VIrus non recconnu

sana -  
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
Bonjour,
Depuiq quelque jour , j'ai un virus qui me sorts des fenêtre qui s'ouvre tous le temps,
de plus mes téléchargements sont super lent arrivés dans les 20-30%.
J'ai essayé un scan bit defender et une analyse complète du système mais il n'y a rien à faire.
voici les log avec HijackThis.

LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by DECOLOGIE at 2010-01-02 00:39:48
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 125 GB (45%) free of 277 GB
Total RAM: 3070 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:40:34, on 02/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\DECOLOGIE\Application Data\SystemProc\lsass.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\Drwtsn32.exe
C:\WINDOWS\system32\Drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\DECOLOGIE\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\DECOLOGIE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\DECOLOGIE\Application Data\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\diskcopy32.dll
O20 - Winlogon Notify: 4640d04724 - C:\WINDOWS\System32\diskcopy32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
mikka-mee Messages postés 262 Statut Membre 19
 
ben t en avais des choses a nous dire !!
0
Réponse 2 / 21
sana
 
Voici le Scan malware byte

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3471
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

02/01/2010 01:06:46
mbam-log-2010-01-02 (01-06-40).txt

Type de recherche: Examen rapide
Eléments examinés: 123721
Temps écoulé: 6 minute(s), 10 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 26

Processus mémoire infecté(s):
C:\Documents and Settings\DECOLOGIE\Application Data\SystemProc\lsass.exe (Trojan.Inject) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\diskcopy32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\58C.tmp (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\4640d04724 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Inject) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\diskcopy32.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\diskcopy32.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\diskcopy32.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\DECOLOGIE\Application Data\SystemProc\lsass.exe (Trojan.Inject) -> No action taken.
C:\WINDOWS\system32\58C.tmp (Trojan.Agent) -> No action taken.
C:\autoexec.exe (Trojan.Inject) -> No action taken.
C:\WINDOWS\system32\7D6.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\DivX32.dll (Trojan.Tracur) -> No action taken.
C:\WINDOWS\system32\dmscript32.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\SysWoW32\mi1581143902v4.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\mi1581143902v6.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\mi1581143902v7.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\mu1581143902v5 (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\mu1581143902v5.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\wu1581143902v0 (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\wu1581143902v0.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\wu1581143902v1 (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\wu1581143902v1.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\wu1581143902v2 (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\wu1581143902v2.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\wu1581143902v3 (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\SysWoW32\wu1581143902v3.kwd (Worm.Archive) -> No action taken.
C:\WINDOWS\system32\UACamwruuetaw.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\UACpropwoennc.db (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\confin.sys (Malware.Trace) -> No action taken.
0
Réponse 3 / 21
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut sana


Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp


==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++ :)
0
Réponse 4 / 21
mikka-mee Messages postés 262 Statut Membre 19
 
dedetraquer t es trop fort
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
sana
 
Alors voila le compte rendu de combofix,

Merci d'avance

ComboFix 09-12-31.A1 - DECOLOGIE 02/01/2010 2:17.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3070.2291 [GMT 1:00]
Lancé depuis: c:\documents and settings\DECOLOGIE\Mes documents\Téléchargements\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur.DECOLOGI-54810F\Application Data\Mozilla\Firefox\Profiles\q6viddun.default\extensions\{b4f783fa-ecca-4d24-9fd1-44728f889407}
c:\documents and settings\Administrateur.DECOLOGI-54810F\Application Data\Mozilla\Firefox\Profiles\q6viddun.default\extensions\{b4f783fa-ecca-4d24-9fd1-44728f889407}\chrome.manifest
c:\documents and settings\Administrateur.DECOLOGI-54810F\Application Data\Mozilla\Firefox\Profiles\q6viddun.default\extensions\{b4f783fa-ecca-4d24-9fd1-44728f889407}\chrome\xulcache.jar
c:\documents and settings\Administrateur.DECOLOGI-54810F\Application Data\Mozilla\Firefox\Profiles\q6viddun.default\extensions\{b4f783fa-ecca-4d24-9fd1-44728f889407}\defaults\preferences\xulcache.js
c:\documents and settings\Administrateur.DECOLOGI-54810F\Application Data\Mozilla\Firefox\Profiles\q6viddun.default\extensions\{b4f783fa-ecca-4d24-9fd1-44728f889407}\install.rdf
c:\documents and settings\DECOLOGIE\Application Data\02000000071a4797724C.manifest
c:\documents and settings\DECOLOGIE\Application Data\02000000071a4797724O.manifest
c:\documents and settings\DECOLOGIE\Application Data\02000000071a4797724P.manifest
c:\documents and settings\DECOLOGIE\Application Data\02000000071a4797724S.manifest
c:\documents and settings\DECOLOGIE\Application Data\Mozilla\Firefox\Profiles\1ixn9ov9.default\extensions\{b4f783fa-ecca-4d24-9fd1-44728f889407}
c:\documents and settings\DECOLOGIE\Application Data\Mozilla\Firefox\Profiles\1ixn9ov9.default\extensions\{b4f783fa-ecca-4d24-9fd1-44728f889407}\chrome.manifest
c:\documents and settings\DECOLOGIE\Application Data\Mozilla\Firefox\Profiles\1ixn9ov9.default\extensions\{b4f783fa-ecca-4d24-9fd1-44728f889407}\chrome\xulcache.jar
c:\documents and settings\DECOLOGIE\Application Data\Mozilla\Firefox\Profiles\1ixn9ov9.default\extensions\{b4f783fa-ecca-4d24-9fd1-44728f889407}\defaults\preferences\xulcache.js
c:\documents and settings\DECOLOGIE\Application Data\Mozilla\Firefox\Profiles\1ixn9ov9.default\extensions\{b4f783fa-ecca-4d24-9fd1-44728f889407}\install.rdf
c:\documents and settings\DECOLOGIE\Application Data\SystemProc
c:\documents and settings\DECOLOGIE\Application Data\SystemProc\lsass.exe
c:\documents and settings\DECOLOGIE\Mes documents\Téléchargements\testdisk-6.10.win\testdisk-6.10\win\Documents and Settings\leung\Bureau\es_trial_beta\_desktop.ini
c:\documents and settings\DECOLOGIE\Mes documents\Téléchargements\testdisk-6.10.win\testdisk-6.10\win\Downloads\_desktop.ini
c:\windows\GnuHashes.ini
c:\windows\system32\911632995
c:\windows\system32\AVSredirect.dll
c:\windows\system32\DMSCRIPT32.DLL
c:\windows\system32\UACamwruuetaw.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACpropwoennc.db
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-02 au 2010-01-02 ))))))))))))))))))))))))))))))))))))
.

2010-01-01 23:57 . 2010-01-01 23:57 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Malwarebytes
2010-01-01 23:57 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 23:57 . 2010-01-01 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-01 23:57 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 23:57 . 2010-01-01 23:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 23:50 . 2010-01-01 23:50 -------- d-----w- c:\program files\CCleaner
2010-01-01 23:40 . 2010-01-01 23:40 -------- d-----w- c:\program files\trend micro
2010-01-01 23:39 . 2010-01-01 23:40 -------- d-----w- C:\rsit
2010-01-01 23:05 . 2010-01-01 23:05 41472 ----a-w- C:\autoexec.exe
2010-01-01 07:32 . 2009-12-30 21:45 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\NAVENG.SYS
2010-01-01 07:32 . 2009-12-30 21:45 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\NAVENG32.DLL
2010-01-01 07:32 . 2009-12-30 21:45 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\NAVEX32A.DLL
2010-01-01 07:32 . 2009-12-30 21:45 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\NAVEX15.SYS
2010-01-01 07:32 . 2009-12-30 21:45 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\EECTRL.SYS
2010-01-01 07:32 . 2009-12-30 21:45 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\CCERASER.DLL
2010-01-01 07:32 . 2009-12-30 21:45 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\ECMSVR32.DLL
2010-01-01 07:32 . 2009-12-30 21:45 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\ERASER.SYS
2009-12-31 18:45 . 2009-12-31 18:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BS_Player
2009-12-31 18:45 . 2009-12-31 18:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-12-31 01:59 . 2009-12-31 01:59 -------- d-----w- c:\windows\LastGood
2009-12-30 21:45 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-30 21:45 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-30 21:45 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-30 21:45 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-30 21:45 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-30 21:41 . 2009-10-29 02:31 784752 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2009-12-30 21:41 . 2009-10-01 09:19 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2009-12-30 21:39 . 2009-12-30 21:41 -------- d-----w- c:\windows\system32\drivers\NIS
2009-12-30 21:39 . 2009-12-30 21:39 -------- d-----w- c:\program files\Norton Internet Security
2009-12-30 21:24 . 2009-12-30 23:09 -------- d-----w- c:\program files\NortonInstaller
2009-12-30 21:18 . 2009-12-30 23:06 -------- d-sh--w- c:\windows\system32\SysWoW32
2009-12-30 21:16 . 2009-12-30 21:16 10 ----a-w- C:\confin.sys
2009-12-30 21:16 . 2009-12-30 21:16 188416 ----a-w- c:\windows\system32\DivX32.dll
2009-12-30 21:16 . 2009-12-30 21:16 120320 ----a-w- c:\windows\system32\diskcopy32.dll
2009-12-25 01:38 . 2009-12-25 01:38 -------- d-----w- c:\documents and settings\DECOLOGIE\Local Settings\Application Data\Tific
2009-12-25 01:37 . 2009-12-25 01:37 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Tific
2009-12-24 23:26 . 2009-12-24 23:26 -------- d-----w- c:\windows\Sun
2009-12-24 23:16 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-12-24 23:16 . 2009-12-24 23:16 -------- d-----w- c:\program files\Common Files
2009-12-24 23:13 . 2009-08-17 06:48 158952 ----a-w- c:\windows\system32\PubPlugin.dll
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- C:\ijji
2009-12-24 23:07 . 2009-12-30 20:11 220926964 ----a-w- c:\documents and settings\DECOLOGIE\Application Data\ijjigame\U_GUNZ_setup.exe
2009-12-24 23:07 . 2009-12-25 01:13 -------- d--h--w- c:\documents and settings\DECOLOGIE\Application Data\ijjigame
2009-12-24 22:58 . 2009-06-03 16:48 779720 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PurpleBean.exe
2009-12-24 22:58 . 2009-05-27 17:08 591320 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ExLauncher.exe
2009-12-24 22:58 . 2008-08-20 09:46 632280 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PLauncher.exe
2009-12-24 22:58 . 2008-09-04 15:34 112048 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPrePLauncher.exe
2009-12-24 22:58 . 2008-08-28 11:50 480688 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjistarter2FxB.exe
2009-12-24 22:58 . 2008-08-28 11:50 83376 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPreStarter2FxB.exe
2009-12-24 22:58 . 2008-08-28 11:50 50608 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiNotify2FxB.exe
2009-12-24 22:58 . 2008-08-28 11:50 79280 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPreNotify2FxB.exe
2009-12-24 22:58 . 2009-12-24 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2009-12-24 22:57 . 2009-07-01 09:25 61440 ----a-w- c:\windows\system32\uc_atlantica_launching.dll
2009-12-24 22:57 . 2009-06-23 12:21 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll
2009-12-24 22:57 . 2009-03-31 16:43 53248 ----a-w- c:\windows\system32\uc_luminary_launching.dll
2009-12-24 22:57 . 2009-12-24 22:57 -------- d-----w- c:\program files\ijji
2009-12-24 22:57 . 2009-07-02 23:34 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-12-24 22:57 . 2009-07-02 23:34 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-12-24 22:57 . 2009-07-02 23:34 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-12-24 22:57 . 2009-01-29 10:53 87472 ----a-w- c:\windows\system32\ijjiChannelingPlugin.dll
2009-12-24 11:22 . 2009-12-24 11:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-24 11:22 . 2009-07-16 22:12 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-12-24 11:22 . 2009-07-16 22:12 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-12-24 11:22 . 2009-07-16 22:12 1233920 ----a-w- c:\windows\system32\msxml4.dll
2009-12-21 02:09 . 2009-12-21 02:09 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-21 01:59 . 2009-12-21 01:59 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-20 21:35 . 2009-12-20 21:35 -------- d-----w- c:\program files\Movies2iPhone
2009-12-20 20:41 . 2009-12-20 20:41 -------- d-----w- c:\program files\Tunatic
2009-12-20 20:01 . 2009-12-20 20:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-20 20:01 . 2009-12-20 20:01 -------- d-----w- c:\program files\Java
2009-12-20 20:01 . 2009-12-20 20:01 152576 ----a-w- c:\documents and settings\DECOLOGIE\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-12-20 20:01 . 2009-12-20 20:02 -------- d-----w- c:\program files\LimeWire
2009-12-16 20:44 . 2009-12-24 23:35 -------- d-----w- c:\documents and settings\DECOLOGIE\Local Settings\Application Data\BS_Player
2009-12-16 20:44 . 2009-12-16 20:44 -------- d-----w- c:\program files\Conduit
2009-12-16 20:44 . 2009-12-16 20:44 -------- d-----w- c:\documents and settings\DECOLOGIE\Local Settings\Application Data\Conduit
2009-12-16 20:44 . 2009-12-24 23:14 -------- d-----w- c:\program files\BS_Player
2009-12-16 20:44 . 2009-12-16 21:11 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\BSplayer
2009-12-16 20:44 . 2009-12-16 20:44 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\BSplayer Pro
2009-12-16 20:44 . 2009-12-16 20:44 -------- d-----w- c:\program files\Webteh
2009-12-15 16:21 . 2009-12-15 16:21 427008 ----a-w- c:\windows\system32\uc_wepic_launching.dll
2009-12-13 22:11 . 2009-12-13 22:11 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-13 18:08 . 2009-12-13 18:08 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-13 18:08 . 2009-12-13 18:08 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\app
2009-12-13 18:08 . 2009-12-16 00:50 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Dofus 2
2009-12-13 18:08 . 2009-12-13 18:08 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-13 17:27 . 2009-12-13 17:27 38784 ----a-w- c:\documents and settings\DECOLOGIE\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-13 17:27 . 2009-12-13 17:27 -------- d-----w- c:\program files\Dofus 2
2009-12-13 17:27 . 2009-12-13 17:27 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-13 17:27 . 2009-12-13 17:27 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2009-12-12 21:10 . 2009-12-12 21:10 -------- d-----w- c:\program files\Gameforge4D
2009-12-12 21:10 . 2004-05-10 11:14 118272 ----a-w- c:\windows\system32\SX5363S.DLL
2009-12-12 21:10 . 2004-05-10 11:14 102400 ----a-w- c:\windows\system32\RV32RTP.dll
2009-12-12 20:53 . 2009-12-12 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-12 20:47 . 2009-12-12 20:47 -------- d-----w- c:\windows\system32\Adobe
2009-12-12 20:45 . 2009-12-12 20:45 -------- d-----w- C:\GAMIGO
2009-12-11 04:24 . 2009-12-11 04:24 -------- d-----w- c:\program files\alaplaya
2009-12-08 02:18 . 2009-12-08 02:18 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\ImgBurn
2009-12-08 00:23 . 2009-12-08 00:23 -------- d-----w- c:\program files\ImgBurn
2009-12-07 01:24 . 2009-12-07 01:24 -------- d-----w- C:\cygdrive
2009-12-05 04:54 . 2009-12-05 04:54 529456 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys
2009-12-05 04:54 . 2009-12-05 04:54 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHRules.dll
2009-12-05 04:54 . 2009-12-05 04:54 1405840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHEngine.dll
2009-12-05 04:54 . 2009-12-05 04:54 668720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys
2009-12-05 04:54 . 2009-12-05 04:54 610704 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\bbRGen.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 00:37 . 2009-08-12 22:11 -------- d-----w- c:\program files\Dofus
2010-01-02 00:27 . 2009-09-07 00:21 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\vlc
2010-01-02 00:23 . 2009-08-13 10:17 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\dvdcss
2010-01-01 23:04 . 2009-12-20 20:02 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\LimeWire
2010-01-01 05:29 . 2010-01-01 05:29 741888 --sha-w- c:\windows\system32\7D6.tmp
2009-12-30 21:51 . 2009-12-30 21:40 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-12-30 21:40 . 2009-12-30 21:40 -------- d-----w- c:\program files\Symantec
2009-12-30 21:40 . 2009-12-30 21:40 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-30 21:40 . 2009-12-30 21:40 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-30 21:40 . 2009-12-30 21:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-30 21:40 . 2009-12-30 21:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-30 21:39 . 2009-09-30 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-30 21:24 . 2009-09-30 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-30 21:16 . 2009-12-30 21:16 741888 --sha-w- c:\windows\system32\58C.tmp
2009-12-29 22:05 . 2009-08-23 22:11 -------- d-----w- c:\program files\BitComet
2009-12-28 13:18 . 2009-10-16 08:50 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\U3
2009-12-24 22:57 . 2009-08-08 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 16:47 . 2009-08-27 01:07 -------- d-----w- c:\program files\DivX
2009-12-23 16:46 . 2009-08-27 21:59 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-12-02 23:39 . 2009-12-02 23:39 57660 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-02 22:56 . 2009-12-02 22:10 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Apple Computer
2009-12-02 22:53 . 2009-12-02 22:53 -------- d-----w- c:\program files\Fichiers communs\DVDVIDEOSOFT
2009-12-02 22:53 . 2009-12-02 22:53 -------- d-----w- c:\program files\DVDVIDEOSOFT
2009-12-02 22:33 . 2009-12-02 22:33 -------- d-----w- c:\program files\NCH Software
2009-12-02 22:32 . 2009-12-02 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-12-02 22:25 . 2009-12-02 22:25 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-02 22:11 . 2009-12-02 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-02 22:10 . 2009-12-02 22:10 -------- d-----w- c:\program files\iTunes
2009-12-02 22:10 . 2009-12-02 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-02 22:10 . 2009-12-02 22:10 -------- d-----w- c:\program files\iPod
2009-12-02 22:10 . 2009-12-02 22:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-12-02 22:10 . 2009-12-02 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-02 22:09 . 2009-12-02 22:09 -------- d-----w- c:\program files\QuickTime
2009-12-02 22:08 . 2009-12-02 22:08 -------- d-----w- c:\program files\Apple Software Update
2009-11-29 22:12 . 2009-08-13 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-23 22:40 . 2009-11-23 22:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-23 22:40 . 2009-11-23 22:34 -------- d-----w- c:\program files\Microsoft
2009-11-23 22:40 . 2009-11-23 22:40 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-23 22:40 . 2009-08-12 22:07 -------- d-----w- c:\program files\Windows Live
2009-11-23 22:40 . 2007-10-29 12:00 72776 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-23 22:40 . 2007-10-29 12:00 462242 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-23 22:36 . 2009-11-23 22:36 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-22 17:24 . 2009-11-22 17:24 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\AVS4YOU
2009-11-22 17:24 . 2009-11-22 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-11-22 17:23 . 2009-11-22 17:20 -------- d-----w- c:\program files\AVS4YOU
2009-11-22 17:23 . 2009-11-22 17:22 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2009-11-22 17:20 . 2009-08-12 22:25 -------- d-----w- c:\program files\Free Music Zilla
2009-11-18 14:11 . 2009-11-18 14:11 -------- d-----w- c:\program files\Micro Application
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-24 01:27 . 2009-08-08 11:38 16608 ----a-w- c:\windows\gdrv.sys
2009-10-05 17:34 . 2009-12-30 21:40 929648 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2007-10-29 12:00 . 2007-10-29 12:00 65024 --sha-w- c:\windows\system32\asycfilt.dll
1995-07-11 08:50 . 2009-11-18 14:11 24576 --sha-w- c:\windows\system32\AWCODC32.DLL
1995-07-11 08:50 . 2009-11-18 14:11 6144 --sha-w- c:\windows\system32\AWDCXC32.DLL
1995-11-16 17:39 . 2009-11-18 14:11 11776 --sha-w- c:\windows\system32\AWDENC32.DLL
1995-07-11 08:50 . 2009-11-18 14:11 26624 --sha-w- c:\windows\system32\AWRESX32.DLL
1995-10-09 15:58 . 2009-11-18 14:11 10240 --sha-w- c:\windows\system32\AWVIEW32.DLL
2007-10-29 12:00 . 2007-10-29 12:00 3584 --sha-w- c:\windows\system32\comcat.dll
1998-04-04 19:23 . 2009-11-18 14:11 24576 --sha-w- c:\windows\system32\LFAVI90N.DLL
1998-05-20 16:14 . 2009-11-18 14:11 28672 --sha-w- c:\windows\system32\lfawd90n.dll
1998-05-15 16:00 . 2009-11-18 14:11 33792 --sha-w- c:\windows\system32\lfbmp90n.dll
1998-05-18 16:50 . 2009-11-18 14:11 27136 --sha-w- c:\windows\system32\lfcal90n.dll
1998-05-15 16:01 . 2009-11-18 14:11 235008 --sha-w- c:\windows\system32\LFCMP90n.DLL
1998-06-24 17:59 . 2009-11-18 14:11 237568 --sha-w- c:\windows\system32\LFDIC90N.DLL
1998-04-04 19:24 . 2009-11-18 14:11 31232 --sha-w- c:\windows\system32\LFEPS90N.DLL
1998-05-15 15:59 . 2009-11-18 14:11 64512 --sha-w- c:\windows\system32\lffax90n.dll
1997-11-21 17:03 . 2009-11-18 14:11 338944 --sha-w- c:\windows\system32\lffpx7.dll
1998-05-20 16:14 . 2009-11-18 14:11 88576 --sha-w- c:\windows\system32\lffpx90n.dll
1998-05-15 16:02 . 2009-11-18 14:11 39936 --sha-w- c:\windows\system32\lfgif90n.dll
1998-05-15 16:02 . 2009-11-18 14:11 46592 --sha-w- c:\windows\system32\LFICA90N.DLL
1998-04-04 19:24 . 2009-11-18 14:11 27136 --sha-w- c:\windows\system32\LFIMG90N.DLL
1997-09-30 13:30 . 2009-11-18 14:11 122880 --sha-w- c:\windows\system32\LFKODAK.DLL
1998-04-04 19:24 . 2009-11-18 14:11 35840 --sha-w- c:\windows\system32\LFLMA90N.DLL
1998-04-04 19:24 . 2009-11-18 14:11 31232 --sha-w- c:\windows\system32\LFLMB90N.DLL
1998-04-04 19:24 . 2009-11-18 14:11 25600 --sha-w- c:\windows\system32\LFMAC90N.DLL
1998-04-04 19:25 . 2009-11-18 14:11 26112 --sha-w- c:\windows\system32\LFMSP90N.DLL
1998-04-04 19:25 . 2009-11-18 14:11 26624 --sha-w- c:\windows\system32\LFPCD90N.DLL
1998-05-15 16:03 . 2009-11-18 14:11 31232 --sha-w- c:\windows\system32\lfpct90n.dll
1998-04-04 19:25 . 2009-11-18 14:11 30720 --sha-w- c:\windows\system32\lfpcx90n.dll
1998-06-23 09:10 . 2009-11-18 14:11 133632 --sha-w- c:\windows\system32\lfpng90n.dll
1998-05-18 17:27 . 2009-11-18 14:11 29184 --sha-w- c:\windows\system32\lfpsd90n.dll
1998-04-04 19:25 . 2009-11-18 14:11 26112 --sha-w- c:\windows\system32\LFRAS90N.DLL
1998-04-04 19:25 . 2009-11-18 14:11 28160 --sha-w- c:\windows\system32\LFTGA90N.DLL
1998-05-15 16:05 . 2009-11-18 14:11 118272 --sha-w- c:\windows\system32\lftif90n.dll
1998-04-04 19:26 . 2009-11-18 14:11 25600 --sha-w- c:\windows\system32\lfwfx90n.dll
1998-05-15 16:05 . 2009-11-18 14:11 28672 --sha-w- c:\windows\system32\lfwmf90n.dll
1998-04-04 19:26 . 2009-11-18 14:11 27648 --sha-w- c:\windows\system32\lfwpg90n.dll
1998-05-15 15:27 . 2009-11-18 14:11 238592 --sha-w- c:\windows\system32\ltann90n.dll
1998-05-15 15:26 . 2009-11-18 14:11 220160 --sha-w- c:\windows\system32\LTDIS90n.dll
1998-05-18 17:03 . 2009-11-18 14:11 145920 --sha-w- c:\windows\system32\LTDLG90N.DLL
1998-04-04 19:22 . 2009-11-18 14:11 146432 --sha-w- c:\windows\system32\ltefx90n.dll
1998-06-23 11:41 . 2009-11-18 14:11 99328 --sha-w- c:\windows\system32\ltfil90n.DLL
1998-05-20 16:13 . 2009-11-18 14:11 104448 --sha-w- c:\windows\system32\ltimg90n.dll
1998-05-20 16:14 . 2009-11-18 14:11 38400 --sha-w- c:\windows\system32\ltisi90n.dll
1998-06-19 14:44 . 2009-11-18 14:11 290304 --sha-w- c:\windows\system32\ltkrn90n.dll
1998-06-29 16:28 . 2009-11-18 14:11 43520 --sha-w- c:\windows\system32\LTNET90N.DLL
1998-04-03 18:01 . 2009-11-18 14:11 3824 --sha-w- c:\windows\system32\ltthk90w.dll
1998-05-19 17:53 . 2009-11-18 14:11 35328 --sha-w- c:\windows\system32\lttwn90n.dll
1998-04-03 18:01 . 2009-11-18 14:11 45936 --sha-w- c:\windows\system32\ltvdd90w.drv
1998-05-20 16:15 . 2009-11-18 14:11 148480 --sha-w- c:\windows\system32\LTVID90N.DLL
2007-10-29 12:00 . 2007-10-29 12:00 1028096 --sha-w- c:\windows\system32\mfc42.dll
1999-02-22 11:00 . 2009-11-18 14:11 159744 --sha-w- c:\windows\system32\MFCANS32.DLL
2007-10-29 12:00 . 2007-10-29 12:00 343040 --sha-w- c:\windows\system32\msvcrt.dll
1998-04-29 19:00 . 2009-11-18 14:11 58880 --sha-w- c:\windows\system32\npplg90N.dll
1995-05-21 23:00 . 2009-11-18 14:11 640512 --sha-w- c:\windows\system32\OC30.DLL
2007-12-04 18:41 . 2007-10-29 12:00 550912 --sha-w- c:\windows\system32\oleaut32.dll
2007-10-29 12:00 . 2007-10-29 12:00 83456 --sha-w- c:\windows\system32\olepro32.dll
1998-12-09 00:53 . 1998-12-09 00:53 212480 --sha-w- c:\windows\system32\PCDLIB32.DLL
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-24 23:14 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2007-10-29 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-10-29 208952]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-10-21 208896]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-10-29 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-10-29 455168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-29 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\4640d04724]
2009-12-30 21:16 120320 ----a-w- c:\windows\system32\diskcopy32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^DECOLOGIE^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk]
path=c:\documents and settings\DECOLOGIE\Menu Démarrer\Programmes\Démarrage\Free Music Zilla.lnk
backup=c:\windows\pss\Free Music Zilla.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DECOLOGIE^Menu Démarrer^Programmes^Démarrage^LimeWire On Startup.lnk]
path=c:\documents and settings\DECOLOGIE\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 00:12 483328 ------w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ------w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 13:18 94208 ------w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 05:33 1630208 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-01-13 06:37 18084864 ------w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-20 20:01 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10188:TCP"= 10188:TCP:BitComet 10188 TCP
"10188:UDP"= 10188:UDP:BitComet 10188 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 19:41 33808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1101000.013\SymDS.sys [30/12/2009 22:40 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1101000.013\SymEFA.sys [30/12/2009 22:40 171056]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [05/12/2009 05:54 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1101000.013\cchpx86.sys [30/12/2009 22:40 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1101000.013\Ironx86.sys [30/12/2009 22:40 114736]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [30/12/2009 22:40 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/12/2009 22:45 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [30/12/2009 22:45 329592]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 16:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 19:59 19472]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-01-01 c:\windows\Tasks\_default.job
- c:\windows\_default.pif [2007-10-29 12:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\documents and settings\DECOLOGIE\Application Data\Mozilla\Firefox\Profiles\1ixn9ov9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\DECOLOGIE\Application Data\Mozilla\Firefox\Profiles\1ixn9ov9.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\DECOLOGIE\Application Data\SystemProc\lsass.exe
MSConfigStartUp-Monopod - c:\docume~1\DECOLO~1\LOCALS~1\Temp\b.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 02:22
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

? [10940]

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\DECOLOGIE\Application Data\SystemProc\lsass.exe??????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\System32\diskcopy32.dll
.
Heure de fin: 2010-01-02 02:24:37
ComboFix-quarantined-files.txt 2010-01-02 01:24

Avant-CF: 150 424 059 904 octets libres
Après-CF: 153 551 171 584 octets libres

- - End Of File - - 7BAC0B119B624854FDA8DAFA1F69098E
0
Réponse 6 / 21
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut sana


- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en gras ci-dessous dans le Bloc-Notes :

KillAll::

Driver::
npggsvc
RkPavproc1

File::
c:\windows\system32\diskcopy32.dll
c:\windows\Tasks\_default.job

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\4640d04724]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
RTHDBPL =-

- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes

Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

http://free0.hiboox.com/images/2409/9126d3b136f7db9ab6242ad715b44296.gif

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


@++ :)
0
Réponse 7 / 21
sana
 
Alors j'ai bien fait le scan et mon ordinateur a redémarrer.

Voici le rapport:

ComboFix 09-12-31.A1 - DECOLOGIE 02/01/2010 3:03.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3070.2217 [GMT 1:00]
Lancé depuis: c:\documents and settings\DECOLOGIE\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\DECOLOGIE\Bureau\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\system32\diskcopy32.dll"
"c:\windows\Tasks\_default.job"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DECOLOGIE\Application Data\02000000071a4797724C.manifest
c:\documents and settings\DECOLOGIE\Application Data\02000000071a4797724O.manifest
c:\documents and settings\DECOLOGIE\Application Data\02000000071a4797724P.manifest
c:\documents and settings\DECOLOGIE\Application Data\02000000071a4797724S.manifest
c:\windows\system32\diskcopy32.dll
c:\windows\Tasks\_default.job

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npggsvc
-------\Service_RkPavproc1


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-02 au 2010-01-02 ))))))))))))))))))))))))))))))))))))
.

2010-01-01 23:57 . 2010-01-01 23:57 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Malwarebytes
2010-01-01 23:57 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 23:57 . 2010-01-01 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-01 23:57 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 23:57 . 2010-01-01 23:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 23:50 . 2010-01-01 23:50 -------- d-----w- c:\program files\CCleaner
2010-01-01 23:40 . 2010-01-01 23:40 -------- d-----w- c:\program files\trend micro
2010-01-01 23:39 . 2010-01-01 23:40 -------- d-----w- C:\rsit
2010-01-01 23:05 . 2010-01-01 23:05 41472 ----a-w- C:\autoexec.exe
2010-01-01 07:32 . 2009-12-30 21:45 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\NAVENG.SYS
2010-01-01 07:32 . 2009-12-30 21:45 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\NAVENG32.DLL
2010-01-01 07:32 . 2009-12-30 21:45 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\NAVEX32A.DLL
2010-01-01 07:32 . 2009-12-30 21:45 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\NAVEX15.SYS
2010-01-01 07:32 . 2009-12-30 21:45 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\EECTRL.SYS
2010-01-01 07:32 . 2009-12-30 21:45 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\CCERASER.DLL
2010-01-01 07:32 . 2009-12-30 21:45 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\ECMSVR32.DLL
2010-01-01 07:32 . 2009-12-30 21:45 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\ERASER.SYS
2009-12-31 18:45 . 2009-12-31 18:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BS_Player
2009-12-31 18:45 . 2009-12-31 18:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-12-30 21:45 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-30 21:45 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-30 21:45 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-30 21:45 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-30 21:45 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-30 21:41 . 2009-10-29 02:31 784752 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2009-12-30 21:41 . 2009-10-01 09:19 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2009-12-30 21:39 . 2009-12-30 21:41 -------- d-----w- c:\windows\system32\drivers\NIS
2009-12-30 21:39 . 2009-12-30 21:39 -------- d-----w- c:\program files\Norton Internet Security
2009-12-30 21:24 . 2009-12-30 23:09 -------- d-----w- c:\program files\NortonInstaller
2009-12-30 21:18 . 2009-12-30 23:06 -------- d-sh--w- c:\windows\system32\SysWoW32
2009-12-30 21:16 . 2009-12-30 21:16 10 ----a-w- C:\confin.sys
2009-12-30 21:16 . 2009-12-30 21:16 188416 ----a-w- c:\windows\system32\DivX32.dll
2009-12-25 01:38 . 2009-12-25 01:38 -------- d-----w- c:\documents and settings\DECOLOGIE\Local Settings\Application Data\Tific
2009-12-25 01:37 . 2009-12-25 01:37 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Tific
2009-12-24 23:26 . 2009-12-24 23:26 -------- d-----w- c:\windows\Sun
2009-12-24 23:16 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-12-24 23:16 . 2009-12-24 23:16 -------- d-----w- c:\program files\Common Files
2009-12-24 23:13 . 2009-08-17 06:48 158952 ----a-w- c:\windows\system32\PubPlugin.dll
2009-12-24 23:11 . 2009-12-24 23:11 -------- d-----w- C:\ijji
2009-12-24 23:07 . 2009-12-30 20:11 220926964 ----a-w- c:\documents and settings\DECOLOGIE\Application Data\ijjigame\U_GUNZ_setup.exe
2009-12-24 23:07 . 2009-12-25 01:13 -------- d--h--w- c:\documents and settings\DECOLOGIE\Application Data\ijjigame
2009-12-24 22:58 . 2009-06-03 16:48 779720 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PurpleBean.exe
2009-12-24 22:58 . 2009-05-27 17:08 591320 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ExLauncher.exe
2009-12-24 22:58 . 2008-08-20 09:46 632280 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PLauncher.exe
2009-12-24 22:58 . 2008-09-04 15:34 112048 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPrePLauncher.exe
2009-12-24 22:58 . 2008-08-28 11:50 480688 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjistarter2FxB.exe
2009-12-24 22:58 . 2008-08-28 11:50 83376 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPreStarter2FxB.exe
2009-12-24 22:58 . 2008-08-28 11:50 50608 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiNotify2FxB.exe
2009-12-24 22:58 . 2008-08-28 11:50 79280 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPreNotify2FxB.exe
2009-12-24 22:58 . 2009-12-24 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2009-12-24 22:57 . 2009-07-01 09:25 61440 ----a-w- c:\windows\system32\uc_atlantica_launching.dll
2009-12-24 22:57 . 2009-06-23 12:21 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll
2009-12-24 22:57 . 2009-03-31 16:43 53248 ----a-w- c:\windows\system32\uc_luminary_launching.dll
2009-12-24 22:57 . 2009-12-24 22:57 -------- d-----w- c:\program files\ijji
2009-12-24 22:57 . 2009-07-02 23:34 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-12-24 22:57 . 2009-07-02 23:34 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-12-24 22:57 . 2009-07-02 23:34 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-12-24 22:57 . 2009-01-29 10:53 87472 ----a-w- c:\windows\system32\ijjiChannelingPlugin.dll
2009-12-24 11:22 . 2009-12-24 11:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-24 11:22 . 2009-07-16 22:12 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-12-24 11:22 . 2009-07-16 22:12 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-12-24 11:22 . 2009-07-16 22:12 1233920 ----a-w- c:\windows\system32\msxml4.dll
2009-12-21 02:09 . 2009-12-21 02:09 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-21 01:59 . 2009-12-21 01:59 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-20 21:35 . 2009-12-20 21:35 -------- d-----w- c:\program files\Movies2iPhone
2009-12-20 20:41 . 2009-12-20 20:41 -------- d-----w- c:\program files\Tunatic
2009-12-20 20:01 . 2009-12-20 20:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-20 20:01 . 2009-12-20 20:01 -------- d-----w- c:\program files\Java
2009-12-20 20:01 . 2009-12-20 20:01 152576 ----a-w- c:\documents and settings\DECOLOGIE\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-12-20 20:01 . 2009-12-20 20:02 -------- d-----w- c:\program files\LimeWire
2009-12-16 20:44 . 2009-12-24 23:35 -------- d-----w- c:\documents and settings\DECOLOGIE\Local Settings\Application Data\BS_Player
2009-12-16 20:44 . 2009-12-16 20:44 -------- d-----w- c:\program files\Conduit
2009-12-16 20:44 . 2009-12-16 20:44 -------- d-----w- c:\documents and settings\DECOLOGIE\Local Settings\Application Data\Conduit
2009-12-16 20:44 . 2009-12-24 23:14 -------- d-----w- c:\program files\BS_Player
2009-12-16 20:44 . 2009-12-16 21:11 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\BSplayer
2009-12-16 20:44 . 2009-12-16 20:44 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\BSplayer Pro
2009-12-16 20:44 . 2009-12-16 20:44 -------- d-----w- c:\program files\Webteh
2009-12-15 16:21 . 2009-12-15 16:21 427008 ----a-w- c:\windows\system32\uc_wepic_launching.dll
2009-12-13 22:11 . 2009-12-13 22:11 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-13 18:08 . 2009-12-13 18:08 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-13 18:08 . 2009-12-13 18:08 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\app
2009-12-13 18:08 . 2009-12-16 00:50 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Dofus 2
2009-12-13 18:08 . 2009-12-13 18:08 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-13 17:27 . 2009-12-13 17:27 38784 ----a-w- c:\documents and settings\DECOLOGIE\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-13 17:27 . 2009-12-13 17:27 -------- d-----w- c:\program files\Dofus 2
2009-12-13 17:27 . 2009-12-13 17:27 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-13 17:27 . 2009-12-13 17:27 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2009-12-12 21:10 . 2009-12-12 21:10 -------- d-----w- c:\program files\Gameforge4D
2009-12-12 21:10 . 2004-05-10 11:14 118272 ----a-w- c:\windows\system32\SX5363S.DLL
2009-12-12 21:10 . 2004-05-10 11:14 102400 ----a-w- c:\windows\system32\RV32RTP.dll
2009-12-12 20:53 . 2009-12-12 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-12 20:47 . 2009-12-12 20:47 -------- d-----w- c:\windows\system32\Adobe
2009-12-12 20:45 . 2009-12-12 20:45 -------- d-----w- C:\GAMIGO
2009-12-11 04:24 . 2009-12-11 04:24 -------- d-----w- c:\program files\alaplaya
2009-12-08 02:18 . 2009-12-08 02:18 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\ImgBurn
2009-12-08 00:23 . 2009-12-08 00:23 -------- d-----w- c:\program files\ImgBurn
2009-12-07 01:24 . 2009-12-07 01:24 -------- d-----w- C:\cygdrive
2009-12-05 04:54 . 2009-12-05 04:54 529456 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys
2009-12-05 04:54 . 2009-12-05 04:54 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHRules.dll
2009-12-05 04:54 . 2009-12-05 04:54 1405840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHEngine.dll
2009-12-05 04:54 . 2009-12-05 04:54 668720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys
2009-12-05 04:54 . 2009-12-05 04:54 610704 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\bbRGen.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 00:37 . 2009-08-12 22:11 -------- d-----w- c:\program files\Dofus
2010-01-02 00:27 . 2009-09-07 00:21 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\vlc
2010-01-02 00:23 . 2009-08-13 10:17 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\dvdcss
2010-01-01 23:04 . 2009-12-20 20:02 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\LimeWire
2010-01-01 05:29 . 2010-01-01 05:29 741888 --sha-w- c:\windows\system32\7D6.tmp
2009-12-30 21:51 . 2009-12-30 21:40 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-12-30 21:40 . 2009-12-30 21:40 -------- d-----w- c:\program files\Symantec
2009-12-30 21:40 . 2009-12-30 21:40 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-30 21:40 . 2009-12-30 21:40 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-30 21:40 . 2009-12-30 21:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-30 21:40 . 2009-12-30 21:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-30 21:39 . 2009-09-30 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-30 21:24 . 2009-09-30 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-30 21:16 . 2009-12-30 21:16 741888 --sha-w- c:\windows\system32\58C.tmp
2009-12-29 22:05 . 2009-08-23 22:11 -------- d-----w- c:\program files\BitComet
2009-12-28 13:18 . 2009-10-16 08:50 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\U3
2009-12-24 22:57 . 2009-08-08 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 16:47 . 2009-08-27 01:07 -------- d-----w- c:\program files\DivX
2009-12-23 16:46 . 2009-08-27 21:59 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-12-02 23:39 . 2009-12-02 23:39 57660 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-02 22:56 . 2009-12-02 22:10 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\Apple Computer
2009-12-02 22:53 . 2009-12-02 22:53 -------- d-----w- c:\program files\Fichiers communs\DVDVIDEOSOFT
2009-12-02 22:53 . 2009-12-02 22:53 -------- d-----w- c:\program files\DVDVIDEOSOFT
2009-12-02 22:33 . 2009-12-02 22:33 -------- d-----w- c:\program files\NCH Software
2009-12-02 22:32 . 2009-12-02 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-12-02 22:25 . 2009-12-02 22:25 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-02 22:11 . 2009-12-02 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-02 22:10 . 2009-12-02 22:10 -------- d-----w- c:\program files\iTunes
2009-12-02 22:10 . 2009-12-02 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-02 22:10 . 2009-12-02 22:10 -------- d-----w- c:\program files\iPod
2009-12-02 22:10 . 2009-12-02 22:08 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-12-02 22:10 . 2009-12-02 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-02 22:09 . 2009-12-02 22:09 -------- d-----w- c:\program files\QuickTime
2009-12-02 22:08 . 2009-12-02 22:08 -------- d-----w- c:\program files\Apple Software Update
2009-11-29 22:12 . 2009-08-13 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-23 22:40 . 2009-11-23 22:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-23 22:40 . 2009-11-23 22:34 -------- d-----w- c:\program files\Microsoft
2009-11-23 22:40 . 2009-11-23 22:40 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-23 22:40 . 2009-08-12 22:07 -------- d-----w- c:\program files\Windows Live
2009-11-23 22:40 . 2007-10-29 12:00 72776 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-23 22:40 . 2007-10-29 12:00 462242 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-23 22:36 . 2009-11-23 22:36 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-22 17:24 . 2009-11-22 17:24 -------- d-----w- c:\documents and settings\DECOLOGIE\Application Data\AVS4YOU
2009-11-22 17:24 . 2009-11-22 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-11-22 17:23 . 2009-11-22 17:20 -------- d-----w- c:\program files\AVS4YOU
2009-11-22 17:23 . 2009-11-22 17:22 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2009-11-22 17:20 . 2009-08-12 22:25 -------- d-----w- c:\program files\Free Music Zilla
2009-11-18 14:11 . 2009-11-18 14:11 -------- d-----w- c:\program files\Micro Application
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-24 01:27 . 2009-08-08 11:38 16608 ----a-w- c:\windows\gdrv.sys
2009-10-05 17:34 . 2009-12-30 21:40 929648 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2007-10-29 12:00 . 2007-10-29 12:00 65024 --sha-w- c:\windows\system32\asycfilt.dll
1995-07-11 08:50 . 2009-11-18 14:11 24576 --sha-w- c:\windows\system32\AWCODC32.DLL
1995-07-11 08:50 . 2009-11-18 14:11 6144 --sha-w- c:\windows\system32\AWDCXC32.DLL
1995-11-16 17:39 . 2009-11-18 14:11 11776 --sha-w- c:\windows\system32\AWDENC32.DLL
1995-07-11 08:50 . 2009-11-18 14:11 26624 --sha-w- c:\windows\system32\AWRESX32.DLL
1995-10-09 15:58 . 2009-11-18 14:11 10240 --sha-w- c:\windows\system32\AWVIEW32.DLL
2007-10-29 12:00 . 2007-10-29 12:00 3584 --sha-w- c:\windows\system32\comcat.dll
1998-04-04 19:23 . 2009-11-18 14:11 24576 --sha-w- c:\windows\system32\LFAVI90N.DLL
1998-05-20 16:14 . 2009-11-18 14:11 28672 --sha-w- c:\windows\system32\lfawd90n.dll
1998-05-15 16:00 . 2009-11-18 14:11 33792 --sha-w- c:\windows\system32\lfbmp90n.dll
1998-05-18 16:50 . 2009-11-18 14:11 27136 --sha-w- c:\windows\system32\lfcal90n.dll
1998-05-15 16:01 . 2009-11-18 14:11 235008 --sha-w- c:\windows\system32\LFCMP90n.DLL
1998-06-24 17:59 . 2009-11-18 14:11 237568 --sha-w- c:\windows\system32\LFDIC90N.DLL
1998-04-04 19:24 . 2009-11-18 14:11 31232 --sha-w- c:\windows\system32\LFEPS90N.DLL
1998-05-15 15:59 . 2009-11-18 14:11 64512 --sha-w- c:\windows\system32\lffax90n.dll
1997-11-21 17:03 . 2009-11-18 14:11 338944 --sha-w- c:\windows\system32\lffpx7.dll
1998-05-20 16:14 . 2009-11-18 14:11 88576 --sha-w- c:\windows\system32\lffpx90n.dll
1998-05-15 16:02 . 2009-11-18 14:11 39936 --sha-w- c:\windows\system32\lfgif90n.dll
1998-05-15 16:02 . 2009-11-18 14:11 46592 --sha-w- c:\windows\system32\LFICA90N.DLL
1998-04-04 19:24 . 2009-11-18 14:11 27136 --sha-w- c:\windows\system32\LFIMG90N.DLL
1997-09-30 13:30 . 2009-11-18 14:11 122880 --sha-w- c:\windows\system32\LFKODAK.DLL
1998-04-04 19:24 . 2009-11-18 14:11 35840 --sha-w- c:\windows\system32\LFLMA90N.DLL
1998-04-04 19:24 . 2009-11-18 14:11 31232 --sha-w- c:\windows\system32\LFLMB90N.DLL
1998-04-04 19:24 . 2009-11-18 14:11 25600 --sha-w- c:\windows\system32\LFMAC90N.DLL
1998-04-04 19:25 . 2009-11-18 14:11 26112 --sha-w- c:\windows\system32\LFMSP90N.DLL
1998-04-04 19:25 . 2009-11-18 14:11 26624 --sha-w- c:\windows\system32\LFPCD90N.DLL
1998-05-15 16:03 . 2009-11-18 14:11 31232 --sha-w- c:\windows\system32\lfpct90n.dll
1998-04-04 19:25 . 2009-11-18 14:11 30720 --sha-w- c:\windows\system32\lfpcx90n.dll
1998-06-23 09:10 . 2009-11-18 14:11 133632 --sha-w- c:\windows\system32\lfpng90n.dll
1998-05-18 17:27 . 2009-11-18 14:11 29184 --sha-w- c:\windows\system32\lfpsd90n.dll
1998-04-04 19:25 . 2009-11-18 14:11 26112 --sha-w- c:\windows\system32\LFRAS90N.DLL
1998-04-04 19:25 . 2009-11-18 14:11 28160 --sha-w- c:\windows\system32\LFTGA90N.DLL
1998-05-15 16:05 . 2009-11-18 14:11 118272 --sha-w- c:\windows\system32\lftif90n.dll
1998-04-04 19:26 . 2009-11-18 14:11 25600 --sha-w- c:\windows\system32\lfwfx90n.dll
1998-05-15 16:05 . 2009-11-18 14:11 28672 --sha-w- c:\windows\system32\lfwmf90n.dll
1998-04-04 19:26 . 2009-11-18 14:11 27648 --sha-w- c:\windows\system32\lfwpg90n.dll
1998-05-15 15:27 . 2009-11-18 14:11 238592 --sha-w- c:\windows\system32\ltann90n.dll
1998-05-15 15:26 . 2009-11-18 14:11 220160 --sha-w- c:\windows\system32\LTDIS90n.dll
1998-05-18 17:03 . 2009-11-18 14:11 145920 --sha-w- c:\windows\system32\LTDLG90N.DLL
1998-04-04 19:22 . 2009-11-18 14:11 146432 --sha-w- c:\windows\system32\ltefx90n.dll
1998-06-23 11:41 . 2009-11-18 14:11 99328 --sha-w- c:\windows\system32\ltfil90n.DLL
1998-05-20 16:13 . 2009-11-18 14:11 104448 --sha-w- c:\windows\system32\ltimg90n.dll
1998-05-20 16:14 . 2009-11-18 14:11 38400 --sha-w- c:\windows\system32\ltisi90n.dll
1998-06-19 14:44 . 2009-11-18 14:11 290304 --sha-w- c:\windows\system32\ltkrn90n.dll
1998-06-29 16:28 . 2009-11-18 14:11 43520 --sha-w- c:\windows\system32\LTNET90N.DLL
1998-04-03 18:01 . 2009-11-18 14:11 3824 --sha-w- c:\windows\system32\ltthk90w.dll
1998-05-19 17:53 . 2009-11-18 14:11 35328 --sha-w- c:\windows\system32\lttwn90n.dll
1998-04-03 18:01 . 2009-11-18 14:11 45936 --sha-w- c:\windows\system32\ltvdd90w.drv
1998-05-20 16:15 . 2009-11-18 14:11 148480 --sha-w- c:\windows\system32\LTVID90N.DLL
2007-10-29 12:00 . 2007-10-29 12:00 1028096 --sha-w- c:\windows\system32\mfc42.dll
1999-02-22 11:00 . 2009-11-18 14:11 159744 --sha-w- c:\windows\system32\MFCANS32.DLL
1998-04-29 19:00 . 2009-11-18 14:11 58880 --sha-w- c:\windows\system32\npplg90N.dll
1995-05-21 23:00 . 2009-11-18 14:11 640512 --sha-w- c:\windows\system32\OC30.DLL
2007-12-04 18:41 . 2007-10-29 12:00 550912 --sha-w- c:\windows\system32\oleaut32.dll
2007-10-29 12:00 . 2007-10-29 12:00 83456 --sha-w- c:\windows\system32\olepro32.dll
1998-12-09 00:53 . 1998-12-09 00:53 212480 --sha-w- c:\windows\system32\PCDLIB32.DLL
.

((((((((((((((((((((((((((((( SnapShot@2010-01-02_01.23.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-02 02:10 . 2010-01-02 02:10 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
+ 2010-01-02 02:10 . 2010-01-02 02:10 16384 c:\windows\Temp\Perflib_Perfdata_354.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-24 23:14 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-12-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^DECOLOGIE^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk]
path=c:\documents and settings\DECOLOGIE\Menu Démarrer\Programmes\Démarrage\Free Music Zilla.lnk
backup=c:\windows\pss\Free Music Zilla.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DECOLOGIE^Menu Démarrer^Programmes^Démarrage^LimeWire On Startup.lnk]
path=c:\documents and settings\DECOLOGIE\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 00:12 483328 ------w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ------w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-03 13:18 94208 ------w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 05:33 1630208 ------w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-01-13 06:37 18084864 ------w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-20 20:01 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10188:TCP"= 10188:TCP:BitComet 10188 TCP
"10188:UDP"= 10188:UDP:BitComet 10188 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 19:41 33808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1101000.013\SymDS.sys [30/12/2009 22:40 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1101000.013\SymEFA.sys [30/12/2009 22:40 171056]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [05/12/2009 05:54 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1101000.013\cchpx86.sys [30/12/2009 22:40 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1101000.013\Ironx86.sys [30/12/2009 22:40 114736]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [30/12/2009 22:40 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/12/2009 22:45 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [30/12/2009 22:45 329592]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 16:46 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 19:59 19472]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\documents and settings\DECOLOGIE\Application Data\Mozilla\Firefox\Profiles\1ixn9ov9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\DECOLOGIE\Application Data\Mozilla\Firefox\Profiles\1ixn9ov9.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-4640d04724 - c:\windows\System32\diskcopy32.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 03:10
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Adobe LM Service]
"ImagePath"="\"c:\program files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Apple Mobile Device]
"ImagePath"="\"c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AVP]
"ImagePath"="\"c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe\" -r"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BHDrvx86]
"ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme]
"ImagePath"="\??\c:\docume~1\DECOLO~1\LOCALS~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccHP]
"ImagePath"="\SystemRoot\system32\drivers\NIS\1101000.013\ccHPx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EagleNT]
"ImagePath"="\??\c:\windows\system32\drivers\EagleNT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eeCtrl]
"ImagePath"="\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EraserUtilRebootDrv]
"ImagePath"="\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv]
"ImagePath"="\??\c:\windows\gdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GMSIPCI]
"ImagePath"="\??\d:\install\GMSIPCI.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDSxpx86]
"ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSxpx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\InCDFs]
"ImagePath"="system32\drivers\InCDFs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\InCDPass]
"ImagePath"="system32\drivers\InCDPass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\InCDRm]
"ImagePath"="system32\drivers\InCDRm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kl1]
"ImagePath"="system32\drivers\kl1.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\klbg]
"ImagePath"="system32\drivers\klbg.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KLIF]
"ImagePath"="system32\DRIVERS\klif.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\klim5]
"ImagePath"="system32\DRIVERS\klim5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\klmouflt]
"ImagePath"="system32\DRIVERS\klmouflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MDM]
"ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVENG]
"ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\NAVENG.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAVEX15]
"ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091231.041\NAVEX15.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ODBC]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\odserv]
"ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ose]
"ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pavboot]
"ImagePath"="system32\drivers\pavboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system3
0
Réponse 8 / 21
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
salut
0
Réponse 9 / 21
sana
 
Heu ^^' c'est fini ou bien il y a d'autre étape?

Ma connection est déjà beaucoup mieux ^^ mais si il y 'a des truc à arranger ...

Et Merci Beaucoup de ton aide.
0
Réponse 10 / 21
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut


Ton rapport(log.txt) n'est pas complet, utilise cjoint.com pour poster en lien ton rapport :
https://www.cjoint.com/


@++ :)
0
Réponse 11 / 21
sana
 
Alors voila le lien

https://www.cjoint.com/?bcenFURSF5
0
Réponse 12 / 21
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut sana


- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en gras ci-dessous dans le Bloc-Notes :

KillAll::

File::
C:\confin.sys
c:\windows\system32\DivX32.dll

Folder::
c:\windows\system32\SysWoW32

- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes

Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

http://free0.hiboox.com/images/2409/9126d3b136f7db9ab6242ad715b44296.gif

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


@++ :)
0
Réponse 13 / 21
sana
 
Re,

Alors voici le nouveau scan:
https://www.cjoint.com/?bce2h6IcsW
0
Réponse 14 / 21
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut sana


Mettre MalwareByte's Anti-Malware à jour

---

- Redémarre en mode sans échec :

Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

---

- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur OK

- Si MalwareByte's n'a rien détecté, clique sur OK Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur OK

Tutoriel pour MalwareByte's ici :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/


@++ :)
0
Réponse 15 / 21
sana
 
C'est bien noté, je le ferai demain a la première heure =x

je vais dodo pour le moment,

Merci de ta précieuse aide +
0
Réponse 16 / 21
sana
 
Salut,
Voila j'ai fait le scan mais sa m'a mis 4 autre trojan que j'ai effacé voila le rapport :

https://www.cjoint.com/?bcx5ghGrWA
0
Réponse 17 / 21
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut sana


Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :

https://www.eset.com/int/home/online-scanner/

(coche toutes les cases à chaque fois)
A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt


@++ :)
0
Réponse 18 / 21
sana
 
https://www.cjoint.com/?bddPGqzG8L

Voila le lien apres le scan de NO32 qui a duré très longtemp et que j'ai du relancer 2 fois
0
Réponse 19 / 21
dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
 
Salut sana


Ton dernier rapport est propre, as-tu d'autre souci?


@++ :)
0
Réponse 20 / 21
sana
 
Si tu me dit que c'est propre alors non je n'ai plus de soucis ^^.

Merci encore de ta précieuse aide.

A bientot. et Bonne année
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses