Sujet Précédent Sujet Suivant

TR/Downloader.Gen

Résolu
Light-Yagami Messages postés 155 Statut Membre -  
Light-Yagami Messages postés 155 Statut Membre -
Bonjour, j'ai une saloprie qui revient tout le temps

TR/Downloader.Gen

j'ai avira antivir et à chaque demarrage de mon pc il me demande ce q'u il doit faire du trojan !! je dis acces denied et il revient

que faire svp ???????

Avira AntiVir Personal
Report file date: dimanche 16 novembre 2008 23:57

Scanning for 1036369 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:45:20
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 9/11/2008 10:45:21
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 20:26:33
ANTIVIR3.VDF : 7.1.0.90 2048 Bytes 16/11/2008 20:26:34
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 16/11/2008 10:45:30
AESCN.DLL : 8.1.1.5 123251 Bytes 16/11/2008 10:45:30
AERDL.DLL : 8.1.1.3 438645 Bytes 16/11/2008 10:45:29
AEPACK.DLL : 8.1.3.4 393591 Bytes 16/11/2008 10:45:28
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 16/11/2008 10:45:27
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 16/11/2008 10:45:26
AEHELP.DLL : 8.1.1.3 119157 Bytes 16/11/2008 10:45:25
AEGEN.DLL : 8.1.1.0 319859 Bytes 16/11/2008 10:45:24
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 16/11/2008 10:45:24
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 9/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 16/11/2008 10:45:23
AVREG.DLL : 8.0.0.1 33537 Bytes 9/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 16 novembre 2008 23:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'Azureus.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nTuneService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'VistaStartMenu.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'comrepl.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '35' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD Western Digital>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: lundi 17 novembre 2008 00:59
Used time: 1:02:15 Hour(s)

The scan has been done completely.

18125 Scanning directories
356005 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
356003 Files not concerned
1862 Archives were scanned
2 Warnings
0 Notes

97 réponses

Précédent
Réponse 41 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
ComboFix 08-11-20.02 - Kira 2008-11-21 18:18:38.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2258 [GMT 1:00]
Lancé depuis: c:\users\Kira\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-21 au 2008-11-21 ))))))))))))))))))))))))))))))))))))
.

2099-11-11 20:58 . 2008-03-03 15:06 279,440 --a------ c:\windows\System32\drivers\~GLH0014.TMP
2099-11-11 20:58 . 2099-11-11 20:58 5,571 --a------ c:\windows\System32\vsconfig.xml
2008-11-21 13:27 . 2008-10-20 18:04 81,920 --a------ c:\windows\System32\drivers\mqtgsvc.exe
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\users\Kira\AppData\Roaming\Malwarebytes
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\programdata\Malwarebytes
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-19 23:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-19 23:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-19 12:43 . 2008-11-19 17:57 <REP> d-------- C:\ToolBar SD
2008-11-18 01:59 . 2008-11-18 01:59 <REP> d-------- c:\program files\Capcom
2008-11-18 01:15 . 2008-11-18 01:15 <REP> d-------- c:\program files\DivX
2008-11-18 00:28 . 2008-11-18 00:28 <REP> d-------- c:\program files\Java
2008-11-17 20:12 . 2008-11-17 20:13 <REP> d-------- C:\rsit
2008-11-17 18:37 . 2008-10-20 18:04 81,920 --a------ c:\windows\cmstp.exe
2008-11-17 18:18 . 2008-11-17 18:18 319 --a------ c:\windows\game.ini
2008-11-17 16:06 . 2008-11-17 16:06 <REP> d-------- c:\program files\Eidos
2008-11-17 06:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-17 06:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-17 06:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-17 06:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-17 06:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-17 06:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-17 06:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-17 06:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-17 06:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 13:22 . 2008-11-19 07:36 <REP> d-------- c:\users\Kira\PROGRAMMES COMPLETS
2008-11-16 13:03 . 2008-11-19 07:34 <REP> d-------- c:\users\Kira\AppData\Roaming\Micro Application
2008-11-16 11:43 . 2008-11-16 11:43 <REP> d-------- c:\users\All Users\Avira
2008-11-16 11:43 . 2008-11-16 11:43 <REP> d-------- c:\programdata\Avira
2008-11-16 11:43 . 2008-11-16 11:43 <REP> d-------- c:\program files\Avira
2008-11-16 11:14 . 2008-11-21 17:54 65,536 --------- c:\windows\System32\Ikeext.etl
2008-11-16 08:39 . 2008-11-16 08:39 <REP> d-------- c:\program files\Hamachi
2008-11-15 22:21 . 2008-11-15 22:21 17,480 --a------ c:\windows\System32\drivers\hamachi.sys
2008-11-15 17:35 . 2008-11-15 17:35 <REP> d-------- c:\windows\System32\Service
2008-11-15 11:57 . 2008-11-20 20:29 <REP> d-------- c:\program files\Piratrax
2008-11-15 11:55 . 2008-11-15 11:55 <REP> d--hs---- C:\$RECYCLE.BIN
2008-11-13 22:09 . 2008-11-13 22:10 <REP> d-------- c:\program files\Vuze
2008-11-13 18:24 . 2008-11-13 18:24 355,584 --a------ c:\windows\System32\TuneUpDefragService.exe
2008-11-13 18:24 . 2008-05-29 09:28 28,416 --a------ c:\windows\System32\uxtuneup.dll
2008-11-13 18:24 . 2008-05-29 09:28 16,640 --a------ c:\windows\System32\authuitu.dll
2008-11-13 18:23 . 2008-11-13 18:24 <REP> d-------- c:\program files\TuneUp Utilities 2008
2008-11-13 18:05 . 2008-11-13 18:11 <REP> d-------- c:\program files\Glary Utilities
2008-11-13 16:52 . 2008-11-13 16:52 <REP> d-------- c:\users\Kira\AppData\Roaming\SystemRequirementsLab
2008-11-13 16:52 . 2008-11-13 16:52 <REP> d-------- c:\program files\SystemRequirementsLab
2008-11-13 07:48 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2008-11-13 07:48 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2008-11-13 07:48 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2008-11-13 07:48 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2008-11-13 07:48 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2008-11-13 07:48 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2008-11-13 07:48 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2008-11-12 21:38 . 2008-11-12 21:38 <REP> d-------- c:\users\Kira\AppData\Roaming\Uniblue
2008-11-12 08:25 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 08:25 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 08:25 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 13:15 . 2008-11-13 17:56 <REP> d-------- c:\program files\VS Revo Group
2008-11-11 10:19 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-11 10:19 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-11-11 09:14 . 2008-11-11 09:14 <REP> d-------- C:\Intel
2008-11-10 21:25 . 2008-11-10 21:25 <REP> d-------- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2008-11-10 19:59 . 2008-11-10 19:59 <REP> d-------- c:\users\Kira\AppData\Roaming\FlashGet
2008-11-10 01:46 . 2008-11-16 11:41 <REP> d-------- c:\program files\Trend Micro
2008-11-08 20:50 . 2008-11-08 20:50 7 --a------ c:\windows\sbacknt.bin
2008-11-08 19:38 . 2008-11-15 11:56 <REP> d-------- C:\Fraps
2008-11-08 16:08 . 2008-11-08 16:08 65,536 --------- c:\windows\SPInstall.etl
2008-11-08 15:30 . 2008-11-08 15:30 <REP> d-------- c:\users\Kira\AppData\Roaming\Avanquest
2008-11-08 15:30 . 2008-11-08 15:30 <REP> d-------- c:\users\All Users\Avanquest
2008-11-08 15:30 . 2008-11-08 15:30 <REP> d-------- c:\programdata\Avanquest
2008-11-08 13:23 . 2008-11-08 13:23 <REP> d-------- c:\users\Kira\AppData\Roaming\RTPlayer
2008-11-08 13:06 . 2008-11-08 13:07 <REP> d-------- c:\users\All Users\RapidSolution
2008-11-08 13:06 . 2008-11-08 13:07 <REP> d-------- c:\programdata\RapidSolution
2008-11-08 12:15 . 2008-11-08 12:15 <REP> d-------- c:\users\All Users\BVRP Software
2008-11-08 12:15 . 2008-11-08 12:15 <REP> d-------- c:\programdata\BVRP Software
2008-11-08 12:14 . 2008-11-08 12:14 <REP> dr-hs---- C:\_Backup.RC
2008-11-08 12:14 . 2008-11-08 20:36 <REP> d--h----- C:\_Backup
2008-11-08 12:13 . 2008-11-08 12:13 <REP> d-------- c:\users\Kira\AppData\Roaming\VCOM
2008-11-08 12:13 . 2008-11-08 12:13 <REP> d-------- c:\users\All Users\VCOM
2008-11-08 12:13 . 2008-11-08 12:13 <REP> d-------- c:\programdata\VCOM
2008-11-08 12:12 . 2008-11-08 12:12 <REP> d-------- c:\program files\VCOM
2008-11-04 17:24 . 2008-11-04 17:24 56 --ah----- c:\windows\System32\ezsidmv.dat
2008-11-04 16:42 . 2008-11-04 16:42 40 --a------ c:\windows\TSC.INI
2008-11-04 14:46 . 2008-11-18 00:29 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-04 07:57 . 2008-11-19 12:53 <REP> d-------- c:\users\Kira\.housecall6.6
2008-11-04 07:53 . 2008-11-04 07:53 507,904 --a------ c:\windows\TMUPDATE.DLL
2008-11-04 07:53 . 2008-11-04 07:53 286,720 --a------ c:\windows\PATCH.EXE
2008-11-04 07:53 . 2008-11-04 07:53 69,689 --a------ c:\windows\UNZIP.DLL
2008-11-01 09:01 . 2008-11-01 09:01 <REP> d-------- c:\users\Kira\AppData\Roaming\Activision
2008-11-01 09:01 . 2008-11-01 09:01 <REP> d-------- c:\users\All Users\Activision
2008-11-01 09:01 . 2008-11-01 09:01 <REP> d-------- c:\programdata\Activision
2008-10-30 17:03 . 2008-10-30 17:03 850 --a------ c:\windows\System32\ProductTweaks.xml
2008-10-30 17:03 . 2008-10-30 17:03 385 --a------ c:\windows\System32\user_gensett.xml
2008-10-30 17:00 . 2008-10-30 17:00 <REP> d-------- c:\windows\System32\logs
2008-10-30 16:58 . 2008-11-02 23:14 <REP> d-------- c:\program files\Common Files\BitDefender
2008-10-30 08:12 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2008-10-30 08:12 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2008-10-30 08:12 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2008-10-30 08:12 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2008-10-30 08:12 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2008-10-30 08:12 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2008-10-30 08:12 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2008-10-30 08:11 . 2008-10-30 08:11 <REP> d-------- c:\windows\System32\xlive
2008-10-29 23:14 . 2008-11-20 20:29 <REP> d-------- c:\users\Kira\AppData\Roaming\Vista Start Menu
2008-10-29 23:14 . 2008-10-29 23:14 <REP> d-------- c:\program files\Vista Start Menu
2008-10-29 12:13 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx07.dll
2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll
2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\System32\divx_xx11.dll
2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:\windows\System32\divxdec.ax
2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:\windows\System32\DivX.dll
2008-10-26 11:22 . 2008-10-26 11:22 <REP> d-------- c:\program files\MagicISO
2008-10-26 09:03 . 2008-10-26 09:03 <REP> d-------- c:\users\Kira\AppData\Roaming\Capcom
2008-10-25 21:43 . 2008-10-25 21:43 <REP> d-------- c:\program files\Futuremark
2008-10-25 20:56 . 2008-10-25 23:42 <REP> d-------- c:\users\Kira\AppData\Roaming\GetRight
2008-10-25 20:18 . 2008-07-10 03:07 7,143 --a------ c:\windows\System32\nvide.nvu
2008-10-25 20:01 . 2008-11-18 00:47 <REP> d-------- c:\users\All Users\ma-config.com
2008-10-25 20:01 . 2008-11-18 00:47 <REP> d-------- c:\programdata\ma-config.com
2008-10-25 20:01 . 2008-11-18 00:47 <REP> d-------- c:\program files\ma-config.com
2008-10-24 06:45 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-24 06:45 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-24 06:45 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-24 06:45 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-24 06:45 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-22 16:28 . 2008-10-22 16:30 <REP> d-------- c:\users\Kira\AppData\Roaming\NewsLeecher

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 07:22 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-21 06:43 --------- d-----w c:\users\Kira\AppData\Roaming\Azureus
2008-11-20 22:34 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 22:34 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-20 21:13 --------- d-----w c:\users\Kira\AppData\Roaming\Skype
2008-11-20 19:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-20 17:32 --------- d-----w c:\users\Kira\AppData\Roaming\skypePM
2008-11-20 06:33 --------- d-----w c:\users\Kira\AppData\Roaming\Desktopicon
2008-11-18 08:47 22,328 ----a-w c:\users\Kira\AppData\Roaming\PnkBstrK.sys
2008-11-18 08:46 682,280 ----a-w c:\windows\System32\pbsvc.exe
2008-11-18 08:46 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-11-18 08:22 --------- d-----w c:\program files\Activision
2008-11-18 01:58 --------- d---a-w c:\programdata\TEMP
2008-11-18 00:40 --------- d-----w c:\programdata\Apple Computer
2008-11-17 23:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 15:18 --------- d-----w c:\programdata\Media Center Programs
2008-11-16 12:36 --------- d-----w c:\program files\THQ
2008-11-16 10:08 --------- d-----w c:\users\Kira\AppData\Roaming\Hamachi
2008-11-14 22:49 --------- d-----w c:\programdata\NVIDIA
2008-11-13 18:32 --------- d-----w c:\programdata\Lavasoft
2008-11-13 18:31 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-12 21:49 --------- d-----w c:\program files\Windows Mail
2008-11-12 21:48 --------- d-----w c:\program files\NVIDIA Corporation
2008-11-12 20:38 --------- d-----w c:\users\Kira\AppData\Roaming\DNA
2008-11-12 07:38 --------- d-----w c:\users\Kira\AppData\Roaming\vghd
2008-11-08 19:49 152,904 ----a-w c:\windows\System32\vghd.scr
2008-11-06 06:45 --------- dc-h--w c:\programdata\~0
2008-11-01 22:55 --------- d-----w c:\program files\Yahoo!
2008-10-30 16:40 --------- d-----w c:\program files\GameSpy Arcade
2008-10-26 10:47 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-25 20:43 86,016 ----a-w c:\windows\System32\OpenAL32.dll
2008-10-25 20:01 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-10-25 19:39 --------- d-----w c:\program files\AGEIA Technologies
2008-10-23 21:19 --------- d-----w c:\program files\Electronic Arts
2008-10-22 16:18 --------- d-----w c:\program files\Ubisoft
2008-10-22 14:55 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-10-20 17:04 81,920 ----a-w c:\users\Kira\AppData\Roaming\esentutl.exe
2008-10-20 06:23 --------- d-----w c:\programdata\THQ
2008-10-20 06:08 --------- d-----w c:\program files\Tomb Raider - Legend
2008-10-19 11:41 15,872 ------w c:\windows\System32\winskfr.dll
2008-10-19 11:36 --------- d-----w c:\programdata\eMule
2008-10-19 11:35 --------- d-----w c:\program files\eMule
2008-10-16 23:00 --------- d-----w c:\users\Kira\AppData\Roaming\OpenOffice.org
2008-10-16 16:21 --------- d-----w c:\users\Kira\AppData\Roaming\Microsoft Games
2008-10-16 15:31 --------- d-----w c:\program files\Microsoft Games
2008-10-15 10:31 --------- d-----w c:\program files\City Interactive
2008-10-13 07:56 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
2008-10-13 05:54 --------- d-----w c:\program files\OpenAL
2008-10-12 20:58 --------- d-----w c:\users\Kira\AppData\Roaming\Pro Cycling Manager 2008
2008-10-12 13:50 --------- d-----w c:\program files\OpenOffice.org 3
2008-10-12 13:49 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-12 13:44 --------- d-----w c:\programdata\Skype
2008-10-12 13:44 --------- d-----w c:\program files\Common Files\Skype
2008-10-12 13:44 --------- d-----r c:\program files\Skype
2008-10-12 13:35 --------- d-----w c:\users\Kira\AppData\Roaming\KC Softwares
2008-10-12 06:33 304,528 ----a-w c:\windows\System32\appdrvrem01.exe
2008-10-12 06:33 3,468,904 ----a-w c:\windows\system32\drivers\appdrv01.sys
2008-10-12 05:07 --------- d-----w c:\users\Kira\AppData\Roaming\OpenOffice.org2
2008-10-12 04:32 --------- d-----w c:\program files\Cyanide
2008-10-11 16:05 --------- d-----w c:\program files\FIFA 09
2008-10-11 07:31 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-09 21:52 --------- d-----w c:\programdata\Azureus
2008-10-09 21:44 --------- d-----w c:\users\Kira\AppData\Roaming\teamspeak2
2008-10-09 21:42 --------- d-----w c:\program files\Windows Live
2008-10-09 21:41 --------- d-----w c:\program files\Microsoft
2008-10-09 21:38 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-09 21:24 --------- d-----w c:\programdata\LookMyPC
2008-10-08 21:01 --------- d-----w c:\program files\NVIDIA nTune Performance Application
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelTraditionalChinese.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelSwedish.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelSpanish.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelSimplifiedChinese.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelPortugese.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelKorean.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelJapanese.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelGerman.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelFrench.dll
2008-10-07 07:13 288,024 ----a-w c:\windows\System32\PhysXCplUI.exe
2008-10-07 07:13 288,024 ----a-w c:\windows\System32\PhysXCompatCplUI.exe
2008-10-07 07:13 23,320 ----a-w c:\windows\System32\PhysXDevice.dll
2008-10-04 19:47 --------- d-----w c:\programdata\SymplisIT
2008-10-04 19:42 --------- d-----w c:\users\Kira\AppData\Roaming\ESTsoft
2008-10-04 19:42 --------- d-----w c:\program files\ESTsoft
2008-10-04 14:13 --------- d-----w c:\programdata\Symantec
2008-10-04 13:36 --------- d-----w c:\users\Kira\AppData\Roaming\PCToolsFirewallPlus
2008-10-04 13:12 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-04 12:36 --------- d-----w c:\users\Kira\AppData\Roaming\GetRightToGo
2008-10-04 10:47 --------- d-----w c:\programdata\CheckPoint
2008-10-04 10:02 --------- d-----w c:\users\Kira\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-04 06:29 --------- d-----w c:\users\Kira\AppData\Roaming\Pro Cycling Manager 2007
2008-10-03 19:14 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-03 17:08 --------- d-----w c:\programdata\Apple
2008-10-03 17:08 --------- d-----w c:\program files\Apple Software Update
2008-10-03 16:55 --------- d-----w c:\program files\Common Files\Adobe
2008-10-03 16:54 --------- d-----w c:\programdata\NOS
2008-10-03 16:36 --------- d-----w c:\program files\NOS
2008-10-02 23:46 81,920 ----a-w c:\windows\System32\frapsvid.dll
2008-10-01 17:32 --------- d-----w c:\users\Kira\AppData\Roaming\Leadertech
2008-09-30 15:47 --------- d-----w c:\users\Kira\AppData\Roaming\TeamViewer
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2008-10-08 2145792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-23 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-23 92704]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-18 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"="c:\users\Kira\AppData\Roaming\MICROS~1\comrepl.exe" [2008-10-20 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="c:\windows\cmstp.exe" [2008-10-20 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MqtgSVC"="c:\windows\System32\drivers\mqtgsvc.exe" [2008-10-20 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\users\Kira\AppData\Roaming\MICROS~1\cmstp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3DAC8051-29D5-4F8E-8423-9ED9689558CA}"= UDP:c:\program files\Midway Games\BlackSite\Binaries\BlackSite.exe:Blacksite Area 51
"{386D2038-8116-4E4A-96CB-962CA89200F8}"= TCP:c:\program files\Midway Games\BlackSite\Binaries\BlackSite.exe:Blacksite Area 51
"TCP Query User{DBFA6D53-432E-4F73-991A-75F22D88D401}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{9976211F-DE07-401C-878E-2EE5D8951283}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2DC2CF80-F6DE-4339-B587-F9BC3EA722DB}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{6B0772E5-FFBE-41C0-BA98-F3C7A42BC30A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{9D96E382-762C-405F-B90B-37B281580A1C}c:\\users\\kira\\program files\\dna\\btdna.exe"= UDP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CA4665A2-5FB0-4583-A135-455AB1AD42AE}c:\\users\\kira\\program files\\dna\\btdna.exe"= TCP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"TCP Query User{3FDB0094-150D-4F61-9CCB-C6D444799493}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{0A7A163E-DE10-4041-A697-38A417B6AFC8}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{B896ED7F-C996-4A2C-BE31-3C61A0F401D8}c:\\users\\kira\\program files\\dna\\btdna.exe"= UDP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5B56DB5E-6C79-4B67-8BFC-D80890F73205}c:\\users\\kira\\program files\\dna\\btdna.exe"= TCP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"{79D50BE3-2094-437E-BB67-094F160C9983}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{858A84C7-EED9-46AF-9551-739FD8C9127E}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{87D95160-F0E9-4938-925B-FC1BF628F934}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4BF9162D-D3C7-47A3-A61F-A3E773202FCE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1029986B-C769-42AC-94C6-4AD8A28F5B7B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C6672546-A206-4396-933E-EDF22C48D4E6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{886396D6-CD2F-4600-95E9-A0707A1B3E3A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{505CA8C1-FBC5-4291-9C7C-DBCEFA617338}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E0F4DE70-CDEA-44BF-B5F1-05A3C7AE3E78}c:\\program files\\thq\\motogp 2007\\motogp.exe"= UDP:c:\program files\thq\motogp 2007\motogp.exe:motogp
"UDP Query User{B44CA411-F0A2-46E1-9E7D-D154E342E026}c:\\program files\\thq\\motogp 2007\\motogp.exe"= TCP:c:\program files\thq\motogp 2007\motogp.exe:motogp
"TCP Query User{D26BDBF9-6796-4A1C-AA0A-68EB400F8146}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= Disabled:UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{C7DD501B-A3B7-45A5-98D1-161582164F6B}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= Disabled:TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{28A28131-A83C-4D8D-AD52-0592B3364A68}c:\\users\\kira\\downloads\\[pc] pro evolution soccer 2008 [eng] [dopeman]\\pro evolution soccer 2008\\pes2008.exe"= Disabled:UDP:c:\users\kira\downloads\[pc] pro evolution soccer 2008 [eng] [dopeman]\pro evolution soccer 2008\pes2008.exe:pes2008.exe
"UDP Query User{041E6705-01C9-4CB1-BCB9-6056DB7FFF11}c:\\users\\kira\\downloads\\[pc] pro evolution soccer 2008 [eng] [dopeman]\\pro evolution soccer 2008\\pes2008.exe"= Disabled:TCP:c:\users\kira\downloads\[pc] pro evolution soccer 2008 [eng] [dopeman]\pro evolution soccer 2008\pes2008.exe:pes2008.exe
"TCP Query User{975C9B39-D553-439C-A07C-3D28E6A95690}c:\\program files\\test drive\\testdriveunlimited.exe"= Disabled:UDP:c:\program files\test drive\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{A79433B7-43E9-42E2-A4A7-C04288A40BCA}c:\\program files\\test drive\\testdriveunlimited.exe"= Disabled:TCP:c:\program files\test drive\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{E2596F1C-9AF5-425B-949D-7B2E93EEDAE1}c:\\users\\kira\\downloads\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= Disabled:UDP:c:\users\kira\downloads\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{2C47CDED-27E7-4747-B15B-CFAFB0387F5E}c:\\users\\kira\\downloads\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= Disabled:TCP:c:\users\kira\downloads\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{EE46C2EB-107C-4ACD-8DFC-C84C3B997148}c:\\downloads\\pure\\pure.exe"= UDP:c:\downloads\pure\pure.exe:Pure
"UDP Query User{A1A99B27-A07B-4709-A85D-6ED658598A89}c:\\downloads\\pure\\pure.exe"= TCP:c:\downloads\pure\pure.exe:Pure
"TCP Query User{6E61BA7C-E927-4457-BC95-4844189D8972}c:\\users\\kira\\temp\\teamviewer3\\teamviewer.exe"= UDP:c:\users\kira\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"UDP Query User{285FC2E2-507C-4010-9FFA-DBE6C9258137}c:\\users\\kira\\temp\\teamviewer3\\teamviewer.exe"= TCP:c:\users\kira\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"TCP Query User{8424F0F5-B81E-4602-8DB0-51D1F91D3E71}c:\\program files\\pure\\pure.exe"= UDP:c:\program files\pure\pure.exe:Pure
"UDP Query User{8FA20348-9A10-4613-ABEF-084D32E6ED04}c:\\program files\\pure\\pure.exe"= TCP:c:\program files\pure\pure.exe:Pure
"{D129AE45-C3A3-4BF5-B50E-F61B55B42A4C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{FE342F5E-9749-4B52-82A1-7B53869B943D}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= UDP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"UDP Query User{8B214BF3-B7F0-44BB-9E73-ACED25FEEF21}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= TCP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"{792DFF95-8470-47AC-8F47-A2BC6F067167}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{64393ABF-1EE9-4447-AA01-6C60413F6311}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{70E97436-85A2-4F38-ABE5-C675239DBDDA}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{60E3FF6B-9E51-4815-8C9E-F477DBD2D8D6}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{6525CD2D-227D-41E3-AE2F-430C9EB93D61}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D47C3ACC-3CD1-468F-B4D2-7310C0281DA7}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{C774582C-2469-4559-B62B-4890C72E45B3}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{021ACB04-07DD-4A45-BFE5-36160B4200F0}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"{C9711F92-5F9C-48CE-8D52-DB746D60F2F7}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe:Pro Cycling Manager - Season 2008
"{363251CD-080C-4952-85D0-AAFEB7BACE26}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe:Pro Cycling Manager - Season 2008
"{8F115632-6B17-4125-8272-A5F6DCFB29A8}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2008 - AutoRun
"{0AA30FD9-C022-4B55-B56B-9AF00D8AD979}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2008 - AutoRun
"TCP Query User{A15E98DB-AF3A-4EFA-B14E-02CBECB32C9A}c:\\program files\\thq\\dawn of war - dark crusade demo\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade demo\darkcrusade.exe:DarkCrusade
"UDP Query User{C7F83D13-E660-4DCC-82C3-E1C96CF0F8F9}c:\\program files\\thq\\dawn of war - dark crusade demo\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade demo\darkcrusade.exe:DarkCrusade
"{312D3FC8-BF38-49F9-9B5A-052F212BC456}"= UDP:c:\program files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{F1D2C56B-5B6D-4470-B0B0-5196E3B200F7}"= TCP:c:\program files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{A0183FAE-9CCB-4A00-B9B7-343549E29370}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{1EAB2C19-9895-40D6-A004-838D9A9C2AE1}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{3C08D2E5-363E-4638-9D65-0828548886F3}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{852B87D8-CB07-4E45-B65E-F85E34DD6DF8}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{705A31E6-4C68-4D63-A4F1-5246C9D48169}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{D9BE33C9-C112-444B-AF70-1BB2EB02032B}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"TCP Query User{0E64EF0F-E89D-4FAA-B285-DC99CE7767CF}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{592966EB-E00C-49AE-B4F5-871ED3A1A5F7}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"{69A74109-4CE3-4FF0-A6A1-BF0B6E3C5E2C}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{4C435405-22A5-4560-86C5-BE875D84D96C}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{14C9E2D4-68A3-4389-A0E3-AAC6D5B5ADF5}"= UDP:c:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace(TM)
"{1EEFFB94-60AB-423F-9401-BBB8080EC0A0}"= TCP:c:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace(TM)
"TCP Query User{FD851055-8A33-403A-A5B3-691093459C54}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{2259FD4B-05B5-4CA2-8662-089DDAFD5A5D}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer
"TCP Query User{714F0F29-2842-47F8-8275-3E772B31544F}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{939F1181-C87F-44B0-B292-5C010BAEED21}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{B5F33037-7932-4DF5-A7E9-816437DFEF40}c:\\program files\\mirc\\mirc.exe"= Disabled:UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{27E58189-DB07-47BB-8575-031D31E6B619}c:\\program files\\mirc\\mirc.exe"= Disabled:TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{190AA832-F2D3-4FB7-A481-2B58166FD6F7}c:\\users\\kira\\desktop\\pes 2009\\pes2009.exe"= Disabled:UDP:c:\users\kira\desktop\pes 2009\pes2009.exe:pes2009.exe
"UDP Query User{E4EECA24-21F5-439B-9905-62CC230C78F7}c:\\users\\kira\\desktop\\pes 2009\\pes2009.exe"= Disabled:TCP:c:\users\kira\desktop\pes 2009\pes2009.exe:pes2009.exe
"TCP Query User{2C105DC6-F389-45B3-B9A4-CD450BBB7DE5}c:\\program files\\mc2\\sniper elite\\sniperelite.exe"= Disabled:UDP:c:\program files\mc2\sniper elite\sniperelite.exe:SniperElite
"UDP Query User{A6091787-3623-454E-A004-2D57330099AC}c:\\program files\\mc2\\sniper elite\\sniperelite.exe"= Disabled:TCP:c:\program files\mc2\sniper elite\sniperelite.exe:SniperElite
"TCP Query User{740FD6B4-B819-4BFF-8572-FF1243B92579}c:\\program files\\timeshift\\bin\\timeshift.exe"= Disabled:UDP:c:\program files\timeshift\bin\timeshift.exe:TimeShift
"UDP Query User{CC09F86B-99B3-47FD-AF88-34B7D6EF24E5}c:\\program files\\timeshift\\bin\\timeshift.exe"= Disabled:TCP:c:\program files\timeshift\bin\timeshift.exe:TimeShift
"TCP Query User{4ABC1FDE-DAEB-4882-8EBB-913B5D7E99BB}c:\\ut2003demo\\system\\ut2003.exe"= Disabled:UDP:c:\ut2003demo\system\ut2003.exe:UT2003
"UDP Query User{9096F62F-A566-4AC2-93BC-46E00F1A5F99}c:\\ut2003demo\\system\\ut2003.exe"= Disabled:TCP:c:\ut2003demo\system\ut2003.exe:UT2003
"TCP Query User{F1B27B34-CA30-49D3-B3A3-6EDC2227D7B5}c:\\users\\kira\\downloads\\call.of.duty.world.at.war.full-rip.skullptura\\call of duty - world at war\\codwaw.exe"= UDP:c:\users\kira\downloads\call.of.duty.world.at.war.full-rip.skullptura\call of duty - world at war\codwaw.exe:codwaw.exe
"UDP Query User{F46C778A-B50C-46FE-B3F9-FA7437700F55}c:\\users\\kira\\downloads\\call.of.duty.world.at.war.full-rip.skullptura\\call of duty - world at war\\codwaw.exe"= TCP:c:\users\kira\downloads\call.of.duty.world.at.war.full-rip.skullptura\call of duty - world at war\codwaw.exe:codwaw.exe
"{6434E51E-6DBA-4113-BD80-BA5211617048}"= Disabled:UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{3B4AD44F-5D4B-4C33-83F9-DAA55D98E82E}"= Disabled:TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{A073E5C2-F729-4345-845F-AA268C3CCBA0}"= Disabled:UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{F7EB1B02-8165-4174-A502-4FEFF2640D6E}"= Disabled:TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{EAD1067F-9B59-4FED-9F59-D472DD817251}"= Disabled:UDP:c:\program files\SEGA\SEGA Rally\SEGA Rally.exe:SEGA Rally
"{A1D391C4-04FA-4106-9848-23D6F0BDC459}"= Disabled:TCP:c:\program files\SEGA\SEGA Rally\SEGA Rally.exe:SEGA Rally
"{C5DCE331-05ED-4C51-A01F-441716DC40BF}"= Disabled:UDP:c:\program files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:SEGA Rally
"{BDD2211F-C661-4567-A8F6-9CFD38EA9AC9}"= Disabled:TCP:c:\program files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:SEGA Rally
"TCP Query User{790CBFB2-CF4C-4F5B-B1B5-3876849189C4}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{B86E4C40-8C55-4FD5-A1C0-50BB348865B0}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{B433C55A-4133-468B-861E-8ABC5CE99353}c:\\program files\\electronic arts\\eadm\\core.exe"= Disabled:UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{214862FA-5A1A-4F39-A140-8DFFE19BD563}c:\\program files\\electronic arts\\eadm\\core.exe"= Disabled:TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{973841E0-28CE-4078-BCF9-B9BD301E061B}c:\\users\\kira\\downloads\\call of duty 4 modern warfare full-rip skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= Disabled:UDP:c:\users\kira\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{5E398CF3-1DBC-433B-BC79-761E10FED140}c:\\users\\kira\\downloads\\call of duty 4 modern warfare full-rip skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= Disabled:TCP:c:\users\kira\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{7975767E-963D-4731-BE2E-7C1041526150}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.4.exe"= Disabled:UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.4.exe:iw3mpHAMACHI 1.4
"UDP Query User{68151968-94FB-45FF-BCED-B6CE6B22584A}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.4.exe"= Disabled:TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.4.exe:iw3mpHAMACHI 1.4
"TCP Query User{A0887762-3F95-41DF-84D6-A02D556E4DD4}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.7.exe"= Disabled:UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.7.exe:iw3mpHAMACHI 1.7
"UDP Query User{C2E3787C-DB9F-471D-A9DF-98A63ED6AAE1}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.7.exe"= Disabled:TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.7.exe:iw3mpHAMACHI 1.7
"TCP Query User{54CA1F91-7AC2-49E5-935F-BE2ED72352AB}c:\\users\\kira\\downloads\\lookmypc.exe"= Disabled:UDP:c:\users\kira\downloads\lookmypc.exe:lookmypc.exe
"UDP Query User{4BAC6530-B25A-459C-88B2-2730A3F73F49}c:\\users\\kira\\downloads\\lookmypc.exe"= Disabled:TCP:c:\users\kira\downloads\lookmypc.exe:lookmypc.exe
"TCP Query User{FE4741BA-F98A-48D5-BE0F-11915B33E8C5}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{9020187E-C2E6-4FDE-95CA-A52CBD19DB22}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{F1A89689-2492-47A4-8B51-BCB3C2584D7C}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"UDP Query User{73E4C7B6-F641-4ECF-8706-351E7D9CF6CE}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"TCP Query User{7A7EBAF9-C51C-4469-861A-6FB7F4DFB858}c:\\program files\\activision\\call of duty 4 - modern warfare\\call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170.exe:call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170
"UDP Query User{98D21E17-125B-4507-864A-A5C5E9945211}c:\\program files\\activision\\call of duty 4 - modern warfare\\call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170.exe:call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170
"{7FE57726-9302-4C5E-8FB1-3E7FE3FA9576}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{65438E2E-D038-4660-BA2F-B7FC43366A8C}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{6FD48C82-7465-4314-897C-428D0162306E}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{EB778DEA-9FBA-4F5B-9C3A-2E33A696B619}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{F0548D3E-99A3-45BA-AC54-F099D30A1DEF}"= UDP:c:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{1DDC9DCC-982A-4B65-BCBF-2DCFB1667F38}"= TCP:c:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{58609DE1-917A-434A-AD33-9A40389B2F49}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{61C22675-9760-41B2-9228-EA89CF87F78C}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{29127D27-D468-41BA-8FB8-720233CCFB6B}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{C9613C40-379B-414A-BEA6-83996862CA43}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{586505BD-30E1-4E64-84BE-CE67CACF528D}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{3FA41585-C8DC-44A9-BE82-9F80B10B0D76}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2008-07-25 212008]
R1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2008-10-12 3468904]
R1 ElRawDisk;ElRawDisk;\??\c:\windows\system32\drivers\elrawdsk.sys [2008-09-20 12800]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2008-08-21 21504]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-03 33752]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-17 195752]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-13 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028419dd-7f69-11dd-b528-0019db6da610}]
\shell\AutoRun\command - e:\setup\rsrc\Autorun.exe
\shell\dinstall\command - e:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93f4515f-7d07-11dd-9dd4-0019db6da610}]
\shell\AutoRun\command - e:\setup\rsrc\Autorun.exe
\shell\dinstall\command - e:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a06607fb-79ea-11dd-b037-0019db6da610}]
\shell\AutoRun\command - E:\FrameworkCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d94c48ab-6fce-11dd-8b91-0019db6da610}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-11-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 17:58]

2008-11-21 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Kira\AppData\Roaming\Mozilla\Firefox\Profiles\a28i2wlz.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\users\Kira\AppData\Roaming\Mozilla\Firefox\Profiles\a28i2wlz.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - c:\users\Kira\AppData\Roaming\Mozilla\Firefox\Profiles\a28i2wlz.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - c:\users\Kira\Program Files\DNA\plugins\npbtdna.dll
.
.
------- Associations de fichier -------
.
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 18:23:32
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-21 18:24:50
ComboFix-quarantined-files.txt 2008-11-21 17:24:47

Avant-CF: 111.712.104.448 octets libres
Après-CF: 111,747,432,448 octets libres

458 --- E O F --- 2008-11-20 18:25:50

voila :)

??? :(
0
Réponse 42 / 97
totobetourne Messages postés 5677 Statut Membre 65
 
/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )

Files::
c:\windows\cmstp.exe
c:\windows\System32\drivers\mqtgsvc.exe

Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 43 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
bizarement je n'ai pas eu à choisir 1 ou 2 comme demander ,il à démarré de suite ... (??)
enfin le voici:

ComboFix 08-11-20.02 - Kira 2008-11-21 19:08:42.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2175 [GMT 1:00]
Lancé depuis: c:\users\Kira\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Kira\Documents\CFScript.txt..txt
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-21 au 2008-11-21 ))))))))))))))))))))))))))))))))))))
.

2099-11-11 20:58 . 2008-03-03 15:06 279,440 --a------ c:\windows\System32\drivers\~GLH0014.TMP
2099-11-11 20:58 . 2099-11-11 20:58 5,571 --a------ c:\windows\System32\vsconfig.xml
2008-11-21 13:27 . 2008-10-20 18:04 81,920 --a------ c:\windows\System32\drivers\mqtgsvc.exe
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\users\Kira\AppData\Roaming\Malwarebytes
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\programdata\Malwarebytes
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-19 23:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-19 23:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-19 12:43 . 2008-11-19 17:57 <REP> d-------- C:\ToolBar SD
2008-11-18 01:59 . 2008-11-18 01:59 <REP> d-------- c:\program files\Capcom
2008-11-18 01:15 . 2008-11-18 01:15 <REP> d-------- c:\program files\DivX
2008-11-18 00:28 . 2008-11-18 00:28 <REP> d-------- c:\program files\Java
2008-11-17 20:12 . 2008-11-17 20:13 <REP> d-------- C:\rsit
2008-11-17 18:37 . 2008-10-20 18:04 81,920 --a------ c:\windows\cmstp.exe
2008-11-17 18:18 . 2008-11-17 18:18 319 --a------ c:\windows\game.ini
2008-11-17 16:06 . 2008-11-17 16:06 <REP> d-------- c:\program files\Eidos
2008-11-17 06:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-17 06:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-17 06:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-17 06:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-17 06:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-17 06:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-17 06:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-17 06:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-17 06:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 13:22 . 2008-11-19 07:36 <REP> d-------- c:\users\Kira\PROGRAMMES COMPLETS
2008-11-16 13:03 . 2008-11-19 07:34 <REP> d-------- c:\users\Kira\AppData\Roaming\Micro Application
2008-11-16 11:43 . 2008-11-16 11:43 <REP> d-------- c:\users\All Users\Avira
2008-11-16 11:43 . 2008-11-16 11:43 <REP> d-------- c:\programdata\Avira
2008-11-16 11:43 . 2008-11-16 11:43 <REP> d-------- c:\program files\Avira
2008-11-16 11:14 . 2008-11-21 18:28 65,536 --------- c:\windows\System32\Ikeext.etl
2008-11-16 08:39 . 2008-11-16 08:39 <REP> d-------- c:\program files\Hamachi
2008-11-15 22:21 . 2008-11-15 22:21 17,480 --a------ c:\windows\System32\drivers\hamachi.sys
2008-11-15 17:35 . 2008-11-15 17:35 <REP> d-------- c:\windows\System32\Service
2008-11-15 11:57 . 2008-11-20 20:29 <REP> d-------- c:\program files\Piratrax
2008-11-15 11:55 . 2008-11-15 11:55 <REP> d--hs---- C:\$RECYCLE.BIN
2008-11-13 22:09 . 2008-11-13 22:10 <REP> d-------- c:\program files\Vuze
2008-11-13 18:24 . 2008-11-13 18:24 355,584 --a------ c:\windows\System32\TuneUpDefragService.exe
2008-11-13 18:24 . 2008-05-29 09:28 28,416 --a------ c:\windows\System32\uxtuneup.dll
2008-11-13 18:24 . 2008-05-29 09:28 16,640 --a------ c:\windows\System32\authuitu.dll
2008-11-13 18:23 . 2008-11-13 18:24 <REP> d-------- c:\program files\TuneUp Utilities 2008
2008-11-13 18:05 . 2008-11-13 18:11 <REP> d-------- c:\program files\Glary Utilities
2008-11-13 16:52 . 2008-11-13 16:52 <REP> d-------- c:\users\Kira\AppData\Roaming\SystemRequirementsLab
2008-11-13 16:52 . 2008-11-13 16:52 <REP> d-------- c:\program files\SystemRequirementsLab
2008-11-13 07:48 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2008-11-13 07:48 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2008-11-13 07:48 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2008-11-13 07:48 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2008-11-13 07:48 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2008-11-13 07:48 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2008-11-13 07:48 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2008-11-12 21:38 . 2008-11-12 21:38 <REP> d-------- c:\users\Kira\AppData\Roaming\Uniblue
2008-11-12 08:25 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 08:25 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 08:25 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 13:15 . 2008-11-13 17:56 <REP> d-------- c:\program files\VS Revo Group
2008-11-11 10:19 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-11 10:19 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-11-11 09:14 . 2008-11-11 09:14 <REP> d-------- C:\Intel
2008-11-10 21:25 . 2008-11-10 21:25 <REP> d-------- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2008-11-10 19:59 . 2008-11-10 19:59 <REP> d-------- c:\users\Kira\AppData\Roaming\FlashGet
2008-11-10 01:46 . 2008-11-16 11:41 <REP> d-------- c:\program files\Trend Micro
2008-11-08 20:50 . 2008-11-08 20:50 7 --a------ c:\windows\sbacknt.bin
2008-11-08 19:38 . 2008-11-15 11:56 <REP> d-------- C:\Fraps
2008-11-08 16:08 . 2008-11-08 16:08 65,536 --------- c:\windows\SPInstall.etl
2008-11-08 15:30 . 2008-11-08 15:30 <REP> d-------- c:\users\Kira\AppData\Roaming\Avanquest
2008-11-08 15:30 . 2008-11-08 15:30 <REP> d-------- c:\users\All Users\Avanquest
2008-11-08 15:30 . 2008-11-08 15:30 <REP> d-------- c:\programdata\Avanquest
2008-11-08 13:23 . 2008-11-08 13:23 <REP> d-------- c:\users\Kira\AppData\Roaming\RTPlayer
2008-11-08 13:06 . 2008-11-08 13:07 <REP> d-------- c:\users\All Users\RapidSolution
2008-11-08 13:06 . 2008-11-08 13:07 <REP> d-------- c:\programdata\RapidSolution
2008-11-08 12:15 . 2008-11-08 12:15 <REP> d-------- c:\users\All Users\BVRP Software
2008-11-08 12:15 . 2008-11-08 12:15 <REP> d-------- c:\programdata\BVRP Software
2008-11-08 12:14 . 2008-11-08 12:14 <REP> dr-hs---- C:\_Backup.RC
2008-11-08 12:14 . 2008-11-08 20:36 <REP> d--h----- C:\_Backup
2008-11-08 12:13 . 2008-11-08 12:13 <REP> d-------- c:\users\Kira\AppData\Roaming\VCOM
2008-11-08 12:13 . 2008-11-08 12:13 <REP> d-------- c:\users\All Users\VCOM
2008-11-08 12:13 . 2008-11-08 12:13 <REP> d-------- c:\programdata\VCOM
2008-11-08 12:12 . 2008-11-08 12:12 <REP> d-------- c:\program files\VCOM
2008-11-04 17:24 . 2008-11-04 17:24 56 --ah----- c:\windows\System32\ezsidmv.dat
2008-11-04 16:42 . 2008-11-04 16:42 40 --a------ c:\windows\TSC.INI
2008-11-04 14:46 . 2008-11-18 00:29 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-04 07:57 . 2008-11-19 12:53 <REP> d-------- c:\users\Kira\.housecall6.6
2008-11-04 07:53 . 2008-11-04 07:53 507,904 --a------ c:\windows\TMUPDATE.DLL
2008-11-04 07:53 . 2008-11-04 07:53 286,720 --a------ c:\windows\PATCH.EXE
2008-11-04 07:53 . 2008-11-04 07:53 69,689 --a------ c:\windows\UNZIP.DLL
2008-11-01 09:01 . 2008-11-01 09:01 <REP> d-------- c:\users\Kira\AppData\Roaming\Activision
2008-11-01 09:01 . 2008-11-01 09:01 <REP> d-------- c:\users\All Users\Activision
2008-11-01 09:01 . 2008-11-01 09:01 <REP> d-------- c:\programdata\Activision
2008-10-30 17:03 . 2008-10-30 17:03 850 --a------ c:\windows\System32\ProductTweaks.xml
2008-10-30 17:03 . 2008-10-30 17:03 385 --a------ c:\windows\System32\user_gensett.xml
2008-10-30 17:00 . 2008-10-30 17:00 <REP> d-------- c:\windows\System32\logs
2008-10-30 16:58 . 2008-11-02 23:14 <REP> d-------- c:\program files\Common Files\BitDefender
2008-10-30 08:12 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2008-10-30 08:12 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2008-10-30 08:12 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2008-10-30 08:12 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2008-10-30 08:12 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2008-10-30 08:12 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2008-10-30 08:12 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2008-10-30 08:11 . 2008-10-30 08:11 <REP> d-------- c:\windows\System32\xlive
2008-10-29 23:14 . 2008-11-20 20:29 <REP> d-------- c:\users\Kira\AppData\Roaming\Vista Start Menu
2008-10-29 23:14 . 2008-10-29 23:14 <REP> d-------- c:\program files\Vista Start Menu
2008-10-29 12:13 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll
2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx07.dll
2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll
2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\System32\divx_xx11.dll
2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:\windows\System32\divxdec.ax
2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:\windows\System32\DivX.dll
2008-10-26 11:22 . 2008-10-26 11:22 <REP> d-------- c:\program files\MagicISO
2008-10-26 09:03 . 2008-10-26 09:03 <REP> d-------- c:\users\Kira\AppData\Roaming\Capcom
2008-10-25 21:43 . 2008-10-25 21:43 <REP> d-------- c:\program files\Futuremark
2008-10-25 20:56 . 2008-10-25 23:42 <REP> d-------- c:\users\Kira\AppData\Roaming\GetRight
2008-10-25 20:18 . 2008-07-10 03:07 7,143 --a------ c:\windows\System32\nvide.nvu
2008-10-25 20:01 . 2008-11-18 00:47 <REP> d-------- c:\users\All Users\ma-config.com
2008-10-25 20:01 . 2008-11-18 00:47 <REP> d-------- c:\programdata\ma-config.com
2008-10-25 20:01 . 2008-11-18 00:47 <REP> d-------- c:\program files\ma-config.com
2008-10-24 06:45 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-24 06:45 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-24 06:45 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-24 06:45 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-24 06:45 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-22 16:28 . 2008-10-22 16:30 <REP> d-------- c:\users\Kira\AppData\Roaming\NewsLeecher

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 07:22 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-21 06:43 --------- d-----w c:\users\Kira\AppData\Roaming\Azureus
2008-11-20 22:34 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 22:34 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-20 21:13 --------- d-----w c:\users\Kira\AppData\Roaming\Skype
2008-11-20 19:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-20 17:32 --------- d-----w c:\users\Kira\AppData\Roaming\skypePM
2008-11-20 06:33 --------- d-----w c:\users\Kira\AppData\Roaming\Desktopicon
2008-11-18 08:47 22,328 ----a-w c:\users\Kira\AppData\Roaming\PnkBstrK.sys
2008-11-18 08:46 682,280 ----a-w c:\windows\System32\pbsvc.exe
2008-11-18 08:46 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-11-18 08:22 --------- d-----w c:\program files\Activision
2008-11-18 01:58 --------- d---a-w c:\programdata\TEMP
2008-11-18 00:40 --------- d-----w c:\programdata\Apple Computer
2008-11-17 23:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 15:18 --------- d-----w c:\programdata\Media Center Programs
2008-11-16 12:36 --------- d-----w c:\program files\THQ
2008-11-16 10:08 --------- d-----w c:\users\Kira\AppData\Roaming\Hamachi
2008-11-14 22:49 --------- d-----w c:\programdata\NVIDIA
2008-11-13 18:32 --------- d-----w c:\programdata\Lavasoft
2008-11-13 18:31 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-12 21:49 --------- d-----w c:\program files\Windows Mail
2008-11-12 21:48 --------- d-----w c:\program files\NVIDIA Corporation
2008-11-12 20:38 --------- d-----w c:\users\Kira\AppData\Roaming\DNA
2008-11-12 07:38 --------- d-----w c:\users\Kira\AppData\Roaming\vghd
2008-11-08 19:49 152,904 ----a-w c:\windows\System32\vghd.scr
2008-11-06 06:45 --------- dc-h--w c:\programdata\~0
2008-11-01 22:55 --------- d-----w c:\program files\Yahoo!
2008-10-30 16:40 --------- d-----w c:\program files\GameSpy Arcade
2008-10-26 10:47 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-25 20:43 86,016 ----a-w c:\windows\System32\OpenAL32.dll
2008-10-25 20:01 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-10-25 19:39 --------- d-----w c:\program files\AGEIA Technologies
2008-10-23 21:19 --------- d-----w c:\program files\Electronic Arts
2008-10-22 16:18 --------- d-----w c:\program files\Ubisoft
2008-10-22 14:55 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-10-20 17:04 81,920 ----a-w c:\users\Kira\AppData\Roaming\esentutl.exe
2008-10-20 06:23 --------- d-----w c:\programdata\THQ
2008-10-20 06:08 --------- d-----w c:\program files\Tomb Raider - Legend
2008-10-19 11:41 15,872 ------w c:\windows\System32\winskfr.dll
2008-10-19 11:36 --------- d-----w c:\programdata\eMule
2008-10-19 11:35 --------- d-----w c:\program files\eMule
2008-10-16 23:00 --------- d-----w c:\users\Kira\AppData\Roaming\OpenOffice.org
2008-10-16 16:21 --------- d-----w c:\users\Kira\AppData\Roaming\Microsoft Games
2008-10-16 15:31 --------- d-----w c:\program files\Microsoft Games
2008-10-15 10:31 --------- d-----w c:\program files\City Interactive
2008-10-13 07:56 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
2008-10-13 05:54 --------- d-----w c:\program files\OpenAL
2008-10-12 20:58 --------- d-----w c:\users\Kira\AppData\Roaming\Pro Cycling Manager 2008
2008-10-12 13:50 --------- d-----w c:\program files\OpenOffice.org 3
2008-10-12 13:49 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-12 13:44 --------- d-----w c:\programdata\Skype
2008-10-12 13:44 --------- d-----w c:\program files\Common Files\Skype
2008-10-12 13:44 --------- d-----r c:\program files\Skype
2008-10-12 13:35 --------- d-----w c:\users\Kira\AppData\Roaming\KC Softwares
2008-10-12 06:33 304,528 ----a-w c:\windows\System32\appdrvrem01.exe
2008-10-12 06:33 3,468,904 ----a-w c:\windows\system32\drivers\appdrv01.sys
2008-10-12 05:07 --------- d-----w c:\users\Kira\AppData\Roaming\OpenOffice.org2
2008-10-12 04:32 --------- d-----w c:\program files\Cyanide
2008-10-11 16:05 --------- d-----w c:\program files\FIFA 09
2008-10-11 07:31 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-09 21:52 --------- d-----w c:\programdata\Azureus
2008-10-09 21:44 --------- d-----w c:\users\Kira\AppData\Roaming\teamspeak2
2008-10-09 21:42 --------- d-----w c:\program files\Windows Live
2008-10-09 21:41 --------- d-----w c:\program files\Microsoft
2008-10-09 21:38 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-09 21:24 --------- d-----w c:\programdata\LookMyPC
2008-10-08 21:01 --------- d-----w c:\program files\NVIDIA nTune Performance Application
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelTraditionalChinese.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelSwedish.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelSpanish.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelSimplifiedChinese.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelPortugese.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelKorean.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelJapanese.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelGerman.dll
2008-10-07 07:13 58,648 ----a-w c:\windows\System32\AgCPanelFrench.dll
2008-10-07 07:13 288,024 ----a-w c:\windows\System32\PhysXCplUI.exe
2008-10-07 07:13 288,024 ----a-w c:\windows\System32\PhysXCompatCplUI.exe
2008-10-07 07:13 23,320 ----a-w c:\windows\System32\PhysXDevice.dll
2008-10-04 19:47 --------- d-----w c:\programdata\SymplisIT
2008-10-04 19:42 --------- d-----w c:\users\Kira\AppData\Roaming\ESTsoft
2008-10-04 19:42 --------- d-----w c:\program files\ESTsoft
2008-10-04 14:13 --------- d-----w c:\programdata\Symantec
2008-10-04 13:36 --------- d-----w c:\users\Kira\AppData\Roaming\PCToolsFirewallPlus
2008-10-04 13:12 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-04 12:36 --------- d-----w c:\users\Kira\AppData\Roaming\GetRightToGo
2008-10-04 10:47 --------- d-----w c:\programdata\CheckPoint
2008-10-04 10:02 --------- d-----w c:\users\Kira\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-04 06:29 --------- d-----w c:\users\Kira\AppData\Roaming\Pro Cycling Manager 2007
2008-10-03 19:14 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-03 17:08 --------- d-----w c:\programdata\Apple
2008-10-03 17:08 --------- d-----w c:\program files\Apple Software Update
2008-10-03 16:55 --------- d-----w c:\program files\Common Files\Adobe
2008-10-03 16:54 --------- d-----w c:\programdata\NOS
2008-10-03 16:36 --------- d-----w c:\program files\NOS
2008-10-02 23:46 81,920 ----a-w c:\windows\System32\frapsvid.dll
2008-10-01 17:32 --------- d-----w c:\users\Kira\AppData\Roaming\Leadertech
2008-09-30 15:47 --------- d-----w c:\users\Kira\AppData\Roaming\TeamViewer
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-21_18.24.00,70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-21 16:54:18 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-21 17:27:48 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-21 16:54:18 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-21 17:27:48 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-21 16:55:45 147,456 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-21 17:30:15 147,456 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-11-21 16:55:40 155,648 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-21 17:30:10 155,648 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-11-21 16:56:06 14,464 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1698558432-1330323462-3843673187-1000_UserData.bin
+ 2008-11-21 17:29:37 14,472 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1698558432-1330323462-3843673187-1000_UserData.bin
- 2008-11-21 16:56:06 80,716 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-21 17:29:37 80,872 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-21 16:56:05 57,360 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-21 17:29:36 57,376 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2008-10-08 2145792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-23 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-23 92704]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-18 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"="c:\users\Kira\AppData\Roaming\MICROS~1\comrepl.exe" [2008-10-20 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="c:\windows\cmstp.exe" [2008-10-20 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MqtgSVC"="c:\windows\System32\drivers\mqtgsvc.exe" [2008-10-20 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3DAC8051-29D5-4F8E-8423-9ED9689558CA}"= UDP:c:\program files\Midway Games\BlackSite\Binaries\BlackSite.exe:Blacksite Area 51
"{386D2038-8116-4E4A-96CB-962CA89200F8}"= TCP:c:\program files\Midway Games\BlackSite\Binaries\BlackSite.exe:Blacksite Area 51
"TCP Query User{DBFA6D53-432E-4F73-991A-75F22D88D401}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{9976211F-DE07-401C-878E-2EE5D8951283}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2DC2CF80-F6DE-4339-B587-F9BC3EA722DB}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{6B0772E5-FFBE-41C0-BA98-F3C7A42BC30A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{9D96E382-762C-405F-B90B-37B281580A1C}c:\\users\\kira\\program files\\dna\\btdna.exe"= UDP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CA4665A2-5FB0-4583-A135-455AB1AD42AE}c:\\users\\kira\\program files\\dna\\btdna.exe"= TCP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"TCP Query User{3FDB0094-150D-4F61-9CCB-C6D444799493}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{0A7A163E-DE10-4041-A697-38A417B6AFC8}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{B896ED7F-C996-4A2C-BE31-3C61A0F401D8}c:\\users\\kira\\program files\\dna\\btdna.exe"= UDP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5B56DB5E-6C79-4B67-8BFC-D80890F73205}c:\\users\\kira\\program files\\dna\\btdna.exe"= TCP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"{79D50BE3-2094-437E-BB67-094F160C9983}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{858A84C7-EED9-46AF-9551-739FD8C9127E}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{87D95160-F0E9-4938-925B-FC1BF628F934}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4BF9162D-D3C7-47A3-A61F-A3E773202FCE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1029986B-C769-42AC-94C6-4AD8A28F5B7B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C6672546-A206-4396-933E-EDF22C48D4E6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{886396D6-CD2F-4600-95E9-A0707A1B3E3A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{505CA8C1-FBC5-4291-9C7C-DBCEFA617338}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E0F4DE70-CDEA-44BF-B5F1-05A3C7AE3E78}c:\\program files\\thq\\motogp 2007\\motogp.exe"= UDP:c:\program files\thq\motogp 2007\motogp.exe:motogp
"UDP Query User{B44CA411-F0A2-46E1-9E7D-D154E342E026}c:\\program files\\thq\\motogp 2007\\motogp.exe"= TCP:c:\program files\thq\motogp 2007\motogp.exe:motogp
"TCP Query User{D26BDBF9-6796-4A1C-AA0A-68EB400F8146}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= Disabled:UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{C7DD501B-A3B7-45A5-98D1-161582164F6B}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= Disabled:TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{28A28131-A83C-4D8D-AD52-0592B3364A68}c:\\users\\kira\\downloads\\[pc] pro evolution soccer 2008 [eng] [dopeman]\\pro evolution soccer 2008\\pes2008.exe"= Disabled:UDP:c:\users\kira\downloads\[pc] pro evolution soccer 2008 [eng] [dopeman]\pro evolution soccer 2008\pes2008.exe:pes2008.exe
"UDP Query User{041E6705-01C9-4CB1-BCB9-6056DB7FFF11}c:\\users\\kira\\downloads\\[pc] pro evolution soccer 2008 [eng] [dopeman]\\pro evolution soccer 2008\\pes2008.exe"= Disabled:TCP:c:\users\kira\downloads\[pc] pro evolution soccer 2008 [eng] [dopeman]\pro evolution soccer 2008\pes2008.exe:pes2008.exe
"TCP Query User{975C9B39-D553-439C-A07C-3D28E6A95690}c:\\program files\\test drive\\testdriveunlimited.exe"= Disabled:UDP:c:\program files\test drive\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{A79433B7-43E9-42E2-A4A7-C04288A40BCA}c:\\program files\\test drive\\testdriveunlimited.exe"= Disabled:TCP:c:\program files\test drive\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{E2596F1C-9AF5-425B-949D-7B2E93EEDAE1}c:\\users\\kira\\downloads\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= Disabled:UDP:c:\users\kira\downloads\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{2C47CDED-27E7-4747-B15B-CFAFB0387F5E}c:\\users\\kira\\downloads\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= Disabled:TCP:c:\users\kira\downloads\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{EE46C2EB-107C-4ACD-8DFC-C84C3B997148}c:\\downloads\\pure\\pure.exe"= UDP:c:\downloads\pure\pure.exe:Pure
"UDP Query User{A1A99B27-A07B-4709-A85D-6ED658598A89}c:\\downloads\\pure\\pure.exe"= TCP:c:\downloads\pure\pure.exe:Pure
"TCP Query User{6E61BA7C-E927-4457-BC95-4844189D8972}c:\\users\\kira\\temp\\teamviewer3\\teamviewer.exe"= UDP:c:\users\kira\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"UDP Query User{285FC2E2-507C-4010-9FFA-DBE6C9258137}c:\\users\\kira\\temp\\teamviewer3\\teamviewer.exe"= TCP:c:\users\kira\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"TCP Query User{8424F0F5-B81E-4602-8DB0-51D1F91D3E71}c:\\program files\\pure\\pure.exe"= UDP:c:\program files\pure\pure.exe:Pure
"UDP Query User{8FA20348-9A10-4613-ABEF-084D32E6ED04}c:\\program files\\pure\\pure.exe"= TCP:c:\program files\pure\pure.exe:Pure
"{D129AE45-C3A3-4BF5-B50E-F61B55B42A4C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{FE342F5E-9749-4B52-82A1-7B53869B943D}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= UDP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"UDP Query User{8B214BF3-B7F0-44BB-9E73-ACED25FEEF21}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= TCP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"{792DFF95-8470-47AC-8F47-A2BC6F067167}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{64393ABF-1EE9-4447-AA01-6C60413F6311}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{70E97436-85A2-4F38-ABE5-C675239DBDDA}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{60E3FF6B-9E51-4815-8C9E-F477DBD2D8D6}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{6525CD2D-227D-41E3-AE2F-430C9EB93D61}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D47C3ACC-3CD1-468F-B4D2-7310C0281DA7}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{C774582C-2469-4559-B62B-4890C72E45B3}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{021ACB04-07DD-4A45-BFE5-36160B4200F0}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"{C9711F92-5F9C-48CE-8D52-DB746D60F2F7}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe:Pro Cycling Manager - Season 2008
"{363251CD-080C-4952-85D0-AAFEB7BACE26}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2008\PCM.exe:Pro Cycling Manager - Season 2008
"{8F115632-6B17-4125-8272-A5F6DCFB29A8}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2008 - AutoRun
"{0AA30FD9-C022-4B55-B56B-9AF00D8AD979}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2008 - AutoRun
"TCP Query User{A15E98DB-AF3A-4EFA-B14E-02CBECB32C9A}c:\\program files\\thq\\dawn of war - dark crusade demo\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade demo\darkcrusade.exe:DarkCrusade
"UDP Query User{C7F83D13-E660-4DCC-82C3-E1C96CF0F8F9}c:\\program files\\thq\\dawn of war - dark crusade demo\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade demo\darkcrusade.exe:DarkCrusade
"{312D3FC8-BF38-49F9-9B5A-052F212BC456}"= UDP:c:\program files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{F1D2C56B-5B6D-4470-B0B0-5196E3B200F7}"= TCP:c:\program files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{A0183FAE-9CCB-4A00-B9B7-343549E29370}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{1EAB2C19-9895-40D6-A004-838D9A9C2AE1}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{3C08D2E5-363E-4638-9D65-0828548886F3}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{852B87D8-CB07-4E45-B65E-F85E34DD6DF8}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{705A31E6-4C68-4D63-A4F1-5246C9D48169}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"{D9BE33C9-C112-444B-AF70-1BB2EB02032B}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur
"TCP Query User{0E64EF0F-E89D-4FAA-B285-DC99CE7767CF}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{592966EB-E00C-49AE-B4F5-871ED3A1A5F7}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"{69A74109-4CE3-4FF0-A6A1-BF0B6E3C5E2C}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{4C435405-22A5-4560-86C5-BE875D84D96C}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{14C9E2D4-68A3-4389-A0E3-AAC6D5B5ADF5}"= UDP:c:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace(TM)
"{1EEFFB94-60AB-423F-9401-BBB8080EC0A0}"= TCP:c:\program files\Activision\Quantum of Solace(TM)\JB_LiveEngine_s.exe:Quantum of Solace(TM)
"TCP Query User{FD851055-8A33-403A-A5B3-691093459C54}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{2259FD4B-05B5-4CA2-8662-089DDAFD5A5D}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty(R): World at War Multiplayer
"TCP Query User{714F0F29-2842-47F8-8275-3E772B31544F}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{939F1181-C87F-44B0-B292-5C010BAEED21}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{B5F33037-7932-4DF5-A7E9-816437DFEF40}c:\\program files\\mirc\\mirc.exe"= Disabled:UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{27E58189-DB07-47BB-8575-031D31E6B619}c:\\program files\\mirc\\mirc.exe"= Disabled:TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{190AA832-F2D3-4FB7-A481-2B58166FD6F7}c:\\users\\kira\\desktop\\pes 2009\\pes2009.exe"= Disabled:UDP:c:\users\kira\desktop\pes 2009\pes2009.exe:pes2009.exe
"UDP Query User{E4EECA24-21F5-439B-9905-62CC230C78F7}c:\\users\\kira\\desktop\\pes 2009\\pes2009.exe"= Disabled:TCP:c:\users\kira\desktop\pes 2009\pes2009.exe:pes2009.exe
"TCP Query User{2C105DC6-F389-45B3-B9A4-CD450BBB7DE5}c:\\program files\\mc2\\sniper elite\\sniperelite.exe"= Disabled:UDP:c:\program files\mc2\sniper elite\sniperelite.exe:SniperElite
"UDP Query User{A6091787-3623-454E-A004-2D57330099AC}c:\\program files\\mc2\\sniper elite\\sniperelite.exe"= Disabled:TCP:c:\program files\mc2\sniper elite\sniperelite.exe:SniperElite
"TCP Query User{740FD6B4-B819-4BFF-8572-FF1243B92579}c:\\program files\\timeshift\\bin\\timeshift.exe"= Disabled:UDP:c:\program files\timeshift\bin\timeshift.exe:TimeShift
"UDP Query User{CC09F86B-99B3-47FD-AF88-34B7D6EF24E5}c:\\program files\\timeshift\\bin\\timeshift.exe"= Disabled:TCP:c:\program files\timeshift\bin\timeshift.exe:TimeShift
"TCP Query User{4ABC1FDE-DAEB-4882-8EBB-913B5D7E99BB}c:\\ut2003demo\\system\\ut2003.exe"= Disabled:UDP:c:\ut2003demo\system\ut2003.exe:UT2003
"UDP Query User{9096F62F-A566-4AC2-93BC-46E00F1A5F99}c:\\ut2003demo\\system\\ut2003.exe"= Disabled:TCP:c:\ut2003demo\system\ut2003.exe:UT2003
"TCP Query User{F1B27B34-CA30-49D3-B3A3-6EDC2227D7B5}c:\\users\\kira\\downloads\\call.of.duty.world.at.war.full-rip.skullptura\\call of duty - world at war\\codwaw.exe"= UDP:c:\users\kira\downloads\call.of.duty.world.at.war.full-rip.skullptura\call of duty - world at war\codwaw.exe:codwaw.exe
"UDP Query User{F46C778A-B50C-46FE-B3F9-FA7437700F55}c:\\users\\kira\\downloads\\call.of.duty.world.at.war.full-rip.skullptura\\call of duty - world at war\\codwaw.exe"= TCP:c:\users\kira\downloads\call.of.duty.world.at.war.full-rip.skullptura\call of duty - world at war\codwaw.exe:codwaw.exe
"{6434E51E-6DBA-4113-BD80-BA5211617048}"= Disabled:UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{3B4AD44F-5D4B-4C33-83F9-DAA55D98E82E}"= Disabled:TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{A073E5C2-F729-4345-845F-AA268C3CCBA0}"= Disabled:UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{F7EB1B02-8165-4174-A502-4FEFF2640D6E}"= Disabled:TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{EAD1067F-9B59-4FED-9F59-D472DD817251}"= Disabled:UDP:c:\program files\SEGA\SEGA Rally\SEGA Rally.exe:SEGA Rally
"{A1D391C4-04FA-4106-9848-23D6F0BDC459}"= Disabled:TCP:c:\program files\SEGA\SEGA Rally\SEGA Rally.exe:SEGA Rally
"{C5DCE331-05ED-4C51-A01F-441716DC40BF}"= Disabled:UDP:c:\program files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:SEGA Rally
"{BDD2211F-C661-4567-A8F6-9CFD38EA9AC9}"= Disabled:TCP:c:\program files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:SEGA Rally
"TCP Query User{790CBFB2-CF4C-4F5B-B1B5-3876849189C4}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{B86E4C40-8C55-4FD5-A1C0-50BB348865B0}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{B433C55A-4133-468B-861E-8ABC5CE99353}c:\\program files\\electronic arts\\eadm\\core.exe"= Disabled:UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{214862FA-5A1A-4F39-A140-8DFFE19BD563}c:\\program files\\electronic arts\\eadm\\core.exe"= Disabled:TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{973841E0-28CE-4078-BCF9-B9BD301E061B}c:\\users\\kira\\downloads\\call of duty 4 modern warfare full-rip skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= Disabled:UDP:c:\users\kira\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{5E398CF3-1DBC-433B-BC79-761E10FED140}c:\\users\\kira\\downloads\\call of duty 4 modern warfare full-rip skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= Disabled:TCP:c:\users\kira\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{7975767E-963D-4731-BE2E-7C1041526150}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.4.exe"= Disabled:UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.4.exe:iw3mpHAMACHI 1.4
"UDP Query User{68151968-94FB-45FF-BCED-B6CE6B22584A}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.4.exe"= Disabled:TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.4.exe:iw3mpHAMACHI 1.4
"TCP Query User{A0887762-3F95-41DF-84D6-A02D556E4DD4}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.7.exe"= Disabled:UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.7.exe:iw3mpHAMACHI 1.7
"UDP Query User{C2E3787C-DB9F-471D-A9DF-98A63ED6AAE1}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.7.exe"= Disabled:TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.7.exe:iw3mpHAMACHI 1.7
"TCP Query User{54CA1F91-7AC2-49E5-935F-BE2ED72352AB}c:\\users\\kira\\downloads\\lookmypc.exe"= Disabled:UDP:c:\users\kira\downloads\lookmypc.exe:lookmypc.exe
"UDP Query User{4BAC6530-B25A-459C-88B2-2730A3F73F49}c:\\users\\kira\\downloads\\lookmypc.exe"= Disabled:TCP:c:\users\kira\downloads\lookmypc.exe:lookmypc.exe
"TCP Query User{FE4741BA-F98A-48D5-BE0F-11915B33E8C5}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{9020187E-C2E6-4FDE-95CA-A52CBD19DB22}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{F1A89689-2492-47A4-8B51-BCB3C2584D7C}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"UDP Query User{73E4C7B6-F641-4ECF-8706-351E7D9CF6CE}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"TCP Query User{7A7EBAF9-C51C-4469-861A-6FB7F4DFB858}c:\\program files\\activision\\call of duty 4 - modern warfare\\call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170.exe:call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170
"UDP Query User{98D21E17-125B-4507-864A-A5C5E9945211}c:\\program files\\activision\\call of duty 4 - modern warfare\\call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170.exe:call_of_duty_4_modern_warfare_patch_v1.1_multi-langues_182170
"{7FE57726-9302-4C5E-8FB1-3E7FE3FA9576}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{65438E2E-D038-4660-BA2F-B7FC43366A8C}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{6FD48C82-7465-4314-897C-428D0162306E}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{EB778DEA-9FBA-4F5B-9C3A-2E33A696B619}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{F0548D3E-99A3-45BA-AC54-F099D30A1DEF}"= UDP:c:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{1DDC9DCC-982A-4B65-BCBF-2DCFB1667F38}"= TCP:c:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{58609DE1-917A-434A-AD33-9A40389B2F49}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{61C22675-9760-41B2-9228-EA89CF87F78C}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{29127D27-D468-41BA-8FB8-720233CCFB6B}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{C9613C40-379B-414A-BEA6-83996862CA43}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{586505BD-30E1-4E64-84BE-CE67CACF528D}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{3FA41585-C8DC-44A9-BE82-9F80B10B0D76}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2008-07-25 212008]
R1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2008-10-12 3468904]
R1 ElRawDisk;ElRawDisk;\??\c:\windows\system32\drivers\elrawdsk.sys [2008-09-20 12800]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2008-08-21 21504]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc []
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-03 33752]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-17 195752]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-13 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\AutoStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028419dd-7f69-11dd-b528-0019db6da610}]
\shell\AutoRun\command - e:\setup\rsrc\Autorun.exe
\shell\dinstall\command - e:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93f4515f-7d07-11dd-9dd4-0019db6da610}]
\shell\AutoRun\command - e:\setup\rsrc\Autorun.exe
\shell\dinstall\command - e:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a06607fb-79ea-11dd-b037-0019db6da610}]
\shell\AutoRun\command - E:\FrameworkCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d94c48ab-6fce-11dd-8b91-0019db6da610}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2008-11-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 17:58]

2008-11-21 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 19:12:29
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-21 19:13:16
ComboFix-quarantined-files.txt 2008-11-21 18:13:05
ComboFix2.txt 2008-11-21 17:24:50

Avant-CF: 111.458.459.648 octets libres
Après-CF: 111,425,613,824 octets libres

451 --- E O F --- 2008-11-20 18:25:50
0
Réponse 44 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
second rapport demandé :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:10, on 21/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\cmstp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\Users\Kira\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\Users\Kira\AppData\Roaming\MICROS~1\comrepl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\Windows\cmstp.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\System32\drivers\mqtgsvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\System32\drivers\mqtgsvc.exe /waitservice (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
help :( :(
0
Réponse 46 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

Je vais t'aider ;)

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Clique droit sur le raccourci UsbFix situé sur ton Bureau et choisis Exécuter en tant qu'administrateur.

--> Choisis l'option 1 (Nettoyage).

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
0
Réponse 47 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
salut , merci de ton aide !! :) j'ai encore eu 6 detections cette nuit :(

voici le rapport demander :

-------------- UsbFix V2.413.1 ---------------

* User : Kira - PC
* Outils mis a jours le 24/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 7:47:18 le mer. 26/11/2008
* Windows Vista - Internet Explorer 8.0.6001.18241

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\PGWARE\SuperRam\SuperRamService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Users\Kira\AppData\Local\Temp\AC93.tmp\b2e.exe
C:\Users\Kira\AppData\Local\Temp\dllhst3g.exe
C:\Users\Kira\AppData\Local\Temp\dllhst3g.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
D: - Lecteur de CD-ROM

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[26/11/2008 07:47][--a------] C:\UsbFix.txt
[18/09/2006 22:43][--a------] C:\config.sys
[18/09/2006 22:43][--a------] C:\IO.SYS
[18/09/2006 22:43][--a------] C:\MSDOS.SYS
[18/09/2006 22:43][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur de CD-ROM

+- Listing des fichiers présents :

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ehTray.exe=C:\Windows\ehome\ehTray.exe
NVIDIA nTune="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
VistaStartMenu="C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
RtHDVCpl=RtHDVCpl.exe
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f4515f-7d07-11dd-9dd4-0019db6da610}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a06607fb-79ea-11dd-b037-0019db6da610}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d94c48ab-6fce-11dd-8b91-0019db6da610}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

--------------- ! Fin du rapport ! ----------------
0
Réponse 48 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

---> Dans Antivir, "Extra" > "Configuration" > Coche "Expert mode" > Coche "Search for rootkit before scan" pour appuie sur OK.

---> Puis lance un scan complet et poste le rapport.
0
Réponse 49 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
je sais deja que ça n'ira pas , le rapport et trop gros pour le site il ne veut pas l'envoyer et il plante ,

le scan est en cours dès qu'il est fini je reessaie ss problemes ...

merci encore de ton aide précieuse !!

chaque fois que j'allume la machine , 2 detections , 2ou 3 h apres encore 2 detections ,si je le laisse la nuit 6detections le matin , alors que je ne fais rien... et les noms de virus ne sont jamais le meme lol , un vrai bordel .. :(

j'ai malware bite , spyboot ss, ad aware, c cleaner , glary, et trojan remover ... rien n'y fait ...

ma machine est une enseigne lumieuse "enter here!!" sur le reseau ... :

merci encore.
0
Réponse 50 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Le rapport, tu peux me l'uploader.

---> Uploader un fichier sur Mediafire :
● Rends-toi sur ce lien : https://www.mediafire.com/
● Clique en haut sur Upload files To Media fire. Choisis ensuite I want to upload without an account.
● Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur ouvrir.
● Clique ensuite sur Upload.
● A droite de l'écran, choisis : upload to a new folder. Laisse le nom par défaut (= la date).
● Valide et laisse l'upload se faire.
● Clique sur View uploaded file et copie-moi l'url (= le lien) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.
0
Réponse 51 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
merci !! :) le scan est à 55% ,je suis obligé de retourner bosser...

je te pose ça en rentrant vers 17h30 dsl

thx
0
Réponse 52 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Pas de problème.
0
Réponse 53 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
rapport antivir

https://www.mediafire.com/?sharekey=2e27159d5269abc2ab1eab3e9fa335ca84c35fd1c0c926c1

voila je pense que c ok ...

merci d'avance ...
0
Réponse 54 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Il n'a rien trouvé, bizarre non ?
0
Réponse 55 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
ha oui je sais ... ça fait plus d'une semaine que via les scans je n'ai plus rien ...

en faite on m'avait demandé un scan malware bites , lui ma retiré 6 infections , mais tout les jours je suis attaqué ...

en 3 jours j'ai eu 48 attaques ... alors que je n'ai jms eu de problemes avt , en tout cas pas de cette ampleur..

veux tu un rapport hijjack ?? ça peut aider ??

( encore 2 detections pdt que j'ecris le mess lol )
0
Réponse 56 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Peux-tu me dire l'emplacement des fichiers infectés ?
0
Réponse 57 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
'C:\Users\Kira\AppData\Local\Temp\~tmp\chkwmmod32\RTLCPL.exe.

'C:\Users\Kira\AppData\Local\Temp\~tmp\chkwmmod32\RTLCPL.exe.

C:\Users\Kira\AppData\Local\Temp\~tmp\yunml03\svchost.exe.

'C:\Users\Kira\AppData\Local\Temp\~tmp\yunml03\svchost.exe.

'C:\Users\Kira\AppData\Local\Temp\~tmp\chkwmmod32\RTLCPL.exe.

par 2 à chaque fois ...

merci de ta patience...
0
Réponse 58 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ok bien.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 59 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Kira\AppData\Local\Temp\esentutl.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\Kira\AppData\Local\Temp\etilqs_ntVMPDIp0SEv3OFmrc03 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Users\Kira\AppData\Local\Mozilla\Firefox\Profiles\a28i2wlz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kira\AppData\Local\Mozilla\Firefox\Profiles\a28i2wlz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kira\AppData\Local\Mozilla\Firefox\Profiles\a28i2wlz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kira\AppData\Local\Mozilla\Firefox\Profiles\a28i2wlz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Kira\AppData\Local\Mozilla\Firefox\Profiles\a28i2wlz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Kira\AppData\Local\Mozilla\Firefox\Profiles\a28i2wlz.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11262008_203429
0
Réponse 60 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Si tu as encore des détections, dis-le moi.

Je reviens plus tard.
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Problème casque sennheiser 4200
barbie35 -
Beenaxa -

1 réponse