Se connecter / S'enregistrer
Votre question

spyware impossible a supprimer

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Mai 2008 10:09:04

bonjour , j'ai un spyware que je n'arrive pas a supprimer. j'ai deja vu quelques conseil sur le net, j'ai telecharger spyware doctor version payante, je fait des analyses toutes les heures environ et a chaque fois les memes trojan sont detectés. je fait reparation verifier toujours sur sd , sa me met traitement en cours et sa me dit que le probleme est supprimer. or a chaque fois que je refait un scan, les memes trojan réaparaissent ( trojant.agent , trojan virtumonde, etc...)

comment faire pour les supprimer definitivement et pour que m'ont pc n'ai plus rien?

merci d'avance

Autres pages sur : spyware impossible supprimer

1 Mai 2008 11:11:09

bonjour et merci de m'aider
voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:01, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\yvtmkyje\gtgfcnwv.exe
C:\ProgramData\shchizgx\ytixszyx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [yvtmkyje] C:\ProgramData\yvtmkyje\gtgfcnwv.exe
O4 - HKCU\..\Run: [eM7rl3ne9w] C:\ProgramData\shchizgx\ytixszyx.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\yadine\AppData\Local\Temp\hgGvtsrs.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\yadine\AppData\Local\Temp\urqRJBRj.dll,c
O4 - HKCU\..\Run: [nsuqolqe] C:\ProgramData\nsuqolqe\ynsdonal.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [oabhlrcr] C:\ProgramData\oabhlrcr\relmrqly.exe
O4 - HKCU\..\Run: [55f2f944] rundll32.exe "C:\Users\yadine\AppData\Local\Temp\kteqhjxp.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12112 bytes
Contenus similaires
1 Mai 2008 11:13:10

Re,

Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

1) [~] Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
[~] Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK

Tu recocheras après.


- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

2) Désactive toute protection résidente ( antivirus…) !
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !


Télécharge Combofix de sUBs
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/telecharger/virus_et...
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

3) Copie/colle un nouveau rapport HiJackThis avec.

;) 
1 Mai 2008 11:51:41

voici le rapport combofix

ComboFix 08-04-29.5 - yadine 2008-05-01 11:28:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1082 [GMT 2:00]
Endroit: C:\Users\yadine\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.

2008-05-01 11:08 . 2008-05-01 11:08 <REP> d-------- C:\Program Files\Trend Micro
2008-04-30 21:24 . 2008-04-30 21:24 386 --a------ C:\Windows\3DBELOTE2.INI
2008-04-30 21:23 . 2008-04-30 21:23 <REP> d-------- C:\Program Files\3DBELOTE
2008-04-30 20:09 . 2008-04-30 20:09 <REP> d-------- C:\Users\yadine\AppData\Roaming\Talkback
2008-04-30 19:31 . 2008-04-30 19:31 <REP> d-------- C:\Users\yadine\AppData\Roaming\PC Tools
2008-04-30 19:31 . 2008-04-30 20:35 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-30 19:31 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-04-30 19:31 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-04-30 19:31 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-04-30 19:31 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-04-30 19:26 . 2008-04-30 19:26 <REP> d-------- C:\Users\All Users\Mozilla
2008-04-30 19:26 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-04-30 19:26 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-04-30 19:25 . 2008-04-30 19:26 <REP> d-------- C:\Program Files\Picasa2
2008-04-30 19:24 . 2008-04-30 19:24 <REP> d-------- C:\Program Files\Norton Security Scan
2008-04-30 19:22 . 2008-04-30 20:22 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-30 19:22 . 2008-04-30 20:22 <REP> d-------- C:\ProgramData\Google Updater
2008-04-30 19:16 . 2008-04-30 19:16 <REP> d-------- C:\Users\All Users\oabhlrcr
2008-04-30 19:16 . 2008-04-30 19:16 <REP> d-------- C:\ProgramData\oabhlrcr
2008-04-30 16:39 . 2008-04-30 16:39 <REP> d-------- C:\Users\All Users\Google
2008-04-30 16:39 . 2008-04-30 19:28 <REP> d-------- C:\Program Files\Google
2008-04-26 11:47 . 2008-05-01 11:22 <REP> d-a------ C:\Users\All Users\TEMP
2008-04-26 11:47 . 2008-05-01 11:22 <REP> d-a------ C:\ProgramData\TEMP
2008-04-25 23:48 . 2008-04-30 17:18 <REP> d-------- C:\Program Files\a-squared Free
2008-04-25 23:42 . 2008-04-25 23:42 <REP> d-------- C:\Users\All Users\nsuqolqe
2008-04-25 23:42 . 2008-04-25 23:42 <REP> d-------- C:\ProgramData\nsuqolqe
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-25 09:05 . 2008-04-25 09:05 <REP> d-------- C:\Users\All Users\yvtmkyje
2008-04-25 09:05 . 2008-04-25 09:05 <REP> d-------- C:\Users\All Users\shchizgx
2008-04-25 09:05 . 2008-04-25 09:05 <REP> d-------- C:\ProgramData\yvtmkyje
2008-04-25 09:05 . 2008-04-25 09:05 <REP> d-------- C:\ProgramData\shchizgx
2008-04-22 21:33 . 2008-04-22 21:35 <REP> d-------- C:\Users\yadine\AppData\Roaming\SecondLife
2008-04-22 21:32 . 2008-04-22 21:36 <REP> d-------- C:\Program Files\SecondLife
2008-04-21 20:10 . 2008-02-28 13:26 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll
2008-04-21 20:10 . 2008-02-28 13:01 774,144 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-04-21 20:09 . 2008-04-21 20:09 0 --a------ C:\Windows\Irremote.ini
2008-04-21 20:03 . 2008-04-21 20:03 <REP> d-------- C:\Users\yadine\AppData\Roaming\Bitdefender
2008-04-21 20:03 . 2008-04-21 20:03 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-04-21 20:03 . 2008-04-21 20:03 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-04-21 19:54 . 2008-04-21 20:20 <REP> d-------- C:\Users\yadine\AppData\Roaming\DeepBurner
2008-04-21 19:53 . 2008-04-21 19:53 <REP> d-------- C:\Program Files\Astonsoft
2008-04-21 19:25 . 2008-04-21 19:26 <REP> d-------- C:\Users\All Users\BitDefender
2008-04-21 19:25 . 2008-04-21 19:26 <REP> d-------- C:\ProgramData\BitDefender
2008-04-21 19:25 . 2008-04-21 19:25 <REP> d-------- C:\Program Files\Softwin
2008-04-21 19:13 . 2008-04-21 19:13 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-04-21 19:12 . 2008-04-21 19:12 <REP> d-------- C:\Users\yadine\AppData\Roaming\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\Users\All Users\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\ProgramData\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\Program Files\Common Files\Nero
2008-04-21 19:06 . 2008-04-21 19:06 <REP> d-------- C:\Program Files\AskTBar
2008-04-20 14:12 . 2008-04-20 14:16 <REP> d-------- C:\Users\All Users\WLInstaller
2008-04-20 14:12 . 2008-04-20 14:16 <REP> d-------- C:\ProgramData\WLInstaller
2008-04-20 14:12 . 2008-04-20 14:20 <REP> d-------- C:\Program Files\Windows Live
2008-04-20 14:12 . 2008-04-20 14:18 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-20 13:54 . 2008-04-20 14:09 <REP> d-------- C:\Users\yadine\AppData\Roaming\Azureus
2008-04-20 13:54 . 2008-04-20 13:54 <REP> d-------- C:\Users\All Users\Azureus
2008-04-20 13:54 . 2008-04-20 13:54 <REP> d-------- C:\ProgramData\Azureus
2008-04-20 13:52 . 2008-04-21 06:04 <REP> d-------- C:\Program Files\Azureus
2008-04-20 13:20 . 2008-04-20 14:01 <REP> d-------- C:\Users\yadine\AppData\Roaming\BitTorrent
2008-04-20 13:20 . 2008-04-20 13:20 <REP> d-------- C:\Program Files\DNA
2008-04-20 10:48 . 2008-04-20 10:48 <REP> d-------- C:\Program Files\Yahoo!
2008-04-20 10:48 . 2008-04-20 10:48 <REP> d-------- C:\Program Files\CCleaner
2008-04-19 21:32 . 2008-04-19 21:32 <REP> d-------- C:\Users\yadine\AppData\Roaming\vlc
2008-04-19 21:31 . 2008-04-19 21:31 <REP> d-------- C:\Program Files\VideoLAN
2008-04-19 08:34 . 2008-04-19 08:34 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-04-19 08:34 . 2008-04-19 08:34 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-04-19 08:32 . 2008-04-19 08:32 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-04-19 08:32 . 2008-04-19 08:32 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-04-19 08:31 . 2008-04-19 08:31 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-04-19 08:31 . 2008-04-19 08:31 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-04-19 08:31 . 2008-04-19 08:31 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-04-19 08:31 . 2008-04-19 08:31 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-04-19 08:31 . 2008-04-19 08:31 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-04-19 08:30 . 2008-04-19 08:30 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-04-19 08:30 . 2008-04-19 08:30 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-04-19 08:30 . 2008-04-19 08:30 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-04-19 08:30 . 2008-04-19 08:30 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-04-19 08:30 . 2008-04-19 08:30 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-04-19 08:30 . 2008-04-19 08:30 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-04-19 08:30 . 2008-04-19 08:30 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-04-19 08:30 . 2008-04-19 08:30 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-04-19 08:29 . 2008-04-19 08:29 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-04-19 08:29 . 2008-04-19 08:29 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-04-19 08:29 . 2008-04-19 08:29 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-04-19 08:29 . 2008-04-19 08:29 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-04-19 08:29 . 2008-04-19 08:29 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-04-19 08:29 . 2008-04-19 08:29 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-04-19 08:27 . 2008-04-19 08:27 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-19 08:26 . 2008-04-19 08:26 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-19 08:26 . 2008-04-19 08:26 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-04-19 08:26 . 2008-04-19 08:26 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-04-19 08:26 . 2008-04-19 08:26 2,048 --a------ C:\Windows\System32\asferror.dll
2008-04-19 08:25 . 2008-04-19 08:25 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-04-19 08:25 . 2008-04-19 08:25 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-04-19 08:24 . 2008-04-19 08:24 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-04-19 08:24 . 2008-04-19 08:24 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-04-19 08:23 . 2008-04-19 08:23 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-04-19 08:22 . 2008-04-19 08:22 558,080 --a------ C:\Windows\System32\oleaut32.dll
2008-04-19 08:20 . 2008-04-19 08:20 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-19 08:20 . 2008-04-19 08:20 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-19 08:19 . 2008-04-19 08:19 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-04-19 08:19 . 2008-04-19 08:19 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-04-19 08:19 . 2008-04-19 08:19 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-04-19 08:19 . 2008-04-19 08:19 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-04-19 08:18 . 2008-04-19 08:18 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-04-19 08:14 . 2008-04-19 08:14 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-19 08:13 . 2008-04-19 08:13 2,048 --a------ C:\Windows\System32\tzres.dll
2008-04-18 20:09 . 2008-05-01 11:32 81,984 --a------ C:\Windows\System32\bdod.bin
2008-04-18 20:00 . 2008-04-21 19:25 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-04-18 19:28 . 2008-04-18 19:28 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-04-18 19:28 . 2008-04-18 19:28 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-04-18 19:28 . 2008-04-18 19:28 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-04-18 19:28 . 2008-04-18 19:28 43,352 --a------ C:\Windows\System32\wups2.dll
2008-04-18 19:27 . 2008-04-18 19:27 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-04-18 19:27 . 2008-04-18 19:27 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-04-18 19:27 . 2008-04-18 19:27 33,624 --a------ C:\Windows\System32\wups.dll
2008-04-18 19:26 . 2008-04-18 19:26 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-04-18 19:26 . 2008-04-18 19:26 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\Users\All Users\eMule
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\ProgramData\eMule
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\Program Files\eMule
2008-04-07 13:02 . 2008-04-07 13:02 <REP> d-------- C:\Program Files\Inventel
2008-04-03 17:54 . 2008-04-03 17:54 <REP> d-------- C:\Program Files\Maxis

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 17:51 --------- d-----w C:\ProgramData\CyberLink
2008-04-21 04:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-19 07:39 --------- d-----w C:\Program Files\Electronic Arts
2008-04-19 06:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 06:48 --------- d-----w C:\Program Files\Windows Mail
2008-04-19 06:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-19 06:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-19 06:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-04-19 06:25 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-19 06:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-04-19 06:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-19 06:16 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-19 06:16 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-19 06:16 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-19 06:16 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-18 18:36 --------- d-----w C:\ProgramData\Symantec
2008-04-02 18:29 --------- d-----w C:\ProgramData\WildTangent
2008-04-01 16:11 --------- d-----w C:\Users\yadine\AppData\Roaming\Hewlett-Packard
2008-04-01 16:11 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-31 20:33 --------- d-----w C:\ProgramData\InterAction studios
2008-03-31 19:29 --------- d-----w C:\Users\yadine\AppData\Roaming\Magic Academy
2008-03-31 17:42 --------- d-----w C:\Users\yadine\AppData\Roaming\WildTangent
2008-03-31 17:42 --------- d-----w C:\Users\yadine\AppData\Roaming\PlayFirst
2008-03-31 17:20 --------- d-----w C:\Users\yadine\AppData\Roaming\Symantec
2008-03-31 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 17:13 --------- d-----w C:\ProgramData\Electronic Arts
2008-03-31 17:05 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Presario C700 Notebook PC_Y5335KV_0U_QCND8042Z28_E460270-051_4A_I30D9_SHP_V83.1F_F.23_T080103_WV2-0_L40C_M2038_J120_7Intel_8661_91.86_#071119_N10EC8139;168C001C_(GZ908EA#ABF)_XMOBILE_CN10_Z_2F.23.MRK
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Modèles
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Favoris
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Bureau
2008-03-31 17:03 --------- d-sh--w C:\Program Files\Fichiers communs
2007-11-19 04:00 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-19 08:23 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 17:10 1783136]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"yvtmkyje"="C:\ProgramData\yvtmkyje\gtgfcnwv.exe" [2008-04-25 09:05 102400]
"eM7rl3ne9w"="C:\ProgramData\shchizgx\ytixszyx.exe" [2008-04-25 09:05 35840]
"nsuqolqe"="C:\ProgramData\nsuqolqe\ynsdonal.exe" [2008-04-25 23:42 90112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 19:22 68856]
"oabhlrcr"="C:\ProgramData\oabhlrcr\relmrqly.exe" [2008-04-30 19:16 110592]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 14:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 14:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 14:43 137752]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-10-10 14:48 212992]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 16:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 20:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 17:05 202032]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 17:32 222504]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-19 05:19 1006264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 16:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-30 19:23 29744]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-30 19:22:44 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E10F4CC8-9D7B-46D2-B302-4C400C3923AF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{54C52D65-32B5-4086-BB6D-39CC31B8BD68}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5FE552D3-08E9-4D0F-AFCE-8CB0214CB8D4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6CC6461B-BA5F-41EE-A062-EDA1DCA0751A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2824B9F3-40CF-4E81-B1AC-B16FB94C48D4}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{2E7E6BFB-1DCC-4141-AFAC-3A73749B8388}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F784F1A4-0796-48C8-BF45-0E1FDECB2D4F}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{F2C6EC66-86B0-4398-A117-AF0843A7D2DA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{DB574293-7568-4CAD-9D67-3F7F22A57210}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{C8CAB15F-7339-4641-BA8C-EAC15F1F7E75}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BEBEED25-A406-47CE-AD31-F871A52FEFF2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{22D7C8A9-781B-4CF6-BB46-397DED0CD26B}"= UDP:C:\Program Files\DNA\btdna.exe:D NA
"{2A6456D2-9093-4592-A666-8E1E5BD05130}"= TCP:C:\Program Files\DNA\btdna.exe:D NA
"{BF55007D-8C50-469C-956F-FF58CB2E3280}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DD0260DE-1E98-4801-9231-AB3BF09E3217}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{4755639F-149E-4720-B2BF-154B38F85E43}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{C4AE3490-9DF4-4844-BDDE-F611D1AB14E3}C:\\program files\\azureus\\azureus.exe"= Disabled:UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8F854CD5-6D42-4113-B151-E1BF90EABB19}C:\\program files\\azureus\\azureus.exe"= Disabled:TCP:C:\program files\azureus\azureus.exe:Azureus
"{5ECF18C1-93AF-47A0-BD1A-13363D5DB136}"= Disabled:UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{BF2F778A-1D2F-4A23-ADFD-337B8CA4C321}"= Disabled:TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{B1F2530A-F2B2-4D3F-A6C4-D3E7760053CE}C:\\program files\\utorrent\\utorrent.exe"= Disabled:UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{74740452-FBF1-44BB-98E8-5A78F4E1328C}C:\\program files\\utorrent\\utorrent.exe"= Disabled:TCP:C:\program files\utorrent\utorrent.exe:uTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 16:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 16:40]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 14:25]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 01:33]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-30 19:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-30 18:34:15 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-30 14:40:17 C:\Windows\Tasks\User_Feed_Synchronization-{CA937A42-0DAB-4C5B-B432-45DA98B7E579}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 11:33:06
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-01 11:34:57
ComboFix-quarantined-files.txt 2008-05-01 09:34:12

Pre-Run: 67,155,304,448 octets libres
Post-Run: 67,135,430,656 octets libres

278 --- E O F --- 2008-04-30 14:55:00





et voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:01, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\yvtmkyje\gtgfcnwv.exe
C:\ProgramData\shchizgx\ytixszyx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [yvtmkyje] C:\ProgramData\yvtmkyje\gtgfcnwv.exe
O4 - HKCU\..\Run: [eM7rl3ne9w] C:\ProgramData\shchizgx\ytixszyx.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\yadine\AppData\Local\Temp\hgGvtsrs.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\yadine\AppData\Local\Temp\urqRJBRj.dll,c
O4 - HKCU\..\Run: [nsuqolqe] C:\ProgramData\nsuqolqe\ynsdonal.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [oabhlrcr] C:\ProgramData\oabhlrcr\relmrqly.exe
O4 - HKCU\..\Run: [55f2f944] rundll32.exe "C:\Users\yadine\AppData\Local\Temp\kteqhjxp.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12112 bytes
1 Mai 2008 15:00:31

:hello: 

Désactive toute protection résidente ( antivirus…) !

Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

Citation :
Folder::
C:\Users\All Users\yvtmkyje
C:\Users\All Users\shchizgx
C:\ProgramData\yvtmkyje
C:\ProgramData\shchizgx
C:\Users\All Users\oabhlrcr
C:\ProgramData\oabhlrcr
C:\Users\All Users\nsuqolqe
C:\ProgramData\nsuqolqe
C:\Program Files\AskTBar

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yvtmkyje"=-
"eM7rl3ne9w"=-
"nsuqolqe"=-
"oabhlrcr"=-



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.

;) 
1 Mai 2008 15:56:59

voici le rapport combofix



ComboFix 08-04-29.5 - yadine 2008-05-01 15:26:29.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1022 [GMT 2:00]
Endroit: C:\Users\yadine\Desktop\ComboFix.exe
Command switches used :: C:\Users\yadine\Documents\temps de travail\CFScript.txt..txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar\Cache\002C9166
C:\Program Files\AskTBar\bar\Cache\002C97AD
C:\Program Files\AskTBar\bar\Cache\002C9923.bin
C:\Program Files\AskTBar\bar\Cache\002C9A8A.bin
C:\Program Files\AskTBar\bar\Cache\002C9C01.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\ProgramData\nsuqolqe
C:\ProgramData\nsuqolqe\ynsdonal.exe
C:\ProgramData\oabhlrcr
C:\ProgramData\oabhlrcr\relmrqly.exe
C:\ProgramData\shchizgx
C:\ProgramData\shchizgx\ytixszyx.exe
C:\ProgramData\yvtmkyje
C:\ProgramData\yvtmkyje\gtgfcnwv.exe
C:\Users\All Users\nsuqolqe\ynsdonal.exe
C:\Users\All Users\oabhlrcr\relmrqly.exe
C:\Users\All Users\shchizgx\ytixszyx.exe
C:\Users\All Users\yvtmkyje\gtgfcnwv.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))))))))
.

2008-05-01 13:04 . 2008-05-01 15:11 <REP> d-------- C:\Users\yadine\AppData\Roaming\Spyware Terminator
2008-05-01 13:04 . 2008-05-01 14:16 <REP> d-------- C:\Users\All Users\Spyware Terminator
2008-05-01 13:04 . 2008-05-01 14:16 <REP> d-------- C:\ProgramData\Spyware Terminator
2008-05-01 13:04 . 2008-05-01 14:16 <REP> d-------- C:\Program Files\Spyware Terminator
2008-05-01 13:04 . 2008-05-01 13:05 <REP> d-------- C:\Program Files\Crawler
2008-05-01 13:04 . 2008-05-01 13:04 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-05-01 11:42 . 2008-05-01 11:42 <REP> d-------- C:\Users\All Users\yyjyrfho
2008-05-01 11:42 . 2008-05-01 11:42 <REP> d-------- C:\ProgramData\yyjyrfho
2008-05-01 11:08 . 2008-05-01 11:08 <REP> d-------- C:\Program Files\Trend Micro
2008-04-30 21:24 . 2008-04-30 21:24 386 --a------ C:\Windows\3DBELOTE2.INI
2008-04-30 21:23 . 2008-04-30 21:23 <REP> d-------- C:\Program Files\3DBELOTE
2008-04-30 20:09 . 2008-04-30 20:09 <REP> d-------- C:\Users\yadine\AppData\Roaming\Talkback
2008-04-30 19:31 . 2008-04-30 19:31 <REP> d-------- C:\Users\yadine\AppData\Roaming\PC Tools
2008-04-30 19:31 . 2008-04-30 20:35 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-30 19:31 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-04-30 19:31 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-04-30 19:31 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-04-30 19:31 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-04-30 19:26 . 2008-04-30 19:26 <REP> d-------- C:\Users\All Users\Mozilla
2008-04-30 19:26 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-04-30 19:26 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-04-30 19:25 . 2008-04-30 19:26 <REP> d-------- C:\Program Files\Picasa2
2008-04-30 19:24 . 2008-04-30 19:24 <REP> d-------- C:\Program Files\Norton Security Scan
2008-04-30 19:22 . 2008-04-30 20:22 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-30 19:22 . 2008-04-30 20:22 <REP> d-------- C:\ProgramData\Google Updater
2008-04-30 16:39 . 2008-04-30 16:39 <REP> d-------- C:\Users\All Users\Google
2008-04-30 16:39 . 2008-04-30 19:28 <REP> d-------- C:\Program Files\Google
2008-04-26 11:47 . 2008-05-01 13:44 <REP> d-a------ C:\Users\All Users\TEMP
2008-04-26 11:47 . 2008-05-01 13:44 <REP> d-a------ C:\ProgramData\TEMP
2008-04-25 23:48 . 2008-04-30 17:18 <REP> d-------- C:\Program Files\a-squared Free
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-25 22:34 . 2008-05-01 09:46 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-22 21:33 . 2008-04-22 21:35 <REP> d-------- C:\Users\yadine\AppData\Roaming\SecondLife
2008-04-22 21:32 . 2008-04-22 21:36 <REP> d-------- C:\Program Files\SecondLife
2008-04-21 20:10 . 2008-02-28 13:26 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll
2008-04-21 20:10 . 2008-02-28 13:01 774,144 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-04-21 20:09 . 2008-04-21 20:09 0 --a------ C:\Windows\Irremote.ini
2008-04-21 20:03 . 2008-04-21 20:03 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-04-21 20:03 . 2008-04-21 20:03 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-04-21 19:54 . 2008-04-21 20:20 <REP> d-------- C:\Users\yadine\AppData\Roaming\DeepBurner
2008-04-21 19:53 . 2008-04-21 19:53 <REP> d-------- C:\Program Files\Astonsoft
2008-04-21 19:13 . 2008-04-21 19:13 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-04-21 19:12 . 2008-04-21 19:12 <REP> d-------- C:\Users\yadine\AppData\Roaming\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\Users\All Users\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\ProgramData\Nero
2008-04-21 19:09 . 2008-04-21 20:11 <REP> d-------- C:\Program Files\Common Files\Nero
2008-04-20 14:12 . 2008-04-20 14:16 <REP> d-------- C:\Users\All Users\WLInstaller
2008-04-20 14:12 . 2008-04-20 14:16 <REP> d-------- C:\ProgramData\WLInstaller
2008-04-20 14:12 . 2008-04-20 14:20 <REP> d-------- C:\Program Files\Windows Live
2008-04-20 14:12 . 2008-04-20 14:18 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-20 13:54 . 2008-04-20 14:09 <REP> d-------- C:\Users\yadine\AppData\Roaming\Azureus
2008-04-20 13:54 . 2008-04-20 13:54 <REP> d-------- C:\Users\All Users\Azureus
2008-04-20 13:54 . 2008-04-20 13:54 <REP> d-------- C:\ProgramData\Azureus
2008-04-20 13:52 . 2008-04-21 06:04 <REP> d-------- C:\Program Files\Azureus
2008-04-20 13:20 . 2008-04-20 14:01 <REP> d-------- C:\Users\yadine\AppData\Roaming\BitTorrent
2008-04-20 13:20 . 2008-04-20 13:20 <REP> d-------- C:\Program Files\DNA
2008-04-20 10:48 . 2008-04-20 10:48 <REP> d-------- C:\Program Files\Yahoo!
2008-04-20 10:48 . 2008-04-20 10:48 <REP> d-------- C:\Program Files\CCleaner
2008-04-19 21:32 . 2008-04-19 21:32 <REP> d-------- C:\Users\yadine\AppData\Roaming\vlc
2008-04-19 21:31 . 2008-04-19 21:31 <REP> d-------- C:\Program Files\VideoLAN
2008-04-19 08:34 . 2008-04-19 08:34 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-04-19 08:34 . 2008-04-19 08:34 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-04-19 08:32 . 2008-04-19 08:32 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-04-19 08:32 . 2008-04-19 08:32 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-04-19 08:31 . 2008-04-19 08:31 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-04-19 08:31 . 2008-04-19 08:31 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-04-19 08:31 . 2008-04-19 08:31 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-04-19 08:31 . 2008-04-19 08:31 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-04-19 08:31 . 2008-04-19 08:31 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-04-19 08:30 . 2008-04-19 08:30 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-04-19 08:30 . 2008-04-19 08:30 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-04-19 08:30 . 2008-04-19 08:30 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-04-19 08:30 . 2008-04-19 08:30 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-04-19 08:30 . 2008-04-19 08:30 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-04-19 08:30 . 2008-04-19 08:30 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-04-19 08:30 . 2008-04-19 08:30 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-04-19 08:30 . 2008-04-19 08:30 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-04-19 08:29 . 2008-04-19 08:29 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-04-19 08:29 . 2008-04-19 08:29 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-04-19 08:29 . 2008-04-19 08:29 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-04-19 08:29 . 2008-04-19 08:29 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-04-19 08:29 . 2008-04-19 08:29 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-04-19 08:29 . 2008-04-19 08:29 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-04-19 08:27 . 2008-04-19 08:27 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-19 08:26 . 2008-04-19 08:26 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-19 08:26 . 2008-04-19 08:26 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-04-19 08:26 . 2008-04-19 08:26 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-04-19 08:26 . 2008-04-19 08:26 2,048 --a------ C:\Windows\System32\asferror.dll
2008-04-19 08:25 . 2008-04-19 08:25 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-04-19 08:25 . 2008-04-19 08:25 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-04-19 08:24 . 2008-04-19 08:24 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-04-19 08:24 . 2008-04-19 08:24 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-04-19 08:23 . 2008-04-19 08:23 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-04-19 08:22 . 2008-04-19 08:22 558,080 --a------ C:\Windows\System32\oleaut32.dll
2008-04-19 08:20 . 2008-04-19 08:20 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-19 08:20 . 2008-04-19 08:20 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-19 08:19 . 2008-04-19 08:19 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-04-19 08:19 . 2008-04-19 08:19 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-04-19 08:19 . 2008-04-19 08:19 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-04-19 08:19 . 2008-04-19 08:19 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-04-19 08:18 . 2008-04-19 08:18 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-04-19 08:14 . 2008-04-19 08:14 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-19 08:13 . 2008-04-19 08:13 2,048 --a------ C:\Windows\System32\tzres.dll
2008-04-18 20:09 . 2008-05-01 15:14 81,984 --a------ C:\Windows\System32\bdod.bin
2008-04-18 20:00 . 2008-05-01 15:15 <REP> d-------- C:\Program Files\Common Files\Softwin
2008-04-18 19:28 . 2008-04-18 19:28 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-04-18 19:28 . 2008-04-18 19:28 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-04-18 19:28 . 2008-04-18 19:28 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-04-18 19:28 . 2008-04-18 19:28 43,352 --a------ C:\Windows\System32\wups2.dll
2008-04-18 19:27 . 2008-04-18 19:27 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-04-18 19:27 . 2008-04-18 19:27 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-04-18 19:27 . 2008-04-18 19:27 33,624 --a------ C:\Windows\System32\wups.dll
2008-04-18 19:26 . 2008-04-18 19:26 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-04-18 19:26 . 2008-04-18 19:26 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\Users\All Users\eMule
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\ProgramData\eMule
2008-04-18 15:20 . 2008-04-18 15:20 <REP> d-------- C:\Program Files\eMule
2008-04-07 13:02 . 2008-04-07 13:02 <REP> d-------- C:\Program Files\Inventel
2008-04-03 17:54 . 2008-04-03 17:54 <REP> d-------- C:\Program Files\Maxis
2008-04-03 17:54 . 2008-04-03 17:54 531 --a------ C:\Windows\eReg.dat
2008-04-02 16:01 . 2008-04-02 16:01 <REP> d-------- C:\Users\yadine\AppData\Roaming\Template
2008-04-02 16:01 . 2008-04-02 16:01 0 --a------ C:\Users\yadine\AppData\Roaming\wklnhst.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 17:51 --------- d-----w C:\ProgramData\CyberLink
2008-04-21 04:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-19 07:39 --------- d-----w C:\Program Files\Electronic Arts
2008-04-19 06:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 06:48 --------- d-----w C:\Program Files\Windows Mail
2008-04-19 06:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-19 06:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-19 06:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-04-19 06:25 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-19 06:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-04-19 06:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-19 06:16 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-19 06:16 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-19 06:16 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-19 06:16 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-18 18:36 --------- d-----w C:\ProgramData\Symantec
2008-04-02 18:29 --------- d-----w C:\ProgramData\WildTangent
2008-04-01 16:11 --------- d-----w C:\Users\yadine\AppData\Roaming\Hewlett-Packard
2008-04-01 16:11 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-31 20:33 --------- d-----w C:\ProgramData\InterAction studios
2008-03-31 19:29 --------- d-----w C:\Users\yadine\AppData\Roaming\Magic Academy
2008-03-31 17:42 --------- d-----w C:\Users\yadine\AppData\Roaming\WildTangent
2008-03-31 17:42 --------- d-----w C:\Users\yadine\AppData\Roaming\PlayFirst
2008-03-31 17:20 --------- d-----w C:\Users\yadine\AppData\Roaming\Symantec
2008-03-31 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 17:13 --------- d-----w C:\ProgramData\Electronic Arts
2008-03-31 17:05 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Presario C700 Notebook PC_Y5335KV_0U_QCND8042Z28_E460270-051_4A_I30D9_SHP_V83.1F_F.23_T080103_WV2-0_L40C_M2038_J120_7Intel_8661_91.86_#071119_N10EC8139;168C001C_(GZ908EA#ABF)_XMOBILE_CN10_Z_2F.23.MRK
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Modèles
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Favoris
2008-03-31 17:03 --------- d-sh--w C:\ProgramData\Bureau
2008-03-31 17:03 --------- d-sh--w C:\Program Files\Fichiers communs
2007-11-19 04:00 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-19 08:23 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 17:10 1783136]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 19:22 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"yyjyrfho"="C:\ProgramData\yyjyrfho\krapqjqt.exe" [2008-05-01 11:42 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 14:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 14:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 14:43 137752]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-10-10 14:48 212992]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 16:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 20:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 17:05 202032]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 17:32 222504]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-19 05:19 1006264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 16:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-30 19:23 29744]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-01 13:04 1809408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-30 19:22:44 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E10F4CC8-9D7B-46D2-B302-4C400C3923AF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{54C52D65-32B5-4086-BB6D-39CC31B8BD68}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5FE552D3-08E9-4D0F-AFCE-8CB0214CB8D4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6CC6461B-BA5F-41EE-A062-EDA1DCA0751A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2824B9F3-40CF-4E81-B1AC-B16FB94C48D4}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{2E7E6BFB-1DCC-4141-AFAC-3A73749B8388}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F784F1A4-0796-48C8-BF45-0E1FDECB2D4F}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{F2C6EC66-86B0-4398-A117-AF0843A7D2DA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{DB574293-7568-4CAD-9D67-3F7F22A57210}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{C8CAB15F-7339-4641-BA8C-EAC15F1F7E75}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BEBEED25-A406-47CE-AD31-F871A52FEFF2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{22D7C8A9-781B-4CF6-BB46-397DED0CD26B}"= UDP:C:\Program Files\DNA\btdna.exe:D NA
"{2A6456D2-9093-4592-A666-8E1E5BD05130}"= TCP:C:\Program Files\DNA\btdna.exe:D NA
"{BF55007D-8C50-469C-956F-FF58CB2E3280}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DD0260DE-1E98-4801-9231-AB3BF09E3217}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{4755639F-149E-4720-B2BF-154B38F85E43}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{C4AE3490-9DF4-4844-BDDE-F611D1AB14E3}C:\\program files\\azureus\\azureus.exe"= Disabled:UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8F854CD5-6D42-4113-B151-E1BF90EABB19}C:\\program files\\azureus\\azureus.exe"= Disabled:TCP:C:\program files\azureus\azureus.exe:Azureus
"{5ECF18C1-93AF-47A0-BD1A-13363D5DB136}"= Disabled:UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{BF2F778A-1D2F-4A23-ADFD-337B8CA4C321}"= Disabled:TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{B1F2530A-F2B2-4D3F-A6C4-D3E7760053CE}C:\\program files\\utorrent\\utorrent.exe"= Disabled:UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{74740452-FBF1-44BB-98E8-5A78F4E1328C}C:\\program files\\utorrent\\utorrent.exe"= Disabled:TCP:C:\program files\utorrent\utorrent.exe:uTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-05-01 13:04]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 16:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 16:40]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 14:25]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 01:33]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-30 19:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME
*Newly Created Service* - SP_RSDRV2
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-30 18:34:15 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-30 14:40:17 C:\Windows\Tasks\User_Feed_Synchronization-{CA937A42-0DAB-4C5B-B432-45DA98B7E579}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 15:30:30
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-01 15:32:26
ComboFix-quarantined-files.txt 2008-05-01 13:32:04
ComboFix2.txt 2008-05-01 09:34:59

Pre-Run: 64,545,759,232 octets libres
Post-Run: 64,533,078,016 octets libres

300 --- E O F --- 2008-04-30 14:55:00






[#ff3800]voci le rapport hackthis suivant


[#0000ff]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:01, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\yvtmkyje\gtgfcnwv.exe
C:\ProgramData\shchizgx\ytixszyx.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [yvtmkyje] C:\ProgramData\yvtmkyje\gtgfcnwv.exe
O4 - HKCU\..\Run: [eM7rl3ne9w] C:\ProgramData\shchizgx\ytixszyx.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\yadine\AppData\Local\Temp\hgGvtsrs.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\yadine\AppData\Local\Temp\urqRJBRj.dll,c
O4 - HKCU\..\Run: [nsuqolqe] C:\ProgramData\nsuqolqe\ynsdonal.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [oabhlrcr] C:\ProgramData\oabhlrcr\relmrqly.exe
O4 - HKCU\..\Run: [55f2f944] rundll32.exe "C:\Users\yadine\AppData\Local\Temp\kteqhjxp.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12112 bytes
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS