Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le diagnostic)


  • Please log in to reply
1 reply to this topic

#1 Am0

Am0

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 10 October 2008 - 11:55 PM

Bonjous smile.gif

Voila depuis peu je constate que mon antivirus :
Avast edition free constate un virus quand je vais sur ce site : <hxxp://www.ewallpapers.eu/>
Quand je choisis une image et que je click sur download, il met met :
Multi:BinaryIframe
Virus/Ver
081010-0,10/10/2008
Alors je ne sais pas d'ou cela viens car si j'affiche l'image et que je fais enregistrer-sous,
ca fonctionne donc je ne comprend pas est-ce un bug, ou bien suis-je infecté ?

Par la même ocasion, je vous montre le scan obtenu par Hijack ;)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:44:33, on 11/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Am0\AppData\Roaming\Maxthon2\Maxthon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitdefender.com
O15 - Trusted Zone: http://maps.google.fr
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://192.244.211.94/kxhcm10.ocx
O16 - DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} (AxisRTPSrcFilter) - http://nydalakameran.net.umea.se/activex/AMC.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/framework/lib/objimageuploader/html_include/5.1.1.0/ImageUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://212.92.19.221/activex/AMC.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50E16A10-A045-404C-A632-029E1CD0B2F8}: NameServer = 89.2.0.1,89.2.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9173 bytes
Par la même ocasion, voici le rapport obtenu avec Combofix ;)
ComboFix 08-10-10.09 - Am0 2008-10-11 7:02:22.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1195 [GMT 2:00]
Lancé depuis: C:\Users\Am0\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-11 au 2008-10-11 ))))))))))))))))))))))))))))))))))))
.

2008-10-11 07:06 . 2008-10-11 07:06 235,298,398 --a------ C:\Windows\MEMORY.DMP
2008-10-11 05:39 . 2008-10-11 05:40 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-11 05:39 . 2008-10-11 05:39 <REP> d-------- C:\Program Files\Lavasoft
2008-10-11 05:29 . 2008-10-11 05:29 <REP> d-------- C:\Windows\BDOSCAN8
2008-10-10 05:58 . 2008-10-10 05:58 171,136 -rahs---- C:\grldr
2008-10-10 00:54 . 2008-10-11 04:55 <REP> d-------- C:\Users\Am0\AppData\Roaming\Wireshark
2008-10-10 00:53 . 2008-10-10 00:53 <REP> d-------- C:\Program Files\Wireshark
2008-10-08 22:07 . 2008-10-08 22:08 <REP> d-------- C:\Users\Am0\AppData\Roaming\vlc
2008-10-07 23:57 . 2008-10-07 23:59 <REP> d-------- C:\Program Files\Microsoft Platform SDK
2008-10-07 20:27 . 2008-10-07 20:27 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-10-07 20:26 . 2008-10-07 20:26 <REP> d-------- C:\Windows\System32\Visual Studio 2008Templates
2008-10-07 20:26 . 2008-10-07 20:26 <REP> d-------- C:\Windows\System32\Visual Studio 2008
2008-10-07 20:25 . 2008-10-08 00:05 <REP> d-------- C:\ProgramData\Microsoft Help
2008-10-07 20:25 . 2008-10-07 20:25 <REP> d-------- C:\Program Files\Microsoft.NET
2008-10-07 20:25 . 2008-10-07 20:26 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-10-07 20:25 . 2008-10-07 20:25 <REP> d-------- C:\Program Files\Common Files\Merge Modules
2008-10-07 20:24 . 2008-10-07 20:24 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-10-03 20:36 . 2008-10-03 20:47 <REP> d-------- C:\Users\Am0\AppData\Roaming\EoRezo
2008-09-30 21:06 . 2008-09-30 21:27 <REP> d-------- C:\Users\Am0\AppData\Roaming\DeepBurner
2008-09-30 21:06 . 2008-09-30 21:06 <REP> d-------- C:\Program Files\DeepBurner
2008-09-26 04:23 . 2008-10-10 06:33 <REP> d-------- C:\Users\Am0\AppData\Roaming\gtk-2.0
2008-09-23 21:53 . 2008-09-23 21:53 <REP> d-------- C:\ProgramData\SweetIM
2008-09-23 00:35 . 2008-09-23 00:35 <REP> d-------- C:\Program Files\OpenAL
2008-09-22 23:09 . 2008-09-22 23:09 <REP> d-------- C:\Users\Am0\AppData\Roaming\Thinstall
2008-09-22 20:46 . 2008-10-11 06:40 <REP> d-------- C:\Users\Am0\Tracing
2008-09-22 20:44 . 2008-09-22 20:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-22 20:44 . 2008-06-26 05:21 712,704 --a------ C:\Windows\System32\WindowsCodecs.dll
2008-09-22 20:44 . 2008-06-26 05:21 347,648 --a------ C:\Windows\System32\WindowsCodecsExt.dll
2008-09-22 20:43 . 2008-09-22 20:43 <REP> d-------- C:\Program Files\Microsoft
2008-09-22 20:40 . 2008-09-22 20:40 <REP> d-------- C:\Program Files\Common Files\Windows Live
2008-09-19 21:28 . 2008-09-19 21:28 <REP> d-------- C:\ProgramData\ATI
2008-09-19 16:44 . 2008-10-02 17:24 468 --a------ C:\Windows\w32dasm8.ini
2008-09-19 16:41 . 2008-09-19 16:41 240 --a------ C:\Windows\w32demo8.ini
2008-09-17 21:02 . 2007-04-21 06:01 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys.back
2008-09-17 20:29 . 2008-09-17 20:29 <REP> dr------- C:\Users\Public\Music
2008-09-17 20:29 . 2008-09-22 20:43 <REP> dr------- C:\Users\Public\Documents
2008-09-16 20:22 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-09-16 20:22 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-09-16 16:25 . 2008-09-16 16:25 <REP> d-------- C:\Program Files\Logitech
2008-09-16 13:40 . 2008-09-16 13:40 <REP> d-------- C:\Users\Public\Videos
2008-09-16 13:40 . 2008-09-16 13:40 <REP> d-------- C:\Users\Public\Pictures
2008-09-15 01:43 . 2008-09-15 01:43 <REP> d-------- C:\Program Files\Hercules
2008-09-15 01:42 . 2006-12-13 07:38 286,208 --a------ C:\Windows\System32\drivers\netr61.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 05:05 --------- d-----w C:\Users\Am0\AppData\Roaming\MxBoost
2008-10-11 04:40 --------- d-----w C:\Users\Am0\AppData\Roaming\OpenOffice.org2
2008-10-11 03:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-11 03:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-11 03:13 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-10-11 03:13 --------- d-----w C:\Program Files\Common Files\Steam
2008-10-11 02:30 --------- d-----w C:\Program Files\Avast4
2008-10-10 21:05 --------- d-----w C:\Users\Am0\AppData\Roaming\uTorrent
2008-10-10 19:33 --------- d-----w C:\ProgramData\Google Updater
2008-10-10 17:45 --------- d-----w C:\Users\Am0\AppData\Roaming\Skype
2008-10-10 15:42 --------- d-----w C:\Users\Am0\AppData\Roaming\skypePM
2008-10-10 14:30 --------- d-----w C:\Users\Am0\AppData\Roaming\teamspeak2
2008-10-10 04:58 --------- d---a-w C:\ProgramData\TEMP
2008-10-10 03:09 --------- d-----w C:\Users\Am0\AppData\Roaming\Maxthon2
2008-10-08 20:39 --------- d-----w C:\Users\Am0\AppData\Roaming\mIRC
2008-09-30 14:21 --------- d-----w C:\Program Files\Foxit Reader
2008-09-28 23:15 --------- d-----w C:\Program Files\Cheat Engine
2008-09-26 17:34 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-09-24 20:06 --------- d-----w C:\Users\Am0\AppData\Roaming\Winamp
2008-09-24 20:06 --------- d-----w C:\Program Files\Google
2008-09-24 03:41 --------- d-----w C:\Program Files\Bonjour
2008-09-22 18:44 --------- d-----w C:\Program Files\Windows Live
2008-09-19 19:28 --------- d-----w C:\Program Files\ATI Technologies
2008-09-18 10:40 --------- d-----w C:\Program Files\FlashFXP
2008-09-16 14:25 --------- d-----w C:\ProgramData\Logitech
2008-09-09 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 20:03 --------- d-----w C:\Program Files\OLITEC
2008-09-05 13:56 287,744 ----a-w C:\Windows\WLXPGSS.SCR
2008-08-27 20:49 --------- d-----w C:\ProgramData\Skype
2008-08-27 20:49 --------- d-----w C:\Program Files\Skype
2008-08-27 20:49 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-23 18:53 --------- d-----w C:\Program Files\GoldWave
2008-08-21 04:54 3,928,576 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-08-21 01:09 53,248 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-08-19 17:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-19 17:39 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 22:48 --------- d-----w C:\Users\Am0\AppData\Roaming\dvdcss
2008-08-17 21:40 --------- d-----w C:\Program Files\DivX
2008-08-16 12:32 --------- d-----w C:\Program Files\VideoLAN
2008-08-14 15:39 --------- d-----w C:\ProgramData\Winamp Toolbar
2008-08-13 21:40 --------- d-----w C:\Users\Am0\AppData\Roaming\GrabIt
2008-08-13 16:18 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 16:59 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-08-10 16:53 319,488 ----a-w C:\Windows\HideWin.exe
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-24 16:16 6,265,376 ----a-w C:\Windows\RtHDVCpl.exe
2008-07-24 16:16 1,833,504 ----a-w C:\Windows\SkyTel.exe
2008-07-24 16:16 1,202,720 ----a-w C:\Windows\RtlUpd.exe
2008-07-15 11:58 524,288 ----a-w C:\Windows\RtlExUpd.dll
2008-04-23 21:51 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-10-06 3513344]
"Steam"="d:\steam\steam.exe" [2008-10-11 1410296]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 C:\Windows\KHALMNPR.Exe]
"P17RunE"="P17RunE.dll" [2007-04-09 C:\Windows\System32\P17RunE.dll]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 C:\Windows\RtHDVCpl.exe]

C:\Users\Am0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-200236505-511883514-2012194733-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{3A752564-74C5-43C6-8F58-D19B11E3988B}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{9E44E043-B733-4477-9E3D-6A10E93E504C}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{B1491327-0E34-4F10-8A32-395CF45A2624}C:\\users\\am0\\appdata\\roaming\\maxthon2\\maxthon.exe"= UDP:C:\users\am0\appdata\roaming\maxthon2\maxthon.exe:maxthon.exe
"UDP Query User{B6CC30B3-8598-452D-BD20-4B6E5AC6787B}C:\\users\\am0\\appdata\\roaming\\maxthon2\\maxthon.exe"= TCP:C:\users\am0\appdata\roaming\maxthon2\maxthon.exe:maxthon.exe
"{8BB2268C-4B2F-4307-9BE0-211F76E48CC5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EE32B709-6795-465E-99B1-D6F0A144622D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{819557F4-0FF1-4032-B396-3FFA0EC89895}C:\\users\\am0\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:C:\users\am0\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{9D0F998E-CE2D-4862-80FB-2FB5E4C0F1D2}C:\\users\\am0\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:C:\users\am0\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"TCP Query User{4975502E-F498-43ED-88E1-7FC565713D53}C:\\program files\\bmoworld\\bomberman.exe"= UDP:C:\program files\bmoworld\bomberman.exe:BomberMan
"UDP Query User{417BC42D-F1A5-40D8-8996-4B23B00C45A7}C:\\program files\\bmoworld\\bomberman.exe"= TCP:C:\program files\bmoworld\bomberman.exe:BomberMan
"TCP Query User{39F58909-6B52-4914-91D8-16F0ADB3893F}D:\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:D:\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{3FD21CEC-A8AF-4B90-BA42-DF09D19C07B3}D:\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:D:\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{E91624AB-ECA8-49B4-B613-6FB05956047D}C:\\program files\\winamp\\winamp.exe"= UDP:C:\program files\winamp\winamp.exe:Winamp
"UDP Query User{75C119DC-62DD-479D-99CC-9DE3C6E39BDB}C:\\program files\\winamp\\winamp.exe"= TCP:C:\program files\winamp\winamp.exe:Winamp
"TCP Query User{C1AFB0AE-1CFA-47F3-A744-93047112D977}D:\\metin2_france\\metin2.bin"= UDP:D:\metin2_france\metin2.bin:metin2.bin
"UDP Query User{A341ECC2-6666-4308-91DE-62C727001023}D:\\metin2_france\\metin2.bin"= TCP:D:\metin2_france\metin2.bin:metin2.bin
"TCP Query User{43A1B27B-8E4C-4CA8-BA64-2910D1EE1AFD}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{793691D4-489D-4B29-9A43-FCC263821B20}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{D3AB1A72-A4D7-4BFD-AA19-0271D830225D}D:\\downloads\\softwares\\mirc 6.3 + keygen\\mirc 6.3 + keygen\\mirc.exe"= UDP:D:\downloads\softwares\mirc 6.3 + keygen\mirc 6.3 + keygen\mirc.exe:mIRC
"UDP Query User{DD72DA07-68BA-445D-9B80-DFA5BB013320}D:\\downloads\\softwares\\mirc 6.3 + keygen\\mirc 6.3 + keygen\\mirc.exe"= TCP:D:\downloads\softwares\mirc 6.3 + keygen\mirc 6.3 + keygen\mirc.exe:mIRC
"TCP Query User{AC706F97-0D9A-45D3-94EA-0B4E778AFEF3}D:\\downloads\\games\\css_offline\\hl2.exe"= UDP:D:\downloads\games\css_offline\hl2.exe:hl2
"UDP Query User{E0CFA190-CAC6-4011-9EC4-3E9D398ED64D}D:\\downloads\\games\\css_offline\\hl2.exe"= TCP:D:\downloads\games\css_offline\hl2.exe:hl2
"TCP Query User{2D1F2AC1-D2FA-4A35-BC48-50D700D05CBC}D:\\downloads\\games\\cs_offline\\hl.exe"= UDP:D:\downloads\games\cs_offline\hl.exe:Half-Life Launcher
"UDP Query User{9E418730-DDB6-4EDF-AB6B-400AE8A928D6}D:\\downloads\\games\\cs_offline\\hl.exe"= TCP:D:\downloads\games\cs_offline\hl.exe:Half-Life Launcher
"TCP Query User{905F284E-6C22-44FF-AE68-441CF2DF3109}D:\\steam\\steamapps\\amokers\\counter-strike\\hl.exe"= UDP:D:\steam\steamapps\amokers\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{56C87D94-C6F1-4EA4-880B-93F163F3BE61}D:\\steam\\steamapps\\amokers\\counter-strike\\hl.exe"= TCP:D:\steam\steamapps\amokers\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{F10015D4-E857-4064-BE93-076FFCC4F619}C:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:C:\program files\counterpath\x-lite\x-lite.exe:X-Lite
"UDP Query User{054CC0AE-B4F5-474C-82B9-D43B7CBB17DF}C:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:C:\program files\counterpath\x-lite\x-lite.exe:X-Lite
"TCP Query User{93FE3D27-93E5-46A5-BA84-ACECD26C1CAF}D:\\emule\\emule.exe"= UDP:D:\emule\emule.exe:eMule
"UDP Query User{038A0542-A48E-41E8-9459-AB94CEC4A89D}D:\\emule\\emule.exe"= TCP:D:\emule\emule.exe:eMule
"{19223918-274C-426B-9DE6-A43735C41924}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{AA176FAA-08C5-4158-AE6F-EB1DF41831CB}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{47ACC312-74E6-4DE2-8E57-D2D4AAEAEB54}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{42DE8164-F11C-4AAA-8EA3-4617B74F95CC}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{A664C739-E8DF-42BA-856A-84895108CB7B}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{72E62D6D-43D4-4E1A-A563-657E64A76A8F}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{E2086060-970F-4D5E-864D-08532C055C6A}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{6F241E35-5087-4DC6-98FF-102F6FAC9BA4}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{019ADB7D-5032-48AE-9E54-1EEB21155378}"= UDP:C:\Users\Am0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P61HTT0P\utorrent-1.8-beta-10431.upx[1].exe:µTorrent (TCP-In)
"{AD4664DB-DE40-4763-8377-D1F1D105A0F2}"= TCP:C:\Users\Am0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P61HTT0P\utorrent-1.8-beta-10431.upx[1].exe:µTorrent (UDP-In)
"{CEC88316-75F3-4243-AD9A-3174F6DC09DD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BFA9D88B-01E2-4451-A9F0-3215B753421B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{C5FE95DB-4C03-4C69-9CCF-74F64E0199B8}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{F9CA4348-99AF-441D-A782-D3A4B9814158}D:\\virtualdj\\virtualdj.exe"= UDP:D:\virtualdj\virtualdj.exe:VirtualDJ
"UDP Query User{42C38510-5448-4ED2-AF70-746AFB734012}D:\\virtualdj\\virtualdj.exe"= TCP:D:\virtualdj\virtualdj.exe:VirtualDJ
"{DADAF590-57E1-4B0B-AD05-41CC37FC6A27}"= UDP:C:\Users\Am0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6BF1NBDT\utorrent-1.8-beta-10843.upx[1].exe:µTorrent (TCP-In)
"{DA287542-EC6F-4866-8468-76E412219909}"= TCP:C:\Users\Am0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6BF1NBDT\utorrent-1.8-beta-10843.upx[1].exe:µTorrent (UDP-In)
"{1EC1DAF4-0F7D-4411-97EC-1FF7F36BE52F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B8E1A15D-51AF-4443-86AA-C7CFD6C27E26}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{E6D77914-A206-4F2F-AB5B-1B5B00F8E9F4}C:\\program files\\microsoft games\\motocross madness 2 trial\\mcm2.exe"= UDP:C:\program files\microsoft games\motocross madness 2 trial\mcm2.exe:Microsoft® Motocross Madness 2
"UDP Query User{D668D689-FE54-403C-BC50-6AF50A7C4B1E}C:\\program files\\microsoft games\\motocross madness 2 trial\\mcm2.exe"= TCP:C:\program files\microsoft games\motocross madness 2 trial\mcm2.exe:Microsoft® Motocross Madness 2
"{20A8C167-4FD4-473D-A0A6-2C6E92530C8B}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A709A36C-032F-4B8B-AC8E-DFC0AF317730}C:\\program files\\realvnc\\vnc4\\winvnc4.exe"= UDP:C:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Free Edition for Win32
"UDP Query User{30D65582-1DD0-4F0E-9899-83A5A8F06D72}C:\\program files\\realvnc\\vnc4\\winvnc4.exe"= TCP:C:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Free Edition for Win32
"{613559F6-A4DB-41AC-996F-C44FBC4513D7}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7DF675DA-D029-457C-99D6-6FD917EFB2D7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{69F71E29-D6F1-4216-B34B-D496D1C99DF9}C:\\program files\\easybox\\vlc\\vlc.exe"= UDP:C:\program files\easybox\vlc\vlc.exe:VLC media player
"UDP Query User{5C1BCD7A-96C0-4F7A-A3EF-3A06463CE3A1}C:\\program files\\easybox\\vlc\\vlc.exe"= TCP:C:\program files\easybox\vlc\vlc.exe:VLC media player
"TCP Query User{7AAD44F6-4FA1-435F-8131-737094FACC06}C:\\program files\\easybox\\apache\\apache.exe"= UDP:C:\program files\easybox\apache\apache.exe:Apache HTTP Server
"UDP Query User{7D0A064E-F932-4C00-B50B-F401FEF87D28}C:\\program files\\easybox\\apache\\apache.exe"= TCP:C:\program files\easybox\apache\apache.exe:Apache HTTP Server
"{A3D75C04-D139-4543-9546-5A89E1F38D45}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{2DFBEEFC-24E8-49AA-A2DF-557B34780720}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{31A54285-3BC7-41F5-9A0A-A3293AFF7C49}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{1FBD08BD-3906-4E88-91BC-8C92A310815F}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E24CD704-FD17-4C0C-83A6-117C71D4A890}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{7466F829-5578-4908-B69F-2BD26AD4F9B2}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{CCD5D346-5425-4099-9C19-02B57A72944F}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{5D27B1D6-E8E7-4E20-B694-F25D67D7AE65}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{025CFD8E-D9A1-425F-91B0-743BA39F0016}"= UDP:D:\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{D69DE1D8-3956-499C-A423-08BA650E8707}"= TCP:D:\FlatOut Ultimate Carnage\Fouc.exe:FlatOut Ultimate Carnage
"{2C1FA813-6CEF-45F9-BBDA-1577A90F7951}"= UDP:C:\Users\Am0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SFXGNU2\utorrent[1].exe:µTorrent (TCP-In)
"{47D481CB-3EE7-4CFF-B010-C6FBD31705FE}"= TCP:C:\Users\Am0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7SFXGNU2\utorrent[1].exe:µTorrent (UDP-In)
"{2A1B9B8B-3998-4236-B1D0-8C1EE6D855F7}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3E44B6E3-4A23-48F2-9217-AEE916FC426C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{44767EFE-266D-4981-91F4-BE20046807D1}D:\\steam\\steamapps\\amokers\\counter-strike source\\hl2.exe"= UDP:D:\steam\steamapps\amokers\counter-strike source\hl2.exe:hl2
"UDP Query User{BF415ECF-C601-4F5F-A25C-4003A3E4B3A5}D:\\steam\\steamapps\\amokers\\counter-strike source\\hl2.exe"= TCP:D:\steam\steamapps\amokers\counter-strike source\hl2.exe:hl2
"TCP Query User{B2DC809E-9505-4415-861A-EB5EFEC58453}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{201638B9-536D-4ECE-8F5C-84891280FD17}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{84041D02-7F77-4BBD-A6CF-8C008E66ECFE}C:\\users\\am0\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:C:\users\am0\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{4B617C96-4756-4D4D-A6C5-E11C3DD0D6C1}C:\\users\\am0\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:C:\users\am0\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"TCP Query User{ACC2D1EA-79DF-4F5F-8DF5-A514F3C38263}D:\\emule\\emule.exe"= UDP:D:\emule\emule.exe:eMule
"UDP Query User{C8BB7399-CD79-4DC0-9472-F0E5A97C60AA}D:\\emule\\emule.exe"= TCP:D:\emule\emule.exe:eMule
"TCP Query User{9532A1A0-CAC7-4E2F-977D-417F6FC28D1D}C:\\program files\\realvnc\\vnc4\\winvnc4.exe"= UDP:C:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Free Edition for Win32
"UDP Query User{14FBD395-C913-4AD7-9627-51F13AC230D9}C:\\program files\\realvnc\\vnc4\\winvnc4.exe"= TCP:C:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Free Edition for Win32
"TCP Query User{090CC069-B724-4914-85FE-B4515218FE1B}D:\\steam\\steamapps\\amokers\\source dedicated server\\srcds.exe"= UDP:D:\steam\steamapps\amokers\source dedicated server\srcds.exe:srcds
"UDP Query User{23BE43B9-D58B-4CDC-9D7E-77B99D7F32DD}D:\\steam\\steamapps\\amokers\\source dedicated server\\srcds.exe"= TCP:D:\steam\steamapps\amokers\source dedicated server\srcds.exe:srcds
"TCP Query User{9F706E20-6B67-4B5B-A040-C3627832EBCF}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java™ Platform SE binary
"UDP Query User{A82BB95A-2E97-4749-BB36-C0A14C39F9F4}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java™ Platform SE binary
"TCP Query User{8CA023C7-EF9E-46CA-AE18-8C920D7B0A25}C:\\users\\am0\\desktop\\iperf\\iperf.exe"= UDP:C:\users\am0\desktop\iperf\iperf.exe:iperf.exe
"UDP Query User{70F81FC7-DC95-4160-BC31-8F6234AA695B}C:\\users\\am0\\desktop\\iperf\\iperf.exe"= TCP:C:\users\am0\desktop\iperf\iperf.exe:iperf.exe
"TCP Query User{D11A978F-8888-4675-A6E4-27F03D30C886}D:\\steam\\steamapps\\amokers\\counter-strike\\hl.exe"= UDP:D:\steam\steamapps\amokers\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{4D485F5B-2C78-489B-A0CC-4A9A7A40FCDD}D:\\steam\\steamapps\\amokers\\counter-strike\\hl.exe"= TCP:D:\steam\steamapps\amokers\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{AED525C9-7824-49DF-BBD2-B887927B8A01}D:\\documents\\visual studio 2008\\projects\\hlfill\\hlfill.exe"= UDP:D:\documents\visual studio 2008\projects\hlfill\hlfill.exe:hlfill
"UDP Query User{D0632975-BA5F-4775-9F04-E72F824D1914}D:\\documents\\visual studio 2008\\projects\\hlfill\\hlfill.exe"= TCP:D:\documents\visual studio 2008\projects\hlfill\hlfill.exe:hlfill
"TCP Query User{2B068A41-700B-4FBA-BBEA-A0389EDD95B5}D:\\downloads\\softwares\\mirc 6.3 + keygen\\mirc 6.3 + keygen\\mirc.exe"= UDP:D:\downloads\softwares\mirc 6.3 + keygen\mirc 6.3 + keygen\mirc.exe:mIRC
"UDP Query User{F4539A80-AD90-4E72-AB34-7737D8AB3444}D:\\downloads\\softwares\\mirc 6.3 + keygen\\mirc 6.3 + keygen\\mirc.exe"= TCP:D:\downloads\softwares\mirc 6.3 + keygen\mirc 6.3 + keygen\mirc.exe:mIRC
"TCP Query User{BBCDF974-D2F6-40F7-A994-0137C91B1D67}D:\\steam\\steamapps\\amokers\\zombie panic! source\\hl2.exe"= UDP:D:\steam\steamapps\amokers\zombie panic! source\hl2.exe:hl2
"UDP Query User{6866F3E9-0C14-40D3-9EF2-A92C1585DC74}D:\\steam\\steamapps\\amokers\\zombie panic! source\\hl2.exe"= TCP:D:\steam\steamapps\amokers\zombie panic! source\hl2.exe:hl2
"TCP Query User{6AAB823B-B23B-49F0-BB43-808EDC2F2C46}D:\\documents\\visual studio 2008\\projects\\cl-se\\debug\\cl-se.exe"= UDP:D:\documents\visual studio 2008\projects\cl-se\debug\cl-se.exe:cl-se
"UDP Query User{D2FF6C0F-6120-4DB2-9EB7-90CD6CFE4ACE}D:\\documents\\visual studio 2008\\projects\\cl-se\\debug\\cl-se.exe"= TCP:D:\documents\visual studio 2008\projects\cl-se\debug\cl-se.exe:cl-se

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-21 3928576]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys [2007-08-02 22784]
R3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-08-10 79360]
S3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 253952]
S3 rt61x86;802.11g Wireless Driver RT61;C:\Windows\system32\DRIVERS\netr61.sys [2006-12-13 286208]
S3 SaiH1589;SaiH1589;C:\Windows\system32\DRIVERS\SaiH1589.sys [2007-05-01 132232]
S3 SaiU1589;SaiU1589;C:\Windows\system32\DRIVERS\SaiU1589.sys [2007-05-01 28416]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-11 87288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f6a3049-5ccf-11dd-a833-001bfc7976bf}]
\shell\AutoRun\command - G:\autorun.exe
\shell\setup\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5366b1cd-3c94-11dd-a892-001bfc7976bf}]
\shell\AutoRun\command - G:\LM_setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Am0\AppData\Roaming\Mozilla\Firefox\Profiles\biy08yah.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.lo.st
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 07:06:45
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\Users\Am0\AppData\Local\Temp\WPDNSE

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2008-10-11 7:10:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-11 05:10:26

Avant-CF: 15 114 960 896 octets libres
Après-CF: 14,519,418,880 octets libres

324 --- E O F --- 2008-10-03 08:02:01
Merci infiniment de votre aide :D

Edited by Orange Blossom, 11 February 2013 - 02:21 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 nickW

nickW

  • Malware Response Team
  • 54 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:France
  • Local time:09:12 PM

Posted 13 October 2008 - 09:00 AM

Bonjour,

Une première remarque:
Bleeping Computer est un forum en langue anglaise/américaine. Il faut faire l'effort d'écrire dans cette langue ... ou choisir un forum en langue française.


Apparemment, avast! a détecté une anomalie dans une des images affichées sur le site.

Je viens de faire analyser toutes les images (celles qui sont affichées aujourd'hui sur la page d'accueil) sur virscan.org, et rien n'est signalé comme infecté.

Après mise à jour des définitions de virus d'avast!, vois-tu encore cet avertissement ?

Salut,


First of all, BC is an english/american forum.
You should make the effort to write in english ... or choose a french-speaking forum.
avast! found something in one of the pictures displayed on the site.
I've just sent all the images (displayed today on the homepage) to virscan.org, and nothing bad was found.
After a virus database update, do you still receive this warning?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users