Infection qui me fait chier

BOB -  
 BOB -
Bonjour, probleme de curseur de souris, lenteur de la connexion internet regulierement ca me gonfle

quelqu'un peut me regarder mon log pour voir si ya des infections ?

merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:34, on 24/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\TrojanHunter 5.1\THGuard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\TuneUp Utilities 2009\Shredder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.1\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - .DEFAULT Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User 'Default user')
O4 - .DEFAULT Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1245002399625
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 8172 bytes
Configuration: Windows XP
Firefox 3.0.11

12 réponses

  1. archet9
     
    Hello BOB

    Tout d'abord on dit "faire caca " et non "chier"....

    Ton scan montre bien une infection....
    Pour + d'infos peux-tu faire ceci stp:

    Télécharges RSIT (de random/random) sur le bureau ici :

    http://images.malwareremoval.com/random/RSIT.exe

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

    Les rapports sont dans le dossier ici C:\rsit
    a+
    0
  2. BOB
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by bob at 2009-06-24 20:18:20
    WIN_XP Service Pack 3
    System drive C: has 418 GB (88%) free of 477 GB
    Total RAM: 3070 MB (55% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:18:40, on 24/06/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    C:\Program Files\TrojanHunter 5.1\THGuard.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\ALCFDRTM.EXE
    C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    C:\Program Files\TuneUp Utilities 2009\Shredder.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\bob\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\bob.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
    O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
    O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
    O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.1\THGuard.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
    O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
    O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
    O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
    O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
    O4 - S-1-5-18 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
    O4 - S-1-5-18 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
    O4 - .DEFAULT Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User 'Default user')
    O4 - .DEFAULT Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User 'Default user')
    O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1245002399625
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
    O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
    O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
    O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
    O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
    O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
    0
  3. archet9
     
    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt

    a+
    0
  4. BOB
     
    ComboFix 09-06-23.01 - bob 24/06/2009 20:28.2 - NTFSx86
    Lancé depuis: c:\documents and settings\bob\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\tmp.reg

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-06-24 ))))))))))))))))))))))))))))))))))))
    .

    2009-06-24 18:18 . 2009-06-24 18:18 -------- d-----w- C:\rsit
    2009-06-24 18:02 . 2009-06-24 18:02 -------- d-----w- c:\program files\Trend Micro
    2009-06-24 11:30 . 2009-06-24 11:30 -------- d-----w- c:\program files\7-Zip
    2009-06-24 11:18 . 2009-05-18 12:47 3007352 ----a-w- c:\documents and settings\bob\Application Data\Simply Super Software\Trojan Remover\nhe24.exe
    2009-06-22 20:36 . 2009-06-22 20:36 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Identities
    2009-06-22 20:04 . 2009-06-22 20:04 -------- d-----w- c:\program files\Reality Pump
    2009-06-22 17:24 . 2009-06-22 17:24 -------- d-----w- c:\documents and settings\bob\Application Data\TrojanHunter
    2009-06-22 17:13 . 2009-05-18 12:47 3007352 ----a-w- c:\documents and settings\bob\Application Data\Simply Super Software\Trojan Remover\rde5C.exe
    2009-06-22 17:12 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2009-06-22 17:12 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2009-06-22 17:12 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2009-06-22 17:12 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2009-06-22 17:12 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2009-06-22 17:12 . 2009-06-22 17:13 -------- d-----w- c:\program files\Trojan Remover
    2009-06-22 17:12 . 2009-06-22 17:12 -------- d-----w- c:\documents and settings\bob\Application Data\Simply Super Software
    2009-06-22 17:12 . 2009-06-22 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2009-06-22 17:11 . 2009-06-22 17:11 -------- d-----w- c:\program files\TrojanHunter 5.1
    2009-06-20 11:52 . 2009-06-20 11:52 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Adobe
    2009-06-20 11:51 . 2009-06-20 11:51 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2009-06-20 09:37 . 2009-06-20 09:37 26624 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2009-06-17 20:18 . 2009-06-17 20:18 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-06-16 17:58 . 2009-06-16 17:58 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\G DATA
    2009-06-15 19:25 . 2009-06-15 19:25 -------- d-----w- c:\documents and settings\LocalService\Bureau
    2009-06-15 18:48 . 2009-06-15 20:34 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-06-14 16:26 . 2008-04-13 17:33 221184 ----a-w- c:\windows\system32\wmpns.dll
    2009-06-14 13:21 . 2009-06-14 13:21 -------- d-----w- c:\windows\Logs
    2009-06-14 13:15 . 2009-06-14 13:15 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2009-06-14 13:15 . 2009-06-14 13:15 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2009-06-14 13:12 . 2009-06-14 13:25 -------- d-----w- c:\program files\Gothic III
    2009-06-14 13:11 . 2009-06-14 13:11 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools
    2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools Pro
    2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\program files\DAEMON Tools Lite
    2009-06-14 13:07 . 2009-06-14 13:11 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools Lite
    2009-06-14 13:07 . 2009-06-14 13:07 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-06-14 10:49 . 2009-06-24 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-06-14 10:49 . 2009-06-14 10:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-06-12 16:12 . 2009-06-12 16:12 -------- d-----w- c:\windows\Sun
    2009-06-10 18:41 . 2009-06-20 17:16 -------- d-----w- c:\documents and settings\bob\Contacts
    2009-06-10 18:23 . 2009-06-10 18:23 -------- d-sh--w- c:\documents and settings\bob\IECompatCache
    2009-06-10 18:22 . 2009-06-10 18:22 -------- d-sh--w- c:\documents and settings\bob\PrivacIE
    2009-06-10 18:21 . 2009-06-15 17:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-06-10 18:04 . 2009-06-10 18:04 68424 ----a-w- c:\windows\system32\drivers\GRD.sys
    2009-06-10 18:03 . 2009-06-15 17:18 -------- d-sh--w- c:\documents and settings\bob\IETldCache
    2009-06-10 18:00 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-06-10 18:00 . 2009-04-30 21:16 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2009-06-10 18:00 . 2009-04-30 21:16 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2009-06-10 18:00 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-06-10 18:00 . 2009-06-10 18:00 -------- d-----w- c:\windows\ie8updates
    2009-06-10 18:00 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-06-10 17:58 . 2009-06-10 18:00 -------- dc-h--w- c:\windows\ie8
    2009-06-10 17:53 . 2009-02-09 11:24 2191104 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-06-10 17:53 . 2009-02-09 11:23 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-06-10 17:53 . 2009-02-09 11:23 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-06-10 17:52 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2009-06-10 17:52 . 2001-08-17 19:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
    2009-06-10 17:51 . 2008-04-13 16:57 58752 ----a-w- c:\windows\system32\drivers\redbook.sys
    2009-06-10 17:51 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
    2009-06-10 17:51 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\drivers\bthport.sys
    2009-06-10 17:51 . 2001-08-17 19:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
    2009-06-10 17:51 . 2008-04-13 17:33 77312 ----a-w- c:\windows\system32\usbui.dll
    2009-06-10 17:49 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2009-06-10 17:49 . 2009-06-10 18:00 -------- d--h--w- c:\windows\$hf_mig$
    2009-06-10 17:47 . 2009-06-10 17:47 -------- d-sh--w- c:\documents and settings\bob\UserData
    2009-06-10 17:41 . 2009-06-10 17:41 -------- d-----w- c:\program files\DartyBox
    2009-06-10 17:41 . 2007-04-04 06:08 184320 ----a-w- c:\windows\system32\coclassfast.dll
    2009-06-10 17:40 . 2009-06-10 17:41 -------- d-----w- c:\program files\Assistant Dartybox
    2009-06-10 17:28 . 2009-06-10 17:28 9240 ----a-w- c:\documents and settings\bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-10 17:22 . 2009-06-10 18:00 48712 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2009-06-10 17:22 . 2009-06-10 18:00 32328 ----a-w- c:\windows\system32\drivers\HookCentre.sys
    2009-06-10 17:21 . 2009-06-10 18:03 51016 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
    2009-06-10 17:21 . 2009-06-10 17:21 22272 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys
    2009-06-10 17:20 . 2009-06-10 17:20 -------- d-sh--w- C:\#GDATA.Trash.Store#
    2009-06-10 17:20 . 2009-06-10 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\G DATA
    2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\program files\Fichiers communs\G DATA
    2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\program files\G DATA
    2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Downloaded Installations
    2009-06-10 17:12 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
    2009-06-10 17:12 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
    2009-06-10 17:11 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
    2009-06-10 17:11 . 2009-06-21 18:13 -------- d-----w- c:\windows\system32\Filt
    2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\Agnitum
    2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
    2009-06-10 17:09 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\MSN Messenger
    2009-06-10 17:05 . 2009-06-10 17:05 603904 ----a-w- c:\windows\system32\TUProgSt.exe
    2009-06-10 17:05 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
    2009-06-10 17:05 . 2009-06-10 17:05 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
    2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\documents and settings\bob\Application Data\TuneUp Software
    2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\TuneUp Utilities 2009
    2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-06-10 17:05 . 2009-06-10 17:05 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
    2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\VS Revo Group
    2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\MRU-Blaster
    2009-06-10 17:04 . 2009-06-10 17:04 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-06-10 17:04 . 2009-06-10 17:04 -------- d-----w- c:\program files\Java
    2009-06-10 17:03 . 2009-06-10 17:03 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Mozilla
    2009-06-10 17:03 . 2009-06-10 17:03 0 ----a-w- c:\windows\nsreg.dat
    2009-06-10 17:02 . 2009-06-10 17:02 -------- d-----w- c:\program files\CCleaner

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-24 11:20 . 2009-06-10 16:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-06-24 11:15 . 2009-06-10 16:40 -------- d-----w- c:\program files\a-squared Free
    2009-06-22 20:17 . 2009-06-10 16:32 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
    2009-06-21 18:33 . 2009-06-10 16:42 -------- d-----w- c:\program files\SpywareBlaster
    2009-06-17 20:18 . 2009-06-10 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-17 09:27 . 2009-06-10 16:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 09:27 . 2009-06-10 16:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-15 20:34 . 2009-06-15 18:48 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-06-14 13:17 . 2009-06-10 16:32 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\bob\Application Data\Media Player Classic
    2009-06-10 17:10 . 2009-06-10 17:09 -------- d-----w- c:\program files\K-Lite Codec Pack
    2009-06-10 17:00 . 2008-04-13 17:34 36864 ----a-w- c:\windows\system32\ctfmon.exe
    2009-06-10 16:41 . 2009-06-10 16:41 -------- d-----w- c:\documents and settings\bob\Application Data\Malwarebytes
    2009-06-10 16:41 . 2009-06-10 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-10 16:37 . 2009-06-10 16:36 -------- d-----w- c:\program files\Intel
    2009-06-10 16:36 . 2009-06-10 16:36 -------- d-----w- c:\documents and settings\bob\Application Data\InstallShield
    2009-06-10 16:34 . 2009-06-10 16:34 73728 ----a-w- c:\windows\ALCFDRTM.EXE
    2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\AGEIA Technologies
    2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\Realtek
    2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\Fichiers communs\InstallShield
    2009-06-10 16:13 . 2009-06-10 16:13 -------- d-----w- c:\program files\microsoft frontpage
    2009-06-10 16:09 . 2004-08-10 12:00 35172 ----a-w- c:\windows\system32\perfc00C.dat
    2009-06-10 16:09 . 2004-08-10 12:00 326822 ----a-w- c:\windows\system32\perfh00C.dat
    2009-06-09 20:56 . 2009-06-09 20:56 1571840 ----a-w- c:\windows\system32\sfcfiles.dll
    2009-06-09 20:52 . 2009-06-09 20:52 1013248 ----a-w- c:\windows\system32\syssetup.dll
    2009-06-09 20:52 . 2009-06-09 20:52 1013248 ----a-w- c:\windows\inf\syssbck.dll
    2009-05-13 05:04 . 2008-04-13 17:33 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-05-07 15:33 . 2008-04-13 17:33 348672 ----a-w- c:\windows\system32\localspl.dll
    2009-04-29 04:34 . 2009-04-29 04:34 81920 ------w- c:\windows\system32\ieencode.dll
    2009-04-19 19:50 . 2008-04-13 16:58 1847296 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:53 . 2008-04-13 17:33 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-02 13:21 . 2009-06-10 17:09 84480 ----a-w- c:\windows\system32\ff_vfw.dll
    2009-03-27 06:14 . 2009-06-10 16:32 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
    .

    ------- Sigcheck -------

    [-] 2009-06-10 17:00 36864 18747FCB2508EEEC79415B32F63F3654 c:\windows\system32\ctfmon.exe
    [-] 2009-06-10 17:00 36864 18747FCB2508EEEC79415B32F63F3654 c:\windows\system32\dllcache\ctfmon.exe

    [-] 2009-06-09 20:56 1571840 805C0C12E2CF496B19843CDE04008DA0 c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
    "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-15 1229640]
    "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-04-14 433480]
    "GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
    "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "THGuard"="c:\program files\TrojanHunter 5.1\THGuard.exe" [2009-05-18 1061536]
    "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-05-18 1059720]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-23 18077696]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-06-10 36864]

    c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
    MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
    MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]

    c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
    MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
    MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]

    c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
    MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
    MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "L'Assistant DartyBox"=c:\program files\Assistant Dartybox\Upgrade_Manager.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-04-14 1267528]
    R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\documents and settings\bob\Local Settings\Temp\{C38B3C1C-EBA4-4338-AFDD-75A1139F3D49}\fsgk.sys [x]
    R3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
    R3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-10-28 880200]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-06-20 26624]
    S0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2009-06-10 22272]
    S1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-06-10 68424]
    S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-04-06 704384]
    S2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-11-24 1016904]
    S2 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
    S2 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-09-08 1185496]
    S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-06-10 51016]
    S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-06-10 603904]
    S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2009-02-18 31128]
    S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 257432]
    S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-04-06 33888]
    S3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-10-30 1407976]
    S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-06-10 48712]
    S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-06-10 32328]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    DcomLaunch REG_MULTI_SZ DcomLaunch

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contenu du dossier 'Tâches planifiées'

    2009-06-24 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 09:13]
    .
    .
    ------- Examen supplémentaire -------
    .
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-24 20:32
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2009-06-24 20:34
    ComboFix-quarantined-files.txt 2009-06-24 18:34

    Avant-CF: 438 356 844 544 octets libres
    Après-CF: 438 396 903 424 octets libres

    259
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. BOB
     
    tu pourrai me dire quel ligne tu as vu infectieuse dans mon log hijack
    0
  7. archet9
     
    ---> Télécharge OTM (OldTimer) sur ton Bureau :
    http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

    :processes
    explorer.exe

    :files
    C:\WINDOWS\PEV.exe
    c:\windows\system32\ups.exe
    c:\windows\system32\perfc00C.dat

    :reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]

    :commands
    [purity]
    [emptytemp]
    [start explorer]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    a+
    0
  8. BOB
     
    All processes killed
    ========== PROCESSES ==========
    Process explorer.exe killed successfully!
    ========== FILES ==========
    C:\WINDOWS\PEV.exe moved successfully.
    File/Folder c:\windows\system32\ups.exe not found.
    c:\windows\system32\perfc00C.dat moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: bob
    ->Temp folder emptied: 36238852 bytes
    ->Temporary Internet Files folder emptied: 536973 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 61297506 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 557257 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2351795 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    File delete failed. C:\WINDOWS\temp\tmp0000651e\tmp00000000 scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\tmp00000049\tmp00000000 scheduled to be deleted on reboot.
    Windows Temp folder emptied: 0 bytes

    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 96,31 mb

    OTM by OldTimer - Version 3.0.0.2 log created on 06242009_211226

    Files moved on Reboot...
    File C:\WINDOWS\temp\tmp0000651e\tmp00000000 not found!
    File C:\WINDOWS\temp\tmp00000049\tmp00000000 not found!

    Registry entries deleted on Reboot...
    0
  9. BOB
     
    pour cette ligne

    C:\WINDOWS\System32\ups.exe

    j'avais regarder sur comment ca marche il indique ca

    http://www.commentcamarche.net/contents/processus/ups exe.php3
    0
  10. archet9
     
    ok....

    Le processus ups.exe (ups signifiant uninterruptible power supplies, en français onduleur) est un processus générique de Windows NT/2000/XP servant à gérer les onduleurs sous Windows.

    Le processus ups n'est en aucun cas un Virus résident, un ver, un cheval de Troie, un spyware, ni un AdWare.

    Il s'agit d'un processus système pouvant être arrêté.

    a+
    0
  11. archet9
     
    Non...

    Fais un scan avec cet antispyware :
    Telecharges malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´installes; mets le a jour...(onglet mise a jour)
    Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
    Puis click sur "rechercher".
    Laisses le scanner le pc...
    Si des elements on ete trouvés > click sur supprimer la selection.
    si il t´es demandé de redemarrer > click sur "oui".
    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
    Copies et colles le rapport stp.

    *****

    PUIS:

    Un nouveau RSIT tout neuf stpLogtxt uniquement...

    a+
    0