"TCP Query User{B224E9CD-0649-4495-8C8D-67F32131FB4B}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{82859034-A696-4A2A-A30F-A1DB1E35EB77}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{BFFFEFB3-8C5F-420E-BAC8-935499BC5E27}c:\\program files\\steam\\steamapps\\terminator1207\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\terminator1207\team fortress 2\hl2.exe:hl2
"UDP Query User{33DEAE1A-08AF-477C-ABCD-2C75D3BF65C7}c:\\program files\\steam\\steamapps\\terminator1207\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\terminator1207\team fortress 2\hl2.exe:hl2
"{DFF63FDA-EE5F-478C-96BB-A1CD1447F1B4}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{9BFB31BD-5DA9-423A-9B92-D382FEB7DAFE}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{EE0F9494-BD93-4E03-B3DC-562D5858B292}"= UDP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{29E8D015-93D4-49A5-80A7-10FF750995AC}"= TCP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"TCP Query User{2B3EB1A4-FE17-4E5C-95DA-82F29E9D5E55}c:\\users\\steven\\appdata\\local\\temp\\9a9e9a83d2c84f1daab5ee88e133ff31\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\9a9e9a83d2c84f1daab5ee88e133ff31\relicdownloader.exe:relicdownloader.exe
"UDP Query User{3B4CA7D6-404E-4804-B75F-8A54D04F3262}c:\\users\\steven\\appdata\\local\\temp\\9a9e9a83d2c84f1daab5ee88e133ff31\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\9a9e9a83d2c84f1daab5ee88e133ff31\relicdownloader.exe:relicdownloader.exe
"TCP Query User{8EDA6D7D-A988-4FBA-B4B6-8F31490C6C72}c:\\users\\steven\\appdata\\local\\temp\\a73e96ca8ccb466ca7085d60608c75be\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\a73e96ca8ccb466ca7085d60608c75be\relicdownloader.exe:relicdownloader.exe
"UDP Query User{D8D3E87C-785E-49CC-9557-CBB9BF0288D3}c:\\users\\steven\\appdata\\local\\temp\\a73e96ca8ccb466ca7085d60608c75be\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\a73e96ca8ccb466ca7085d60608c75be\relicdownloader.exe:relicdownloader.exe
"TCP Query User{ECF7BF99-036A-4E31-A10C-65554D6E13AC}c:\\users\\steven\\appdata\\local\\temp\\1235c6571d05476f8d7be6c0a526942c\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\1235c6571d05476f8d7be6c0a526942c\relicdownloader.exe:relicdownloader.exe
"UDP Query User{6E9CE311-5F9D-4411-893A-624179E66A19}c:\\users\\steven\\appdata\\local\\temp\\1235c6571d05476f8d7be6c0a526942c\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\1235c6571d05476f8d7be6c0a526942c\relicdownloader.exe:relicdownloader.exe
"TCP Query User{044776A4-CF61-4A24-896F-C772AE3D3B08}c:\\users\\steven\\appdata\\local\\temp\\3180a05682674ca3aa8da213a2c71c1e\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\3180a05682674ca3aa8da213a2c71c1e\relicdownloader.exe:relicdownloader.exe
"UDP Query User{45D060A9-6ACF-4358-870D-0CC8894FE8FF}c:\\users\\steven\\appdata\\local\\temp\\3180a05682674ca3aa8da213a2c71c1e\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\3180a05682674ca3aa8da213a2c71c1e\relicdownloader.exe:relicdownloader.exe
"TCP Query User{CACD7EA6-AC69-4D27-8D91-FA9FCBEDF574}c:\\users\\steven\\appdata\\local\\temp\\1142488dd53b40f4891404e1a848677c\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\1142488dd53b40f4891404e1a848677c\relicdownloader.exe:relicdownloader.exe
"UDP Query User{37CD3547-FB4A-4CDE-AD1B-6404192641DC}c:\\users\\steven\\appdata\\local\\temp\\1142488dd53b40f4891404e1a848677c\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\1142488dd53b40f4891404e1a848677c\relicdownloader.exe:relicdownloader.exe
"TCP Query User{5AEDCC6E-12D6-445C-8194-6F23797B01F3}c:\\users\\steven\\appdata\\local\\temp\\dc75eeeeaa8e4444a9ed8617b0db3936\\relicdownloader.exe"= UDP:c:\users\steven\appdata\local\temp\dc75eeeeaa8e4444a9ed8617b0db3936\relicdownloader.exe:relicdownloader.exe
"UDP Query User{752EE28F-1698-47C3-8707-CA5B45E1889B}c:\\users\\steven\\appdata\\local\\temp\\dc75eeeeaa8e4444a9ed8617b0db3936\\relicdownloader.exe"= TCP:c:\users\steven\appdata\local\temp\dc75eeeeaa8e4444a9ed8617b0db3936\relicdownloader.exe:relicdownloader.exe
"{98DFA875-722B-4E10-B829-C6F8705207FE}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{1331F6D2-8F77-409A-922C-1AACF0B01BA8}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{FDF6D916-042F-4EB8-86AA-CDBCD15F1407}"= UDP:c:\program files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe:Nero StartSmart Essentials
"{EC44A7F1-4E57-4B57-B954-FB30DB4C0416}"= TCP:c:\program files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe:Nero StartSmart Essentials

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/10/2009 21:32 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/10/2009 21:32 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/10/2009 21:32 53328]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
.
Contenu du dossier 'Tâches planifiées'

2009-10-13 c:\windows\Tasks\Extension de garantie-Steven.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-05-23 10:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Steam - c:\program files\steam\steam.exe
AddRemove-Steam App 17510 - c:\program files\Steam\steam.exe
AddRemove-Steam App 211 - c:\program files\Steam\steam.exe
AddRemove-Steam App 215 - c:\program files\Steam\steam.exe
AddRemove-Steam App 219 - c:\program files\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
AddRemove-Steam App 340 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 500 - c:\program files\Steam\steam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 21:18
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

[0] 0x20E974E9

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\Steven\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-10-13 21:19
ComboFix-quarantined-files.txt 2009-10-13 19:19
ComboFix2.txt 2009-10-13 18:42

Avant-CF: 122 379 837 440 octets libres
Après-CF: 122 281 750 528 octets libres

284 --- E O F --- 2009-10-08 17:02
0
Réponse 10 / 12
lolit0
13 oct. 2009 à 21:31
malware rapport :

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2955
Windows 6.0.6002 Service Pack 2

13/10/2009 21:30:16
mbam-log-2009-10-13 (21-30-16).txt

Type de recherche: Examen rapide
Eléments examinés: 89550
Temps écoulé: 3 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



PS : mon logiciel steam marche plus :C
0
Réponse 11 / 12
Utilisateur anonyme
13 oct. 2009 à 21:45 
PS : mon logiciel steam marche plus :C

Refais un RSIT stp

==>Tu n'auras que le logtxt c'est normal!

a+


si ci'est ton seul problème !° !°!°... sois heureux !².....
0
Réponse 12 / 12
lolit0
13 oct. 2009 à 21:47
Non c'est bon il remarche ! alors le sujet et clot ? donc je peut te remercier :D donc

Un grand merci à Archet9 pour son aide trés bien détaillé ! abiento enrevoire
0

Discussions similaires

Que signifie cet emoji :3
Moi -
AssassinTourist -

2 réponses
Signification de " :3 "
blanchecanelle -
Pistounette -

5 réponses
Nombre de combinaisons possibles avec trois chiffres
LA MENACE -
Marion_P92 -

14 réponses
Que peut faire 3fois/j un homme, mais qu'1fois/j une femme
Soter -
Raymond PENTIER -

1 réponse
3 bip long 2 bip courts
bgielel -
Bgiebgielel -

14 réponses