Comment désinstaller Antivirus XP 2008 ?

Kal57 · Juillet 26, 2008, 1:43

Bonsoir, je voudrais savoir comment faire pour désinstaller le spyware Antivirus XP 2008 svp ? Car toutes les solutions que j’ai trouvées sur le net n’étaient pas très claires.
Edité le 27/07/2008 à 18:11

alain77310_1_1 · Juillet 26, 2008, 3:26

www.windowsvistaplace.com…

Kal57 · Juillet 26, 2008, 12:13

Voici le log de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:51, on 26/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = recherche.neuf.fr…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = recherche.neuf.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.mini15.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = recherche.neuf.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = recherche.neuf.fr…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM…\Run: [DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [NI.UGESV_0001_N122M2811] “C:\Users\Marc\Documents\My Completed Downloads\setup_fr.exe”
O4 - HKLM…\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [VolPanel] “C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe” /r
O4 - HKLM…\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM…\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM…\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU…\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU…\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU…\Run: [Veoh] “C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” /VeohHide
O4 - HKCU…\Run: [Creative MediaSource Go] “C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe” /SCB
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [s9201] “C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtc.exe” /autorun
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancer l’utilitaire d’enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - h20270.www2.hp.com…
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - marcbanzet.spaces.live.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - www.creative.com…
O17 - HKLM\System\CCS\Services\Tcpip…{AF112072-B5A4-44D3-B4C9-37643482D652}: NameServer = 192.168.1.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

–
End of file - 11601 bytes

Voici le rapport de Malwarebytes:

Malwarebytes’ Anti-Malware 1.23
Version de la base de données: 993
Windows 6.0.6000

12:01:43 26/07/2008
mbam-log-7-26-2008 (12-01-43).txt

Type de recherche: Examen complet (C:|)
Eléments examinés: 190024
Temps écoulé: 1 hour(s), 9 minute(s), 50 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtc.exe (Rogue.WinSpywareProtect) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.panel (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.panel.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.logic (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.logic.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BrowsingTool (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SoftLand Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\BASE (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\DELETED (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\SAVED (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080725234011951.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080726005456939.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080726011514844.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080726013301138.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SoftLand Ltd\Antivirus 2008 XP\LOG\20080726103835228.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtc.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Windows\System32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.

Et voilà le rapport de Combofix:

ComboFix 08-07-25.4 - Marc 2008-07-26 12:04:53.1 - NTFSx86
Microsoft® Windows Vista Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.971 [GMT 2:00]
Endroit: C:\Users\Marc\Downloads\ComboFix.exe

Création d’un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adssite Games Collection
C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adssite Games Collection\BobAndBill.exe
C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
C:\Program Files\Adssite Games Collection\Lines.exe
C:\Program Files\Adssite Games Collection\uninstall.exe
C:\Program Files\Adssite Games Collection\VideoPool.exe
C:\Users\Marc\AppData\Roaming\inst.exe
C:\Windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-26 to 2008-07-26 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 08:50 --------- d-----w C:\Users\Marc\AppData\Roaming\Malwarebytes
2008-07-26 08:50 --------- d-----w C:\ProgramData\Malwarebytes
2008-07-26 08:50 --------- d-----w C:\Program Files\Malwarebytes’ Anti-Malware
2008-07-26 08:38 --------- d—a-w C:\ProgramData\TEMP
2008-07-26 08:38 --------- d-----w C:\Users\Marc\AppData\Roaming\OpenOffice.org2
2008-07-25 22:55 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-25 22:32 --------- d-----w C:\Program Files\Trend Micro
2008-07-25 22:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-23 18:09 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-23 18:09 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-21 21:16 --------- d-----w C:\Program Files\LimeWire Turbo Accelerator
2008-07-21 18:46 --------- d-----w C:\ProgramData\FLEXnet
2008-07-21 18:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-21 18:30 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-21 18:29 --------- d-----w C:\Users\Marc\AppData\Roaming\LimeWire
2008-07-21 14:50 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-07-21 14:46 --------- d-----w C:\Program Files\GOA
2008-07-20 12:07 --------- d-----w C:\Program Files\VSO
2008-07-20 11:56 --------- d-----w C:\Users\Marc\AppData\Roaming\Vso
2008-07-19 12:03 --------- d-----w C:\Users\Marc\AppData\Roaming\gtk-2.0
2008-07-18 17:03 --------- d-----w C:\Program Files\SRT to SSA
2008-07-18 17:01 --------- d-----w C:\Program Files\VirtualDub
2008-07-17 09:02 --------- d-----w C:\Program Files\iTunes
2008-07-17 09:01 --------- d-----w C:\Program Files\iPod
2008-07-17 09:00 --------- d-----w C:\Program Files\QuickTime
2008-07-11 11:44 --------- d-----w C:\ProgramData\Apple Computer
2008-07-11 11:42 --------- d-----w C:\ProgramData\QuickTime
2008-07-11 11:26 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-07-09 10:57 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-09 10:57 --------- d-----w C:\Program Files\MagicTune Premium
2008-07-09 10:55 --------- d-----w C:\Program Files\SEC
2008-07-09 10:24 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 09:39 --------- d-----w C:\Program Files\Windows Mail
2008-07-06 11:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-02 16:22 201,728 ----a-w C:\Windows\System32\im_screensaver.scr
2008-07-02 16:19 201,728 ----a-w C:\Windows\System32\tdk-screensaver-a03.scr
2008-06-27 17:54 --------- d-----w C:\Users\Marc\AppData\Roaming\SystemRequirementsLab
2008-06-27 17:54 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-27 17:46 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-08 13:00 --------- d-----w C:\Program Files\DivX
2008-06-04 12:44 --------- d-----w C:\Users\Marc\AppData\Roaming\Creative
2008-06-04 12:44 --------- d-----w C:\ProgramData\Creative
2008-06-04 12:12 --------- d-----w C:\Program Files\Creative
2008-06-04 12:09 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-06-04 12:09 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-06-04 11:49 --------- d–h--w C:\Program Files\Creative Installation Information
2008-06-04 11:47 --------- d-----w C:\Program Files\Common Files\Creative
2008-06-04 09:15 --------- d-----w C:\Program Files\OpenAL
2008-06-04 08:55 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-31 17:29 --------- d-----w C:\Users\Marc\AppData\Roaming\Apple Computer
2008-05-31 13:59 --------- d-----w C:\Program Files\Antadis
2008-05-31 13:17 --------- d-----w C:\Users\Marc\AppData\Roaming\CVitae
2008-05-31 08:22 --------- d-----w C:\Program Files\Red Kawa
2008-05-31 08:22 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-29 14:38 --------- d-----w C:\ProgramData\eMule
2008-05-28 10:43 --------- d-----w C:\Program Files\AllFive XP
2008-05-27 21:42 --------- d-----w C:\Program Files\Snowball
2008-05-27 21:40 --------- d-----w C:\Program Files\The One Ring 3D Screensaver
2008-05-27 09:32 --------- d-----w C:\Program Files\Bonjour
2008-05-27 09:31 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-26 15:35 --------- d-----w C:\Program Files\Xtream JawBreaker
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-04-29 09:00 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 14:52 22,328 ----a-w C:\Users\Marc\AppData\Roaming\PnkBstrK.sys
2008-04-14 08:55 47,360 ----a-w C:\Users\Marc\AppData\Roaming\pcouffin.sys
2008-02-15 11:16 0 ----a-w C:\Program Files\konami.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-20 12:50 1232896]
“LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-06-20 13:49 451872]
“MsnMsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 12:34 5724184]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-01-25 19:52 171448]
“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2006-11-02 14:35 125440]
“Veoh”=“C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” [2008-04-01 18:35 3587120]
“Creative MediaSource Go”=“C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe” [2006-11-09 10:19 204800]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2008-07-07 09:42 2156368]
“WindowsWelcomeCenter”=“oobefldr.dll” [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“JMB36X IDE Setup”=“C:\Windows\RaidTool\xInsIDE.exe” [2007-03-20 08:36 36864]
“DownloadAccelerator”=“C:\Program Files\DAP\DAP.EXE” [2008-01-19 21:47 4576768]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2007-12-11 18:06 86016]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2007-12-11 18:06 8530464]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2007-12-11 18:06 81920]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-02-03 15:52 185896]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-07-17 18:46 266497]
“DXM6Patch_981116”=“C:\Windows\p_981116.exe” [1998-11-30 19:04 497376]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-12-10 21:52 49152]
“VolPanel”=“C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe” [2006-12-06 18:10 180224]
“UpdReg”=“C:\Windows\UpdReg.EXE” [2000-05-11 01:00 90112]
“AppleSyncNotifier”=“C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2008-07-10 09:47 116040]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-05-27 10:50 413696]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2008-07-10 10:51 289064]
“CTHelper”=“CTHELPER.EXE” [2008-02-20 20:58 19456 C:\Windows\System32\CTHELPER.EXE]
“CTxfiHlp”=“CTXFIHLP.EXE” [2008-02-20 20:58 19968 C:\Windows\System32\CTXFIHLP.EXE]
“CTXFIREG”=“CTxfiReg.exe” [2008-02-20 20:55 43520 C:\Windows\System32\CTXFIREG.EXE]

C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2008-07-09 12:57:24 36864]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Lancer l’utilitaire d’enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-01-20 01:51:28 1175552]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-07-09 12:55:34 49220]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{4FB55868-7308-485C-9310-9244EDB37272}”= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{93D78EB6-0550-42E2-8F91-77E5823111BF}”= UDP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP)
“{61180429-E9A8-4CD2-9DF5-AF8B74F7A394}”= TCP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP)
“{6B4531BB-B7CA-4413-961E-6A688D4F2B64}”= C:\Program Files\WiFiConnector\NintendoWFCReg.exe:Connecteur Wi-Fi USB Nintendo
“{03BBD1D0-7FA8-4120-9A6C-1619170D8C8B}”= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
“{53976A55-367B-4EB8-9EF4-6F3B1A26EAB8}”= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
“TCP Query User{5351EC21-FC07-4894-93BF-4035D012D4F8}C:\program files\veoh networks\veoh\veohclient.exe”= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
“UDP Query User{25F16E32-706B-4019-A5E7-FCB84361F805}C:\program files\veoh networks\veoh\veohclient.exe”= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
“TCP Query User{256A7FE0-5C6E-488E-988D-FE7D5CE7EDEB}C:\program files\mozilla firefox\firefox.exe”= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
“UDP Query User{AD058208-83BB-4447-9A71-C8094B985012}C:\program files\mozilla firefox\firefox.exe”= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
“TCP Query User{998EA900-5CED-4CD5-B8EE-1EAA0A6BC417}C:\program files\windows sidebar\sidebar.exe”= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
“UDP Query User{7002D746-A009-4594-8744-843FE1D6EB2F}C:\program files\windows sidebar\sidebar.exe”= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
“TCP Query User{76320452-68CE-43D8-BF47-5A1205B7EBBD}C:\program files\limewire\limewire.exe”= UDP:C:\program files\limewire\limewire.exe:LimeWire
“UDP Query User{C90B7948-14A4-4A7A-85B7-F1BCD866BA92}C:\program files\limewire\limewire.exe”= TCP:C:\program files\limewire\limewire.exe:LimeWire
“{B217AAF0-ACE3-4EA5-A88B-0934BACF790F}”= UDP:C:\Program Files\Ubisoft\Tom Clancy’s Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
“{2179653C-E979-499A-8D07-F5F03F5CF1E2}”= TCP:C:\Program Files\Ubisoft\Tom Clancy’s Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
“{DCDE9219-6BFE-4F4A-9844-E6DEEF775A41}”= UDP:C:\Program Files\Ubisoft\Tom Clancy’s Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
“{6ED655DA-3705-4353-8BE8-9FAD274D4155}”= TCP:C:\Program Files\Ubisoft\Tom Clancy’s Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
“{345EAF1E-91DE-4499-84A9-A2B8652FA579}”= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
“{ED744C52-86DB-4728-B5FD-C208E40D4311}”= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
“{A9F9E918-2741-480D-A623-216148E3A004}”= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
“{19D11C58-D7ED-408E-8264-F9E2A4D7A443}”= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
“{FEAAB6EB-3B4D-48DC-A690-A34DB8B517A6}”= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{9C2D3601-8903-4394-B5ED-9BFB0A6A19FD}”= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{1663C64D-E5CA-4435-AAF5-3B729369F6D5}”= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{EF104A5F-61D6-4815-83FF-84A03D9CDBE0}”= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“TCP Query User{D4F29E4B-50D8-43F7-8893-A3D3E789F37B}C:\program files\emule\emule.exe”= UDP:C:\program files\emule\emule.exe:eMule
“UDP Query User{174B2760-62E3-407C-8767-F178B7CC6B22}C:\program files\emule\emule.exe”= TCP:C:\program files\emule\emule.exe:eMule
“{83BFAC50-9198-4770-AC52-0614ABF83CF3}”= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
“{B4C80DCB-85DA-4FEF-A482-74F5B412BEDC}”= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
“TCP Query User{F52831CA-8838-4378-A290-BE6694F816DE}C:\users\marc\documents\my completed downloads\wow-frfr-installer-downloader.exe”= UDP:C:\users\marc\documents\my completed downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
“UDP Query User{A9E69A66-21CE-4FC7-B02F-79BFC6DE5289}C:\users\marc\documents\my completed downloads\wow-frfr-installer-downloader.exe”= TCP:C:\users\marc\documents\my completed downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
“TCP Query User{82F4EC03-FEA7-4ABC-B056-6640A2C20716}C:\program files\real\realplayer\realplay.exe”= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
“UDP Query User{FEA2BFC5-88E8-4148-9187-9A5B3A6D32AC}C:\program files\real\realplayer\realplay.exe”= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
“{889F2CCF-DD5D-4752-B562-D3CE3F58E5DB}”= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
“{787B8E53-7E6D-4E06-88DE-B33AA371C3C4}”= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-23 21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Newly Created Service - CATCHME
Newly Created Service - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”
.

- - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Configuration de la neuf Box - C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
HKLM-Run-NI.UGESV_0001_N122M2811 - C:\Users\Marc\Documents\My Completed Downloads\setup_fr.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = google.mini15.com…
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O17 -: HKLM\CCS\Interface{AF112072-B5A4-44D3-B4C9-37643482D652}: NameServer = 192.168.1.1
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-07-26 12:08:30
Windows 6.0.6000 NTFS

Balayage processus cachés …

Balayage caché autostart entries …

Balayage des fichiers cachés …

Scan terminé avec succès
Les fichiers cachés: 0

.
Temps d’accomplissement: 2008-07-26 12:10:57
ComboFix-quarantined-files.txt 2008-07-26 10:09:58

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 79,932,497,920 octets libres

234 — E O F — 2008-07-25 08:03:35

guigui14100 · Juillet 26, 2008, 6:58

Sa a fait un peu de vide

[quote=""]
C:\Windows\System32\im_screensaver.scr
C:\Windows\System32\tdk-screensaver-a03.scr
C:\Windows\System32\NlsLexicons0024.dll
C:\Windows\System32\NlsLexicons000a.dll
C:\Program Files\konami.dat
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Users\Marc\Documents\My Completed Downloads\setup_fr.exe
C:\PROGRA~1\DAP\dapie.dll
C:\PROGRA~1\DAP\dapie.dll[/quote
Uplaod ces fichier sur virus total et colle les rapport en précisant le nom du fichier
Edité le 26/07/2008 à 18:59

Kal57 · Juillet 27, 2008, 1:15

C:\Windows\System32\im_screensaver.scr

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 1fe27f4a352924ba787b290c4697f8e8
SHA1: fa68b0b38c1e62a59fd3295538dbe917bbf31c58
SHA256: 471477fd0fd9de2c2b954be9e74a61adb45a949ff6072effde98f046ffb1d2bc
SHA512: f3c647d163c284ac36abe940b9de73de2ccd15820adca2b5118f58fef4155876c855eba47ba4eca775c766e41b14c8daf6b6bf3288adb7fb9bf84de4ddc3f193

C:\Windows\System32\tdk-screensaver-a03.scr

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Bad Parent Associations
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 681c331810c271e2ff28be9f1a0d5123
SHA1: d2abe5eb4852ab5acf742d0055b8505da8b87a26
SHA256: dcc0b0befddfb476b66e84c07b32407d4b9e8937fa7d452fd980b82f646e742d
SHA512: 68aaa93d562843f8069413805c590814a68064925366d8a5e538a93f4564fd90b1d0d75fbdc83a1732b0cdf95a6bef7882ca2932a8a32ef8362c7a43858414cc

C:\Windows\System32\NlsLexicons0024.dll

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.26.0 2008.07.27 -
AntiVir 7.8.1.12 2008.07.26 -
Authentium 5.1.0.4 2008.07.27 -
Avast 4.8.1195.0 2008.07.26 -
AVG 8.0.0.130 2008.07.26 -
BitDefender 7.2 2008.07.27 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.27 -
DrWeb 4.44.0.09170 2008.07.27 -
eSafe 7.0.17.0 2008.07.24 -
eTrust-Vet 31.6.5983 2008.07.26 -
Ewido 4.0 2008.07.27 -
F-Prot 4.4.4.56 2008.07.26 -
F-Secure 7.60.13501.0 2008.07.27 -
Fortinet 3.14.0.0 2008.07.26 -
GData 2.0.7306.1023 2008.07.27 -
Ikarus T3.1.1.34.0 2008.07.27 -
Kaspersky 7.0.0.125 2008.07.27 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.27 -
NOD32v2 3301 2008.07.27 -
Norman 5.80.02 2008.07.25 -
Panda 9.0.0.4 2008.07.27 -
PCTools 4.4.2.0 2008.07.26 -
Prevx1 V2 2008.07.27 -
Rising 20.54.61.00 2008.07.27 -
Sophos 4.31.0 2008.07.27 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.27 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.26 -
VBA32 3.12.8.1 2008.07.26 -
ViRobot 2008.7.26.1311 2008.07.26 -
VirusBuster 4.5.11.0 2008.07.26 -
Webwasher-Gateway 6.6.2 2008.07.27 -
Information additionnelle
File size: 7964672 bytes
MD5…: 5d9b7446a72b8ceb5c4b8bc1b0d51997
SHA1…: 6ba2a03865bf240308aef890f46f8c44c32872bd
SHA256: 8644f5c47cc908b200e9d6428da5ded6e1388ac7663126788be320c240f8487c
SHA512: e9ca1fc8299f733eb44802d8103e84c6511ddc62d25eccfe7243dafd3a31d419
1c435e2e6f945cf985c275796d42d74fd0d75ea4821d68fd562e4e8cf24ae13b
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x400000
timedatestamp…: 0x4862e41f (Thu Jun 26 00:34:39 2008)
machinetype…: 0x14c (I386)

( 1 sections )
name viradd virsiz rawdsiz ntrpy md5
.rsrc 0x1000 0x7984a8 0x798600 6.74 72650cd103212bf197c6ccc38e44c837

( 0 imports )

( 0 exports )

C:\Windows\System32\NlsLexicons000a.dll

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.26.0 2008.07.27 -
AntiVir 7.8.1.12 2008.07.26 -
Authentium 5.1.0.4 2008.07.27 -
Avast 4.8.1195.0 2008.07.26 -
AVG 8.0.0.130 2008.07.26 -
BitDefender 7.2 2008.07.27 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.27 -
DrWeb 4.44.0.09170 2008.07.27 -
eSafe 7.0.17.0 2008.07.24 -
eTrust-Vet 31.6.5983 2008.07.26 -
Ewido 4.0 2008.07.27 -
F-Prot 4.4.4.56 2008.07.26 -
F-Secure 7.60.13501.0 2008.07.27 -
Fortinet 3.14.0.0 2008.07.26 -
GData 2.0.7306.1023 2008.07.27 -
Ikarus T3.1.1.34.0 2008.07.27 -
Kaspersky 7.0.0.125 2008.07.27 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.27 -
NOD32v2 3301 2008.07.27 -
Norman 5.80.02 2008.07.25 -
Panda 9.0.0.4 2008.07.27 -
PCTools 4.4.2.0 2008.07.26 -
Prevx1 V2 2008.07.27 -
Rising 20.54.61.00 2008.07.27 -
Sophos 4.31.0 2008.07.27 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.27 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.26 -
VBA32 3.12.8.1 2008.07.26 -
ViRobot 2008.7.26.1311 2008.07.26 -
VirusBuster 4.5.11.0 2008.07.26 -
Webwasher-Gateway 6.6.2 2008.07.27 -
Information additionnelle
File size: 9892864 bytes
MD5…: fe54776ad2a49cbc29b836cc2beebcbf
SHA1…: 3f8c5e6f48fe8548b27031cbbd346b281046e73a
SHA256: 8cb8bafa5f9a587436e84fcbb113a7fe36df85e208dac313126930ce6df8cded
SHA512: 8ca39d59deb787d2e2acb170f8c156b9da0db8d727c0550223b649e03097089b
6dcc958d122a25a69050f6c48ecb59b4e5eebb83120235d6ecde2829b516cc0d
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x400000
timedatestamp…: 0x4862e3e3 (Thu Jun 26 00:33:39 2008)
machinetype…: 0x14c (I386)

( 1 sections )
name viradd virsiz rawdsiz ntrpy md5
.rsrc 0x1000 0x96f130 0x96f200 5.47 e64eb3b72efa7d9d95f262cb9a6924c8

( 0 imports )

( 0 exports )

C:\Program Files\konami.dat

Pour celui là ça va pas car il fait 0 octets.

C:\Program Files\MagicTune Premium\GammaTray.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.30.1 2008.05.30 -
AntiVir 7.8.0.26 2008.06.01 -
Authentium 5.1.0.4 2008.06.01 -
Avast 4.8.1195.0 2008.06.01 -
AVG 7.5.0.516 2008.06.01 -
BitDefender 7.2 2008.06.02 -
CAT-QuickHeal 9.50 2008.05.31 -
ClamAV 0.92.1 2008.06.02 -
DrWeb 4.44.0.09170 2008.06.01 -
eSafe 7.0.15.0 2008.06.01 -
eTrust-Vet 31.4.5837 2008.05.30 -
Ewido 4.0 2008.06.01 -
F-Prot 4.4.4.56 2008.06.01 -
F-Secure 6.70.13260.0 2008.06.02 -
Fortinet 3.14.0.0 2008.06.02 -
GData 2.0.7306.1023 2008.06.02 -
Ikarus T3.1.1.26.0 2008.06.02 -
Kaspersky 7.0.0.125 2008.06.02 -
McAfee 5307 2008.05.30 -
Microsoft 1.3520 2008.06.02 -
NOD32v2 3150 2008.06.01 -
Norman 5.80.02 2008.05.30 -
Panda 9.0.0.4 2008.06.01 -
Prevx1 V2 2008.06.02 -
Rising 20.47.00.00 2008.06.02 -
Sophos 4.29.0 2008.06.02 -
Sunbelt 3.0.1139.1 2008.05.29 -
Symantec 10 2008.06.02 -
TheHacker 6.2.92.331 2008.06.02 -
VBA32 3.12.6.6 2008.06.01 -
VirusBuster 4.3.26:9 2008.06.01 -
Webwasher-Gateway 6.6.2 2008.06.01 -
Information additionnelle
File size: 36864 bytes
MD5…: e8f8c367b07e2212adbccdc2594446f1
SHA1…: 1f9a12c3364172ccab48d00ac30aeebd7c8e3bb2
SHA256: b812ea16c6f5845836ed365488a8315c9cee5da52c95b4bd8065787386a93dfd
SHA512: f30940f17c2c49ad4dd8fce4a1efd92b714712936467fabbb293c8620621f58c
a6f3e6148046e2641d194e86d735004f9a79032f877c61cb5b29a1488c04789c
PEiD…: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40359a
timedatestamp…: 0x45ab2ad4 (Mon Jan 15 07:18:44 2007)
machinetype…: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2a22 0x3000 5.59 5c4a0a901811552b7b5bd8ee3dec7073
.rdata 0x4000 0x1270 0x2000 3.31 530baa8725264adbe6b1265a41bc11c1
.data 0x6000 0x3b0 0x1000 1.10 c5a7eeddfd6b8089e4f954ae09e56ff4
.rsrc 0x7000 0x1550 0x2000 2.82 74fa208642ae561bbfdcd3381e79c421

( 7 imports )

MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
MSVCRT.dll: __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, _setmbcp, __CxxFrameHandler, atof, _ftol, __dllonexit, _onexit, _except_handler3, _terminate@@YAXXZ, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _controlfp
KERNEL32.dll: GetStartupInfoA, lstrcpynA, GetModuleHandleA, GetProcAddress, GetVersion, GetVersionExA
USER32.dll: OffsetRect, CopyRect, GetWindowPlacement, GetWindowRect, GetSystemMetrics, GetCursorPos, IntersectRect, TrackPopupMenu, PostMessageA, LoadMenuA, GetSubMenu, SetMenuDefaultItem, KillTimer, LoadIconA, SetForegroundWindow, SystemParametersInfoA, EnableWindow, IsIconic
GDI32.dll: SetDeviceGammaRamp, GetDCOrgEx, GetClipBox, CreateDCA
ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
SHELL32.dll: Shell_NotifyIconA

( 0 exports )

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.26.0 2008.07.27 -
AntiVir 7.8.1.12 2008.07.26 -
Authentium 5.1.0.4 2008.07.27 -
Avast 4.8.1195.0 2008.07.26 -
AVG 8.0.0.130 2008.07.26 -
BitDefender 7.2 2008.07.27 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.27 -
DrWeb 4.44.0.09170 2008.07.27 -
eSafe 7.0.17.0 2008.07.24 -
eTrust-Vet 31.6.5983 2008.07.26 -
Ewido 4.0 2008.07.27 -
F-Prot 4.4.4.56 2008.07.26 -
F-Secure 7.60.13501.0 2008.07.27 -
Fortinet 3.14.0.0 2008.07.26 -
GData 2.0.7306.1023 2008.07.27 -
Ikarus T3.1.1.34.0 2008.07.27 -
Kaspersky 7.0.0.125 2008.07.27 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.27 -
NOD32v2 3301 2008.07.27 -
Norman 5.80.02 2008.07.25 -
Panda 9.0.0.4 2008.07.27 -
PCTools 4.4.2.0 2008.07.26 -
Prevx1 V2 2008.07.27 -
Rising 20.54.61.00 2008.07.27 -
Sophos 4.31.0 2008.07.27 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.27 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.26 -
VBA32 3.12.8.1 2008.07.26 -
ViRobot 2008.7.26.1311 2008.07.26 -
VirusBuster 4.5.11.0 2008.07.26 -
Webwasher-Gateway 6.6.2 2008.07.27 -
Information additionnelle
File size: 49220 bytes
MD5…: b17e1702dc1dac26c17a917a1e255843
SHA1…: 579ec2c36b37f8e1202a0dc99ca4869e28269f2b
SHA256: 038c217acaf726f493261597d7b2d458de3b26d0c0ad2e180a0cae4419a7e9ab
SHA512: 4288d9522fcb12f41ed447feed90ba0742f42a0862b5f6d7c1e210e25dab588c
81a0937a5f026d6e31c72a0f4abc4425cce104bbb513e27939ad39dc46ecf587
PEiD…: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x404d32
timedatestamp…: 0x4439ec02 (Mon Apr 10 05:24:18 2006)
machinetype…: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x45e5 0x5000 5.59 98388777252bf0f3e6f441974fe8bbab
.rdata 0x6000 0x1996 0x2000 4.19 1372f46f51ab98aa6ee17e5321fbbef1
.data 0x8000 0x448 0x1000 1.19 23e7a2a187c7d866681efe8a36534855
.rsrc 0x9000 0x2820 0x3000 3.11 7d75c45a28005be7c590a46631147881

( 7 imports )

MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
MSVCRT.dll: __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, _setmbcp, __CxxFrameHandler, _mbscmp, atof, _ftol, _CIpow, _except_handler3, _terminate@@YAXXZ, __dllonexit, _onexit, __1type_info@@UAE@XZ, _exit, _XcptFilter, exit, _controlfp
KERNEL32.dll: GetStartupInfoA, LoadLibraryA, lstrlenA, GetModuleFileNameA, lstrcpynA, GetModuleHandleA, GetProcAddress, GetVersionExA, GetUserDefaultLangID, GetVersion
USER32.dll: IsIconic, SystemParametersInfoA, IntersectRect, OffsetRect, CopyRect, SetForegroundWindow, ModifyMenuA, RemoveMenu, GetWindowPlacement, PostMessageA, GetMenuItemID, SendMessageA, LoadMenuA, GetSubMenu, SetMenuDefaultItem, KillTimer, SetTimer, EnableWindow, GetCursorPos, TrackPopupMenu, GetSystemMetrics, LoadIconA, GetWindowRect
GDI32.dll: CreateDCA, SetDeviceGammaRamp, GetDCOrgEx, GetClipBox
ADVAPI32.dll: RegEnumKeyExA, RegDeleteKeyA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey
SHELL32.dll: ShellExecuteA, Shell_NotifyIconA

( 0 exports )

C:\Users\Marc\Documents\My Completed Downloads\setup_fr.exe

Celui-là n’est plus là, il a dû être supprimé.

C:\PROGRA~1\DAP\dapie.dll

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - not-a-virus:AdTool.Win32.MyWebSearch.bk
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 44880b2be6ca71b66b0f6db3a43504c4
SHA1: 7d07e6bf620010684de9cd9c7e4d3fe5d91a6f1d
SHA256: 85144290b14471148cbf5b3e4e32355b98d2f46efad714036afdc268cd26601d
SHA512: ecf15a4afa7ccda1075b136d6db928325780c1a07d425be059e3b9697ef8cc2b4a834fcf2e3d07c23ba0a23a61ccf82ff12709750495845654184351b90182d3

guigui14100 · Juillet 27, 2008, 1:41

Désactive tes protections
Enregistre le sous le nom de CFScript.txt au même endroit que combofix
Puis fait glisser le fichier sur l’icone de combofix

Aprés fait un scan avec housecall

Kal57 · Juillet 27, 2008, 5:18

Je fais comment pour l’enregistrer sous ce nom car je le trouve pas ? Au passage je n’ai plus de nouvelles de ce malware depuis quelques temps, est-ce que ça veut dire qu’il a été supprimé par un de mes autres logiciels (Antivir ou Spybot par exemple) ? Parce qu’avant il n’arrêtait pas de m’envoyer de fausses alertes et de me demander si je voulais payer la version complète et il avait toujours une icône qui s’affichait dans la barre des taches quand je démarrais mon PC, ce qui n’est plus le cas maintenant.

guigui14100 · Juillet 27, 2008, 5:23

Ta juste a cliquer sur le nom du fichier il va se télecharger.

C’est malwarebytes qui a effacer l’infection

Kal57 · Juillet 27, 2008, 5:53

Voici le rapport de combofix:

ComboFix 08-07-25.4 - Marc 2008-07-27 17:35:54.2 - NTFSx86
Microsoft® Windows Vista Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1014 [GMT 2:00]
Endroit: C:\Users\Marc\Desktop\ComboFix.exe
Command switches used :: C:\Users\Marc\Desktop\CFScript.txt

Création d’un nouveau point de restauration

FILE ::
C:\PROGRA~1\DAP\dapie.dll
C:\Windows\System32\im_screensaver.scr
C:\Windows\System32\tdk-screensaver-a03.scr
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~1\DAP\dapie.dll
C:\Windows\System32\im_screensaver.scr
C:\Windows\System32\tdk-screensaver-a03.scr

.
((((((((((((((((((((((((((((( Fichiers cr??s 2008-06-27 to 2008-07-27 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr?? dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 15:41 --------- d—a-w C:\ProgramData\TEMP
2008-07-27 15:36 --------- d-----w C:\Program Files\DAP
2008-07-27 14:41 --------- d-----w C:\Users\Marc\AppData\Roaming\OpenOffice.org2
2008-07-26 08:50 --------- d-----w C:\Users\Marc\AppData\Roaming\Malwarebytes
2008-07-26 08:50 --------- d-----w C:\ProgramData\Malwarebytes
2008-07-26 08:50 --------- d-----w C:\Program Files\Malwarebytes’ Anti-Malware
2008-07-25 22:55 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-25 22:32 --------- d-----w C:\Program Files\Trend Micro
2008-07-25 22:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-23 18:09 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-23 18:09 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-21 21:16 --------- d-----w C:\Program Files\LimeWire Turbo Accelerator
2008-07-21 18:46 --------- d-----w C:\ProgramData\FLEXnet
2008-07-21 18:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-21 18:30 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-21 18:29 --------- d-----w C:\Users\Marc\AppData\Roaming\LimeWire
2008-07-21 14:50 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-07-21 14:46 --------- d-----w C:\Program Files\GOA
2008-07-20 12:07 --------- d-----w C:\Program Files\VSO
2008-07-20 11:56 --------- d-----w C:\Users\Marc\AppData\Roaming\Vso
2008-07-19 12:03 --------- d-----w C:\Users\Marc\AppData\Roaming\gtk-2.0
2008-07-18 17:03 --------- d-----w C:\Program Files\SRT to SSA
2008-07-18 17:01 --------- d-----w C:\Program Files\VirtualDub
2008-07-17 09:02 --------- d-----w C:\Program Files\iTunes
2008-07-17 09:01 --------- d-----w C:\Program Files\iPod
2008-07-17 09:00 --------- d-----w C:\Program Files\QuickTime
2008-07-11 11:44 --------- d-----w C:\ProgramData\Apple Computer
2008-07-11 11:42 --------- d-----w C:\ProgramData\QuickTime
2008-07-09 10:57 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-09 10:57 --------- d-----w C:\Program Files\MagicTune Premium
2008-07-09 10:55 --------- d-----w C:\Program Files\SEC
2008-07-09 10:24 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 09:39 --------- d-----w C:\Program Files\Windows Mail
2008-07-06 11:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-27 17:54 --------- d-----w C:\Users\Marc\AppData\Roaming\SystemRequirementsLab
2008-06-27 17:54 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-27 17:46 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-06-08 13:00 --------- d-----w C:\Program Files\DivX
2008-06-04 12:44 --------- d-----w C:\Users\Marc\AppData\Roaming\Creative
2008-06-04 12:44 --------- d-----w C:\ProgramData\Creative
2008-06-04 12:12 --------- d-----w C:\Program Files\Creative
2008-06-04 11:49 --------- d–h--w C:\Program Files\Creative Installation Information
2008-06-04 11:47 --------- d-----w C:\Program Files\Common Files\Creative
2008-06-04 09:15 --------- d-----w C:\Program Files\OpenAL
2008-06-04 08:55 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-31 17:29 --------- d-----w C:\Users\Marc\AppData\Roaming\Apple Computer
2008-05-31 13:59 --------- d-----w C:\Program Files\Antadis
2008-05-31 13:17 --------- d-----w C:\Users\Marc\AppData\Roaming\CVitae
2008-05-31 08:22 --------- d-----w C:\Program Files\Red Kawa
2008-05-31 08:22 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-29 14:38 --------- d-----w C:\ProgramData\eMule
2008-05-28 10:43 --------- d-----w C:\Program Files\AllFive XP
2008-05-27 21:42 --------- d-----w C:\Program Files\Snowball
2008-05-27 21:40 --------- d-----w C:\Program Files\The One Ring 3D Screensaver
2008-05-27 09:32 --------- d-----w C:\Program Files\Bonjour
2008-05-27 09:31 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-25 14:52 22,328 ----a-w C:\Users\Marc\AppData\Roaming\PnkBstrK.sys
2008-04-14 08:55 47,360 ----a-w C:\Users\Marc\AppData\Roaming\pcouffin.sys
2008-02-15 11:16 0 ----a-w C:\Program Files\konami.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-26_12.09.13.42 )))))))))))))))))))))))))))))))))))))))))
.

2008-07-26 08:39:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

2008-07-27 15:41:34 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
2008-07-27 15:41:34 262,144 —ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

2008-07-26 08:39:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

2008-07-27 15:41:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
2008-07-27 15:41:34 262,144 —ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

2008-07-26 08:37:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-07-27 09:51:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-07-26 08:37:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-07-27 09:51:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-07-26 08:37:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2008-07-27 09:51:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2008-07-26 08:40:02 7,644 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1909297127-1544069100-4223941699-1000_UserData.bin

2008-07-27 14:42:47 7,660 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1909297127-1544069100-4223941699-1000_UserData.bin

2008-07-26 08:40:02 61,162 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

2008-07-27 14:42:47 61,334 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

2008-07-26 08:40:01 46,452 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

2008-07-27 14:42:46 46,500 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les ?l?ments vides & les ?l?ments initiaux l?gitimes ne sont pas list?s