Gros virus qui me rend gaga

Résolu
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   -  
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
je vous explique,
depuis 1semaine 2 j'ai MS ANTIVIRUS 2008 qui rend fou mon pc,
ca m'affiche pleins de pub(débitel et compagnie) alors qu'avant j'avais pas tout sa,
Ensuite toutes les touches de mon clavier bug du fait a toute cette accumulation !!
je suis obligé de m'y reprendre a 2 fois pour taper un texte donc escusez moi des fautes !
Besoin d'aide urgent je vais jetter mon ordi sous un 3 tonnes si sa continu !!
A voir également:

59 réponses

Réponse 1 / 59
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   2
 
non ?
1
Réponse 2 / 59
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   2
 
Parce que non je n'ai pas désinstallé le truc,
Que dois je faire ?
1
Réponse 3 / 59
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Désinstalle HijackThis

---> Supprime SmitFraudFix, ComboFix et le dossier Qoobox situé dans C:\

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://forums.cnetfrance.fr
1
Réponse 4 / 59
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Salut,

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 59
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   2
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:05, on 20/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFE.EXE
C:\Users\iM3r\AppData\Roaming\Adobe\Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.ldlc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par LDLC.Com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7976222E-DC29-45CD-87EA-9D2397B52D0E} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\Users\iM3r\AppData\Local\Temp\E_S3D73.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Run] "C:\Users\iM3r\AppData\Roaming\Adobe\Manager.exe"
O4 - HKCU\..\Run: [\YUR6031.exe] C:\Windows\system32\YUR6031.exe
O4 - HKCU\..\Run: [\YURE48C.exe] C:\Windows\system32\YURE48C.exe
O4 - HKCU\..\Run: [\YUR6459.exe] C:\Windows\system32\YUR6459.exe
O4 - HKCU\..\Run: [\YURB78B.exe] C:\Windows\system32\YURB78B.exe
O4 - HKCU\..\Run: [\YUR3C73.exe] C:\Windows\system32\YUR3C73.exe
O4 - HKCU\..\Run: [\YUR169C.exe] C:\Windows\system32\YUR169C.exe
O4 - HKCU\..\Run: [\YUR9453.exe] C:\Windows\system32\YUR9453.exe
O4 - HKCU\..\Run: [\YUR1114.exe] C:\Windows\system32\YUR1114.exe
O4 - HKCU\..\Run: [\YUR8BB3.exe] C:\Windows\system32\YUR8BB3.exe
O4 - HKCU\..\Run: [\YUR670.exe] C:\Windows\system32\YUR670.exe
O4 - HKCU\..\Run: [\YUR811F.exe] C:\Windows\system32\YUR811F.exe
O4 - HKCU\..\Run: [\YUR6641.exe] C:\Windows\system32\YUR6641.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [008e6461] rundll32.exe "C:\Users\iM3r\AppData\Local\Temp\jpgyuunc.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\iM3r\AppData\Local\Temp\qoMfgeeF.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (file missing)
0
Réponse 6 / 59
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   2
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:05, on 20/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFE.EXE
C:\Users\iM3r\AppData\Roaming\Adobe\Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.ldlc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par LDLC.Com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7976222E-DC29-45CD-87EA-9D2397B52D0E} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\Users\iM3r\AppData\Local\Temp\E_S3D73.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Run] "C:\Users\iM3r\AppData\Roaming\Adobe\Manager.exe"
O4 - HKCU\..\Run: [\YUR6031.exe] C:\Windows\system32\YUR6031.exe
O4 - HKCU\..\Run: [\YURE48C.exe] C:\Windows\system32\YURE48C.exe
O4 - HKCU\..\Run: [\YUR6459.exe] C:\Windows\system32\YUR6459.exe
O4 - HKCU\..\Run: [\YURB78B.exe] C:\Windows\system32\YURB78B.exe
O4 - HKCU\..\Run: [\YUR3C73.exe] C:\Windows\system32\YUR3C73.exe
O4 - HKCU\..\Run: [\YUR169C.exe] C:\Windows\system32\YUR169C.exe
O4 - HKCU\..\Run: [\YUR9453.exe] C:\Windows\system32\YUR9453.exe
O4 - HKCU\..\Run: [\YUR1114.exe] C:\Windows\system32\YUR1114.exe
O4 - HKCU\..\Run: [\YUR8BB3.exe] C:\Windows\system32\YUR8BB3.exe
O4 - HKCU\..\Run: [\YUR670.exe] C:\Windows\system32\YUR670.exe
O4 - HKCU\..\Run: [\YUR811F.exe] C:\Windows\system32\YUR811F.exe
O4 - HKCU\..\Run: [\YUR6641.exe] C:\Windows\system32\YUR6641.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [008e6461] rundll32.exe "C:\Users\iM3r\AppData\Local\Temp\jpgyuunc.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\iM3r\AppData\Local\Temp\qoMfgeeF.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (file missing)
0
Réponse 7 / 59
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
C'est très joli...

---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 13213 desactiver l uac de windows vista

- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

- Enregistre-le sur le bureau

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
0
Réponse 8 / 59
im3r
 
SmitFraudFix v2.352

Scan done at 10:30:00,25, 20/09/2008
Run from C:\Users\iM3r\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\alg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFE.EXE
C:\Users\iM3r\AppData\Roaming\Adobe\Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

C:\Windows\system32\1.ico FOUND !
C:\Windows\system32\MicroAV.cpl FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\iM3r


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\iM3r\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\iM3r\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\Users\iM3r\Desktop\QUALITY PORN.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\PCHealthCenter\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Linksys Wireless-G PCI Adapter
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 9 / 59
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
- Redémarre ton ordinateur en mode sans échec :
https://blog.sosordi.net/

- Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

- Réponds O(oui) à ces deux questions si elles te sont posées

Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?

- Un rapport sera généré, sauvegarde-le sur le bureau

- Redémarre en mode normal

- Poste le rapport SmitfraudFix
0
Réponse 10 / 59
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   2
 
SmitFraudFix v2.352

Scan done at 10:53:38,18, 20/09/2008
Run from C:\Users\iM3r\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Windows\system32\1.ico Deleted
C:\Windows\system32\2.ico Deleted
C:\Windows\system32\MicroAV.cpl Deleted
C:\Users\iM3r\Desktop\BEST ZOO PORN.url Deleted
C:\Users\iM3r\Desktop\QUALITY PORN.url Deleted
C:\Program Files\PCHealthCenter\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 11 / 59
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Supprime SmitFraudFix

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici
0
Réponse 12 / 59
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   2
 
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1103
Windows 6.0.6000

20/09/2008 11:44:31
mbam-log-2008-09-20 (11-44-31).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 197055
Temps écoulé: 33 minute(s), 26 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Users\iM3r\AppData\Local\Temp\qoMfgeeF.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d31dd850-f2f1-4949-882b-6e73cf6d4e29} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d31dd850-f2f1-4949-882b-6e73cf6d4e29} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\008e6461 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\008e6461 (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\users\im3r\appdata\local\temp\qomfgeef -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\users\im3r\appdata\local\temp\qomfgeef -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\iM3r\AppData\Local\Temp\qoMfgeeF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Users\iM3r\AppData\Local\Temp\FeegfMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Temp\FeegfMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xdlxwknj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\jnkwxldx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXTOZHY\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W6414SJ\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W6414SJ\cntr[2].gif (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7YYS4R9\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K55FIR90\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K55FIR90\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Roaming\Adobe\Manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
0
Réponse 13 / 59
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Après redémarrage :

---> Relance MBAM, va dans Quarantaine et supprime tout

---> Poste un nouveau rapport HijackThis
0
Réponse 14 / 59
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   2
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:28, on 20/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\YURBD17.exe
C:\Windows\System32\YUR39E4.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par LDLC.Com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7976222E-DC29-45CD-87EA-9D2397B52D0E} - (no file)
O3 - Toolbar: fqbewlna - {32678B97-2C98-4D22-A8F6-55C35572E946} - C:\Windows\fqbewlna.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [\YURD519.exe] C:\Windows\system32\YURD519.exe
O4 - HKLM\..\Run: [\YURD670.exe] C:\Windows\system32\YURD670.exe
O4 - HKLM\..\Run: [\YURDA57.exe] C:\Windows\system32\YURDA57.exe
O4 - HKLM\..\Run: [\YURDD24.exe] C:\Windows\system32\YURDD24.exe
O4 - HKLM\..\Run: [\YUR5CFD.exe] C:\Windows\system32\YUR5CFD.exe
O4 - HKLM\..\Run: [\YURBFC5.exe] C:\Windows\system32\YURBFC5.exe
O4 - HKLM\..\Run: [\YURBD17.exe] C:\Windows\system32\YURBD17.exe
O4 - HKLM\..\Run: [\YURBD18.exe] C:\Windows\system32\YURBD18.exe
O4 - HKLM\..\Run: [\YURBB91.exe] C:\Windows\system32\YURBB91.exe
O4 - HKLM\..\Run: [\YUR39E4.exe] C:\Windows\system32\YUR39E4.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [\YURABA9.exe] C:\Windows\system32\YURABA9.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\Users\iM3r\AppData\Local\Temp\E_S3D73.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [\YUR6031.exe] C:\Windows\system32\YUR6031.exe
O4 - HKCU\..\Run: [\YURE48C.exe] C:\Windows\system32\YURE48C.exe
O4 - HKCU\..\Run: [\YUR6459.exe] C:\Windows\system32\YUR6459.exe
O4 - HKCU\..\Run: [\YURB78B.exe] C:\Windows\system32\YURB78B.exe
O4 - HKCU\..\Run: [\YUR3C73.exe] C:\Windows\system32\YUR3C73.exe
O4 - HKCU\..\Run: [\YUR169C.exe] C:\Windows\system32\YUR169C.exe
O4 - HKCU\..\Run: [\YUR9453.exe] C:\Windows\system32\YUR9453.exe
O4 - HKCU\..\Run: [\YUR1114.exe] C:\Windows\system32\YUR1114.exe
O4 - HKCU\..\Run: [\YUR8BB3.exe] C:\Windows\system32\YUR8BB3.exe
O4 - HKCU\..\Run: [\YUR670.exe] C:\Windows\system32\YUR670.exe
O4 - HKCU\..\Run: [\YUR811F.exe] C:\Windows\system32\YUR811F.exe
O4 - HKCU\..\Run: [\YUR6641.exe] C:\Windows\system32\YUR6641.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [\YURD519.exe] C:\Windows\system32\YURD519.exe
O4 - HKCU\..\Run: [\YURD670.exe] C:\Windows\system32\YURD670.exe
O4 - HKCU\..\Run: [\YURDA57.exe] C:\Windows\system32\YURDA57.exe
O4 - HKCU\..\Run: [\YURDD24.exe] C:\Windows\system32\YURDD24.exe
O4 - HKCU\..\Run: [\YUR5CFD.exe] C:\Windows\system32\YUR5CFD.exe
O4 - HKCU\..\Run: [\YURBFC5.exe] C:\Windows\system32\YURBFC5.exe
O4 - HKCU\..\Run: [\YURBD17.exe] C:\Windows\system32\YURBD17.exe
O4 - HKCU\..\Run: [\YURBD18.exe] C:\Windows\system32\YURBD18.exe
O4 - HKCU\..\Run: [\YURBB91.exe] C:\Windows\system32\YURBB91.exe
O4 - HKCU\..\Run: [\YUR39E4.exe] C:\Windows\system32\YUR39E4.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [\YURABA9.exe] C:\Windows\system32\YURABA9.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (file missing)
0
Réponse 15 / 59
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 13213 desactiver l uac de windows vista

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 16 / 59
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   2
 
ComboFix 08-09-19.09 - iM3r 2008-09-20 12:17:51.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1268 [GMT 2:00]
Lancé depuis: C:\Users\iM3r\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.cpl
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV0.dat
C:\Program Files\MicroAV\MicroAV1.dat
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0/u.exe
C:\Program Files\PCHealthCenter\[u]0/u.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\iM3r\AppData\Roaming\Adobe\crc.dat
C:\Windows\26.6315.exe
C:\Windows\eflx.exe
C:\Windows\elms.exe
C:\Windows\fqbewlna.dll
C:\Windows\mqgldfvo.exe
C:\Windows\system32\1.ico
C:\Windows\system32\2.ico
C:\Windows\system32\actskn43.ocx
C:\Windows\system32\MSINET.oca
C:\x

----- BITS: Il y a peut-être des sites infectés -----

http://hqsextube08.com
http://lovelypornovideo.net
http://pornotube30.net
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 08:53 691 ----a-w C:\Users\iM3r\AppData\Roaming\GetValue.vbs
2008-09-20 08:53 4,964 ----a-w C:\Windows\System32\tmp.reg
2008-09-20 08:53 35 ----a-w C:\Users\iM3r\AppData\Roaming\SetValue.bat
2008-09-20 08:18 --------- dc----w C:\Program Files\Trend Micro
2008-09-20 06:58 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-19 10:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-19 01:06 74,752 ----a-w C:\Windows\System32\YUR3EB4.exe
2008-09-19 01:06 74,752 ----a-w C:\Windows\System32\YUR39E4.exe
2008-09-19 01:06 25,088 ----a-w C:\Windows\System32\YUR4EF9.exe
2008-09-19 01:06 25,088 ----a-w C:\Windows\System32\YUR4DD1.exe
2008-09-19 01:06 24,064 ----a-w C:\Windows\System32\YURBD18.exe
2008-09-19 01:06 24,064 ----a-w C:\Windows\System32\YURBD17.exe
2008-09-19 01:06 24,064 ----a-w C:\Windows\System32\YURBB91.exe
2008-09-19 01:06 24,064 ----a-w C:\Windows\System32\YURABA9.exe
2008-09-19 01:06 24,064 ----a-w C:\Windows\System32\YUR52EF.exe
2008-09-16 15:53 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-14 07:41 --------- d---a-w C:\ProgramData\TEMP
2008-09-14 07:34 --------- dc----w C:\Program Files\RelevantKnowledge
2008-09-14 07:17 --------- dc----w C:\Program Files\SUPERAntiSpyware
2008-09-14 07:17 --------- d-----w C:\Users\iM3r\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 07:17 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 07:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-13 17:36 --------- dc----w C:\Program Files\Enigma Software Group
2008-09-12 14:20 159,744 ----a-w C:\Windows\System32\mx14876.dll
2008-09-12 14:19 50,373,731 ----a-w C:\Windows\Adobe Photoshop CS3 Lite.exe
2008-09-12 14:05 --------- dc----w C:\Program Files\Paint.NET
2008-09-12 08:40 --------- dc----w C:\Program Files\epson
2008-09-11 17:54 --------- d-----w C:\Users\iM3r\AppData\Roaming\EPSON
2008-09-11 13:14 --------- d-----w C:\ProgramData\WLInstaller
2008-09-11 06:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 17:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-10 16:58 --------- d-----w C:\ProgramData\UDL
2008-09-10 16:56 --------- dc----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-09-10 16:54 --------- d-----w C:\ProgramData\EPSON
2008-09-08 21:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-09-08 13:57 737,280 ----a-w C:\Windows\iun6002.exe
2008-09-08 13:57 --------- dc----w C:\Program Files\AndreaMosaic Beta
2008-09-08 06:08 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 17:35 --------- d-----w C:\Users\iM3r\AppData\Roaming\uTorrent
2008-09-04 15:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-04 13:23 --------- d-----w C:\Users\iM3r\AppData\Roaming\.wyzo
2008-09-04 06:51 --------- dc----w C:\Program Files\AGEIA Technologies
2008-09-04 06:44 --------- d-----w C:\ProgramData\GRAW2
2008-09-03 14:11 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-09-02 20:08 --------- dc----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-02 20:08 --------- d-----w C:\Users\iM3r\AppData\Roaming\Malwarebytes
2008-09-02 20:08 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-02 18:02 --------- d-----w C:\ProgramData\ArcSoft
2008-09-02 17:14 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-09-02 14:51 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-27 18:40 --------- d-----w C:\Users\iM3r\AppData\Roaming\Ubisoft
2008-08-27 18:39 --------- d-----w C:\ProgramData\Ubisoft
2008-08-27 18:30 --------- d-----w C:\Users\iM3r\AppData\Roaming\InstallShield
2008-08-25 09:58 --------- dc----w C:\Program Files\Sun
2008-08-25 09:58 --------- d-----w C:\Program Files\Java
2008-08-24 19:12 --------- d-----w C:\Users\iM3r\AppData\Roaming\OpenOffice.org2
2008-08-20 06:27 --------- d-----w C:\Users\iM3r\AppData\Roaming\Samsung
2008-08-18 10:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-15 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 17:30 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-08-10 17:29 --------- d-----w C:\ProgramData\VideoSpin
2008-08-10 17:27 --------- d-----w C:\ProgramData\Pinnacle
2008-08-07 10:52 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-06 10:54 --------- d-----w C:\Users\iM3r\AppData\Roaming\Blender Foundation
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-20 15:09 --------- d-----w C:\Users\iM3r\AppData\Roaming\TransRender
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 11:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2007-11-16 14:42 22,328 ----a-w C:\Users\iM3r\AppData\Roaming\PnkBstrK.sys
2007-06-23 16:25 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-06-24 190024]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-20 171448]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 1510640]
"\YURBD17.exe"="C:\Windows\system32\YURBD17.exe" [2008-09-19 24064]
"\YURBD18.exe"="C:\Windows\system32\YURBD18.exe" [2008-09-19 24064]
"\YURBB91.exe"="C:\Windows\system32\YURBB91.exe" [2008-09-19 24064]
"\YUR39E4.exe"="C:\Windows\system32\YUR39E4.exe" [2008-09-19 74752]
"\YURABA9.exe"="C:\Windows\system32\YURABA9.exe" [2008-09-19 24064]
"\YUR3EB4.exe"="C:\Windows\system32\YUR3EB4.exe" [2008-09-19 74752]
"\YUR4DD1.exe"="C:\Windows\system32\YUR4DD1.exe" [2008-09-19 25088]
"\YUR4EF9.exe"="C:\Windows\system32\YUR4EF9.exe" [2008-09-19 25088]
"\YUR52EF.exe"="C:\Windows\system32\YUR52EF.exe" [2008-09-19 24064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208]
"UnlockerAssistant"="D:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"\YURBD17.exe"="C:\Windows\system32\YURBD17.exe" [2008-09-19 24064]
"\YURBD18.exe"="C:\Windows\system32\YURBD18.exe" [2008-09-19 24064]
"\YURBB91.exe"="C:\Windows\system32\YURBB91.exe" [2008-09-19 24064]
"\YUR39E4.exe"="C:\Windows\system32\YUR39E4.exe" [2008-09-19 74752]
"\YURABA9.exe"="C:\Windows\system32\YURABA9.exe" [2008-09-19 24064]
"\YUR3EB4.exe"="C:\Windows\system32\YUR3EB4.exe" [2008-09-19 74752]
"\YUR4DD1.exe"="C:\Windows\system32\YUR4DD1.exe" [2008-09-19 25088]
"\YUR4EF9.exe"="C:\Windows\system32\YUR4EF9.exe" [2008-09-19 25088]
"\YUR52EF.exe"="C:\Windows\system32\YUR52EF.exe" [2008-09-19 24064]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 C:\Windows\System32\ptipbmf.dll]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 C:\Windows\System32\ptipbm.dll]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{466BB97F-763F-4389-B2EE-3ECEF5AFC265}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C9F0357F-8FB3-46C0-862B-3A90AD89BD2D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E7C3C09F-59D5-4BE2-8297-31A3924F722B}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{568C2419-1FD8-46F6-A351-81DF6F97F8E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EDF137CB-ADF5-43EE-AE86-AFBCB131DCF0}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0E53DF14-500A-494C-B14E-C6F2E9BC7698}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EB9AF448-DAE7-4738-80D8-45DF078AF327}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{DE35F737-662E-4588-BF57-F08CB59B00B7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D450F052-FAB8-476A-B69E-5A2F19B93856}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{58C609C3-0A88-4E99-BD4D-0C2E5C8EEF40}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AA224AD9-9AE1-4403-84BB-3102F9F1C3BA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{24AD0EBB-1209-47AA-8BBE-4711A3288D9A}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{71CDAC5B-A69E-4B6F-B8B6-C7F592AD2E1B}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"{D8A199AE-97CC-4B7E-9D12-44A273142ECA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{899A0EA3-A571-493B-8F47-AEC74C9FD259}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EEB57C24-00FE-4693-80C0-55F920F56FF4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DB7296E2-33BF-4E8A-9BB3-F1A0E9D5C696}C:\\valve\\steam\\steam.exe"= UDP:C:\valve\steam\steam.exe:Steam
"UDP Query User{57EB6A92-8075-44D7-8E03-775D424FBDB4}C:\\valve\\steam\\steam.exe"= TCP:C:\valve\steam\steam.exe:Steam
"{6D622CC5-1486-4EF1-854D-C609838B1351}"= UDP:D:\Jeux Video\Bin32\Crysis.exe:Crysis_32_sp_demo
"{43445DB5-F264-4BCC-B0ED-C2BF6BC91250}"= TCP:D:\Jeux Video\Bin32\Crysis.exe:Crysis_32_sp_demo
"{F858FD5C-F8C3-4529-A6BD-857573494430}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12101783-120E-427D-8FA1-EEC399BC2E5B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{41188597-2C04-4EDB-B46C-919A6D959F79}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D59AB175-7615-4507-8964-E2181844339A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{BBA48EBD-8911-43F5-AE35-787B1B445373}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{F8E80C7B-8859-4F77-9EE3-1963BF819D8C}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{5934084E-1831-471E-983A-E8B65C942BE4}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{B76C5D0E-5DBE-44CD-A3E1-9F8E8735F287}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{664C6A29-3C7F-4D8D-A651-3C25CCD11622}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{0BC20E5E-3BC4-41FE-8A74-41600DF675E8}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"UDP Query User{AD714821-D8CA-46F8-88CD-A74D9774600A}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"TCP Query User{64352FB7-FF6F-41F2-A46B-DEB76E32DF6F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B831A2E2-AFEA-44D5-9842-F058853D01DD}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{121B9BB7-315E-44DC-B5FC-2D51DCD0FE5A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{17B32F7D-89CB-4382-8830-8479308DD99B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5EE1B676-6FCB-46F0-8C2E-8D3C1A0B648D}"= UDP:D:\Program Files\Programs\RM.exe:Render Manager
"{7CEBC61D-7CDB-4A56-9A24-47A6BC6B1221}"= TCP:D:\Program Files\Programs\RM.exe:Render Manager
"{D03DED42-53AF-45E8-B45F-DB3279BF5418}"= UDP:D:\Program Files\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{24E25D6D-D3A7-4171-82DD-1145993EB0C6}"= TCP:D:\Program Files\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{61FD464F-11D0-4FDF-A794-1AF1E8BCC52A}"= UDP:D:\Program Files\Programs\umi.exe:umi
"{EBAF80CF-32F7-44A1-8947-09FE63DDAEE2}"= TCP:D:\Program Files\Programs\umi.exe:umi
"{42AE84F2-7EC5-477B-9D1B-3F95621493C7}"= UDP:D:\Program Files\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{370728E4-A10A-4830-A4F8-E85C1D168233}"= TCP:D:\Program Files\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{D7B66A59-14BC-462A-9668-2C7BE3D54B42}"= UDP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{A27175C2-3FC6-4401-BF18-520651C53A7D}"= TCP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{4E7D76C2-4658-4B60-B619-8BBB13EB1B4B}"= UDP:D:\Program Files\uTorrent.exe:µTorrent (TCP-In)
"{47B45957-0138-4E23-BA85-94E4AAA867DE}"= TCP:D:\Program Files\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{993D5682-791A-4B8E-86CE-2A0396AF76A4}C:\\users\\im3r\\desktop\\utorrent.exe"= UDP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"UDP Query User{6C307C85-F138-48B8-815B-E3F231642274}C:\\users\\im3r\\desktop\\utorrent.exe"= TCP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"TCP Query User{DD4CC9FA-AD8B-441F-8F0A-E6A49E577032}C:\\users\\im3r\\desktop\\utorrent.exe"= UDP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"UDP Query User{04AD187D-B97F-47D2-B7DC-B4DEEDD23FF5}C:\\users\\im3r\\desktop\\utorrent.exe"= TCP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"{FC761D09-3CB9-4061-9651-A777D0A44F6F}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{E37A02FE-B018-4CF0-8071-45324159CDE7}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{92142B85-3D06-48B7-8743-BB21D77492E1}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6E58E642-BC0F-4A7A-BD05-79DAE028793B}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{3005730E-9103-4074-9519-97E3A97D6A7C}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3805D176-B9A1-4ED5-B1FA-C4A6C3ADB35B}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{9FDDCEAB-76D8-490B-B530-74C934EC5E51}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4ECE267E-899F-4BD6-9AEA-2FA6D64225B7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{826D0AAC-A095-4F89-9347-0E2FCA3D37FF}D:\\jeux video\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:D:\jeux video\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"UDP Query User{E39B93D3-F22E-4486-B181-1D5500A199D8}D:\\jeux video\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:D:\jeux video\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"TCP Query User{98E0AA0A-0B0F-4F7C-9994-CDA048083AD8}D:\\wyzo\\wyzo.exe"= UDP:D:\wyzo\wyzo.exe:Wyzo
"UDP Query User{E1AA1347-1FE2-4DBF-AFF6-1DCE44E0D6F3}D:\\wyzo\\wyzo.exe"= TCP:D:\wyzo\wyzo.exe:Wyzo
"{9EA6A76E-EB6F-4E75-B30E-4F0A4483A875}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0DB78905-ED5F-42EB-A676-104D13CD239F}D:\\jeux video\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:D:\jeux video\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{CEC7EC99-91EB-40A2-B3F1-BDE8EC1BA0B0}D:\\jeux video\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:D:\jeux video\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files\RelevantKnowledge\rlservice.exe [ ]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-16 92656]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdb0afb-9fd8-11dc-ba2f-806e6f6e6963}]
\shell\AutoRun\command - Explorer URL=http:\\www.topannonces.fr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d61173f1-1e56-11dc-9b02-806e6f6e6963}]
\shell\AutoRun\command - E:\EPSETUP.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{7976222E-DC29-45CD-87EA-9D2397B52D0E} - (no file)
Toolbar-{32678B97-2C98-4D22-A8F6-55C35572E946} - C:\Windows\fqbewlna.dll
HKCU-Run-Steam - c:\valve\steam\steam.exe
HKCU-Run-\YUR6031.exe - C:\Windows\system32\YUR6031.exe
HKCU-Run-\YURE48C.exe - C:\Windows\system32\YURE48C.exe
HKCU-Run-\YUR6459.exe - C:\Windows\system32\YUR6459.exe
HKCU-Run-\YURB78B.exe - C:\Windows\system32\YURB78B.exe
HKCU-Run-\YUR3C73.exe - C:\Windows\system32\YUR3C73.exe
HKCU-Run-\YUR169C.exe - C:\Windows\system32\YUR169C.exe
HKCU-Run-\YUR9453.exe - C:\Windows\system32\YUR9453.exe
HKCU-Run-\YUR1114.exe - C:\Windows\system32\YUR1114.exe
HKCU-Run-\YUR8BB3.exe - C:\Windows\system32\YUR8BB3.exe
HKCU-Run-\YUR670.exe - C:\Windows\system32\YUR670.exe
HKCU-Run-\YUR811F.exe - C:\Windows\system32\YUR811F.exe
HKCU-Run-\YUR6641.exe - C:\Windows\system32\YUR6641.exe
HKCU-Run-\YURD519.exe - C:\Windows\system32\YURD519.exe
HKCU-Run-\YURD670.exe - C:\Windows\system32\YURD670.exe
HKCU-Run-\YURDA57.exe - C:\Windows\system32\YURDA57.exe
HKCU-Run-\YURDD24.exe - C:\Windows\system32\YURDD24.exe
HKCU-Run-\YUR5CFD.exe - C:\Windows\system32\YUR5CFD.exe
HKCU-Run-\YURBFC5.exe - C:\Windows\system32\YURBFC5.exe
HKLM-Run-\YURD519.exe - C:\Windows\system32\YURD519.exe
HKLM-Run-\YURD670.exe - C:\Windows\system32\YURD670.exe
HKLM-Run-\YURDA57.exe - C:\Windows\system32\YURDA57.exe
HKLM-Run-\YURDD24.exe - C:\Windows\system32\YURDD24.exe
HKLM-Run-\YUR5CFD.exe - C:\Windows\system32\YUR5CFD.exe
HKLM-Run-\YURBFC5.exe - C:\Windows\system32\YURBFC5.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
MSConfigStartUp-Comrade - C:\Program Files\GameSpy\Comrade\Comrade.exe


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = www.orange.fr/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 12:19:34
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-20 12:21:03
ComboFix-quarantined-files.txt 2008-09-20 10:20:19

Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 13,881,294,848 octets libres

346 --- E O F --- 2008-09-20 06:59:08
0
Réponse 17 / 59
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Je te fais un script.
0
Réponse 18 / 59
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   2
 
en tous cas merci de ton aide !!
Je dois être vraiment infecté pour faire tout sa
0
Réponse 19 / 59
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
/!\ Seul im3r peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :





KillAll::

File::
C:\Windows\System32\YUR3EB4.exe
C:\Windows\System32\YUR39E4.exe
C:\Windows\System32\YUR4EF9.exe
C:\Windows\System32\YUR4DD1.exe
C:\Windows\System32\YURBD18.exe
C:\Windows\System32\YURBD17.exe
C:\Windows\System32\YURBB91.exe
C:\Windows\System32\YURABA9.exe
C:\Windows\System32\YUR52EF.exe
C:\Windows\iun6002.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"=-
"swg"=-
"LogitechSoftwareUpdate"=-
"\YURBD17.exe"=-
"\YURBD18.exe"=-
"\YURBB91.exe"=-
"\YUR39E4.exe"=-
"\YURABA9.exe"=-
"\YUR3EB4.exe"=-
"\YUR4DD1.exe"=-
"\YUR4EF9.exe"=-
"\YUR52EF.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"\YURBD17.exe"=-
"\YURBD18.exe"=-
"\YURBB91.exe"=-
"\YUR39E4.exe"=-
"\YURABA9.exe"=-
"\YUR3EB4.exe"=-
"\YUR4DD1.exe"=-
"\YUR4EF9.exe"=-
"\YUR52EF.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdb0afb-9fd8-11dc-ba2f-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d61173f1-1e56-11dc-9b02-806e6f6e6963}]





---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 20 / 59
im3r Messages postés 51 Date d'inscription   Statut Membre Dernière intervention   2
 
ComboFix 08-09-19.09 - iM3r 2008-09-20 12:43:40.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1401 [GMT 2:00]
Lancé depuis: C:\Users\iM3r\Desktop\ComboFix.exe
Commutateurs utilisés :: C:\Users\iM3r\Desktop\CFScript.txt

FILE ::
C:\Windows\iun6002.exe
C:\Windows\System32\YUR39E4.exe
C:\Windows\System32\YUR3EB4.exe
C:\Windows\System32\YUR4DD1.exe
C:\Windows\System32\YUR4EF9.exe
C:\Windows\System32\YUR52EF.exe
C:\Windows\System32\YURABA9.exe
C:\Windows\System32\YURBB91.exe
C:\Windows\System32\YURBD17.exe
C:\Windows\System32\YURBD18.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\iun6002.exe
C:\Windows\System32\YUR3EB4.exe
C:\Windows\System32\YUR4DD1.exe
C:\Windows\System32\YUR4EF9.exe
C:\Windows\System32\YUR52EF.exe
C:\Windows\System32\YURABA9.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 08:53 691 ----a-w C:\Users\iM3r\AppData\Roaming\GetValue.vbs
2008-09-20 08:53 35 ----a-w C:\Users\iM3r\AppData\Roaming\SetValue.bat
2008-09-20 08:18 --------- dc----w C:\Program Files\Trend Micro
2008-09-20 06:58 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-16 15:53 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-14 07:41 --------- d---a-w C:\ProgramData\TEMP
2008-09-14 07:34 --------- dc----w C:\Program Files\RelevantKnowledge
2008-09-14 07:17 --------- dc----w C:\Program Files\SUPERAntiSpyware
2008-09-14 07:17 --------- d-----w C:\Users\iM3r\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 07:17 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 07:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-13 17:36 --------- dc----w C:\Program Files\Enigma Software Group
2008-09-12 14:19 50,373,731 ----a-w C:\Windows\Adobe Photoshop CS3 Lite.exe
2008-09-12 14:05 --------- dc----w C:\Program Files\Paint.NET
2008-09-12 08:40 --------- dc----w C:\Program Files\epson
2008-09-11 17:54 --------- d-----w C:\Users\iM3r\AppData\Roaming\EPSON
2008-09-11 13:14 --------- d-----w C:\ProgramData\WLInstaller
2008-09-11 06:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 17:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-10 16:58 --------- d-----w C:\ProgramData\UDL
2008-09-10 16:56 --------- dc----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-09-10 16:54 --------- d-----w C:\ProgramData\EPSON
2008-09-08 13:57 --------- dc----w C:\Program Files\AndreaMosaic Beta
2008-09-08 06:08 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 17:35 --------- d-----w C:\Users\iM3r\AppData\Roaming\uTorrent
2008-09-04 15:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-04 13:23 --------- d-----w C:\Users\iM3r\AppData\Roaming\.wyzo
2008-09-04 06:51 --------- dc----w C:\Program Files\AGEIA Technologies
2008-09-04 06:44 --------- d-----w C:\ProgramData\GRAW2
2008-09-03 14:11 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-09-02 20:08 --------- dc----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-02 20:08 --------- d-----w C:\Users\iM3r\AppData\Roaming\Malwarebytes
2008-09-02 20:08 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-02 18:02 --------- d-----w C:\ProgramData\ArcSoft
2008-09-02 17:14 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-27 18:40 --------- d-----w C:\Users\iM3r\AppData\Roaming\Ubisoft
2008-08-27 18:39 --------- d-----w C:\ProgramData\Ubisoft
2008-08-27 18:30 --------- d-----w C:\Users\iM3r\AppData\Roaming\InstallShield
2008-08-25 09:58 --------- dc----w C:\Program Files\Sun
2008-08-25 09:58 --------- d-----w C:\Program Files\Java
2008-08-24 19:12 --------- d-----w C:\Users\iM3r\AppData\Roaming\OpenOffice.org2
2008-08-20 06:27 --------- d-----w C:\Users\iM3r\AppData\Roaming\Samsung
2008-08-15 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 17:30 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-08-10 17:29 --------- d-----w C:\ProgramData\VideoSpin
2008-08-10 17:27 --------- d-----w C:\ProgramData\Pinnacle
2008-08-07 10:52 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-06 10:54 --------- d-----w C:\Users\iM3r\AppData\Roaming\Blender Foundation
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-20 15:09 --------- d-----w C:\Users\iM3r\AppData\Roaming\TransRender
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-10 11:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-11-16 14:42 22,328 ----a-w C:\Users\iM3r\AppData\Roaming\PnkBstrK.sys
2007-06-23 16:25 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-20_12.20.05.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-20 09:49:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-20 10:47:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-20 10:47:27 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-20 10:19:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-20 10:47:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-20 10:47:27 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-20 10:18:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-20 10:40:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-20 10:18:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-20 10:40:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-20 10:18:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-20 10:40:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-20 10:18:40 124,938 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-20 10:28:07 124,938 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-20 10:18:40 144,656 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-20 10:28:07 144,656 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-20 10:18:40 664,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-20 10:28:07 664,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-20 10:18:40 754,470 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-20 10:28:07 754,470 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-20 09:50:18 13,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1863894731-3784064027-2305876514-1003_UserData.bin
+ 2008-09-20 10:25:16 13,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1863894731-3784064027-2305876514-1003_UserData.bin
- 2008-09-20 09:50:17 50,790 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-20 10:25:16 50,790 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-20 09:50:16 52,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-20 10:48:57 53,368 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208]
"UnlockerAssistant"="D:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 C:\Windows\System32\ptipbmf.dll]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 C:\Windows\System32\ptipbm.dll]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 C:\Windows\RtHDVCpl.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{466BB97F-763F-4389-B2EE-3ECEF5AFC265}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C9F0357F-8FB3-46C0-862B-3A90AD89BD2D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E7C3C09F-59D5-4BE2-8297-31A3924F722B}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{568C2419-1FD8-46F6-A351-81DF6F97F8E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EDF137CB-ADF5-43EE-AE86-AFBCB131DCF0}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0E53DF14-500A-494C-B14E-C6F2E9BC7698}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EB9AF448-DAE7-4738-80D8-45DF078AF327}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{DE35F737-662E-4588-BF57-F08CB59B00B7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D450F052-FAB8-476A-B69E-5A2F19B93856}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{58C609C3-0A88-4E99-BD4D-0C2E5C8EEF40}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AA224AD9-9AE1-4403-84BB-3102F9F1C3BA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{24AD0EBB-1209-47AA-8BBE-4711A3288D9A}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{71CDAC5B-A69E-4B6F-B8B6-C7F592AD2E1B}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"{D8A199AE-97CC-4B7E-9D12-44A273142ECA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{899A0EA3-A571-493B-8F47-AEC74C9FD259}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EEB57C24-00FE-4693-80C0-55F920F56FF4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DB7296E2-33BF-4E8A-9BB3-F1A0E9D5C696}C:\\valve\\steam\\steam.exe"= UDP:C:\valve\steam\steam.exe:Steam
"UDP Query User{57EB6A92-8075-44D7-8E03-775D424FBDB4}C:\\valve\\steam\\steam.exe"= TCP:C:\valve\steam\steam.exe:Steam
"{6D622CC5-1486-4EF1-854D-C609838B1351}"= UDP:D:\Jeux Video\Bin32\Crysis.exe:Crysis_32_sp_demo
"{43445DB5-F264-4BCC-B0ED-C2BF6BC91250}"= TCP:D:\Jeux Video\Bin32\Crysis.exe:Crysis_32_sp_demo
"{F858FD5C-F8C3-4529-A6BD-857573494430}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12101783-120E-427D-8FA1-EEC399BC2E5B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{41188597-2C04-4EDB-B46C-919A6D959F79}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D59AB175-7615-4507-8964-E2181844339A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{BBA48EBD-8911-43F5-AE35-787B1B445373}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{F8E80C7B-8859-4F77-9EE3-1963BF819D8C}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{5934084E-1831-471E-983A-E8B65C942BE4}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{B76C5D0E-5DBE-44CD-A3E1-9F8E8735F287}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{664C6A29-3C7F-4D8D-A651-3C25CCD11622}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{0BC20E5E-3BC4-41FE-8A74-41600DF675E8}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"UDP Query User{AD714821-D8CA-46F8-88CD-A74D9774600A}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"TCP Query User{64352FB7-FF6F-41F2-A46B-DEB76E32DF6F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B831A2E2-AFEA-44D5-9842-F058853D01DD}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{121B9BB7-315E-44DC-B5FC-2D51DCD0FE5A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{17B32F7D-89CB-4382-8830-8479308DD99B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5EE1B676-6FCB-46F0-8C2E-8D3C1A0B648D}"= UDP:D:\Program Files\Programs\RM.exe:Render Manager
"{7CEBC61D-7CDB-4A56-9A24-47A6BC6B1221}"= TCP:D:\Program Files\Programs\RM.exe:Render Manager
"{D03DED42-53AF-45E8-B45F-DB3279BF5418}"= UDP:D:\Program Files\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{24E25D6D-D3A7-4171-82DD-1145993EB0C6}"= TCP:D:\Program Files\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{61FD464F-11D0-4FDF-A794-1AF1E8BCC52A}"= UDP:D:\Program Files\Programs\umi.exe:umi
"{EBAF80CF-32F7-44A1-8947-09FE63DDAEE2}"= TCP:D:\Program Files\Programs\umi.exe:umi
"{42AE84F2-7EC5-477B-9D1B-3F95621493C7}"= UDP:D:\Program Files\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{370728E4-A10A-4830-A4F8-E85C1D168233}"= TCP:D:\Program Files\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{D7B66A59-14BC-462A-9668-2C7BE3D54B42}"= UDP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{A27175C2-3FC6-4401-BF18-520651C53A7D}"= TCP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{4E7D76C2-4658-4B60-B619-8BBB13EB1B4B}"= UDP:D:\Program Files\uTorrent.exe:µTorrent (TCP-In)
"{47B45957-0138-4E23-BA85-94E4AAA867DE}"= TCP:D:\Program Files\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{993D5682-791A-4B8E-86CE-2A0396AF76A4}C:\\users\\im3r\\desktop\\utorrent.exe"= UDP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"UDP Query User{6C307C85-F138-48B8-815B-E3F231642274}C:\\users\\im3r\\desktop\\utorrent.exe"= TCP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"TCP Query User{DD4CC9FA-AD8B-441F-8F0A-E6A49E577032}C:\\users\\im3r\\desktop\\utorrent.exe"= UDP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"UDP Query User{04AD187D-B97F-47D2-B7DC-B4DEEDD23FF5}C:\\users\\im3r\\desktop\\utorrent.exe"= TCP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"{FC761D09-3CB9-4061-9651-A777D0A44F6F}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{E37A02FE-B018-4CF0-8071-45324159CDE7}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{92142B85-3D06-48B7-8743-BB21D77492E1}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6E58E642-BC0F-4A7A-BD05-79DAE028793B}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{3005730E-9103-4074-9519-97E3A97D6A7C}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3805D176-B9A1-4ED5-B1FA-C4A6C3ADB35B}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{9FDDCEAB-76D8-490B-B530-74C934EC5E51}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4ECE267E-899F-4BD6-9AEA-2FA6D64225B7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{826D0AAC-A095-4F89-9347-0E2FCA3D37FF}D:\\jeux video\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:D:\jeux video\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"UDP Query User{E39B93D3-F22E-4486-B181-1D5500A199D8}D:\\jeux video\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:D:\jeux video\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"TCP Query User{98E0AA0A-0B0F-4F7C-9994-CDA048083AD8}D:\\wyzo\\wyzo.exe"= UDP:D:\wyzo\wyzo.exe:Wyzo
"UDP Query User{E1AA1347-1FE2-4DBF-AFF6-1DCE44E0D6F3}D:\\wyzo\\wyzo.exe"= TCP:D:\wyzo\wyzo.exe:Wyzo
"{9EA6A76E-EB6F-4E75-B30E-4F0A4483A875}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0DB78905-ED5F-42EB-A676-104D13CD239F}D:\\jeux video\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:D:\jeux video\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{CEC7EC99-91EB-40A2-B3F1-BDE8EC1BA0B0}D:\\jeux video\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:D:\jeux video\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files\RelevantKnowledge\rlservice.exe [ ]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-16 92656]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-\YURBD17.exe - C:\Windows\system32\YURBD17.exe
HKCU-Run-\YURBD18.exe - C:\Windows\system32\YURBD18.exe
HKCU-Run-\YURBB91.exe - C:\Windows\system32\YURBB91.exe
HKCU-Run-\YUR39E4.exe - C:\Windows\system32\YUR39E4.exe
HKCU-Run-\YURABA9.exe - C:\Windows\system32\YURABA9.exe
HKCU-Run-\YUR3EB4.exe - C:\Windows\system32\YUR3EB4.exe
HKCU-Run-\YUR4DD1.exe - C:\Windows\system32\YUR4DD1.exe
HKCU-Run-\YUR4EF9.exe - C:\Windows\system32\YUR4EF9.exe
HKCU-Run-\YUR52EF.exe - C:\Windows\system32\YUR52EF.exe
HKCU-Run-\YURA0D0.exe - C:\Windows\system32\YURA0D0.exe
HKCU-Run-\YURA266.exe - C:\Windows\system32\YURA266.exe
HKCU-Run-\YURA478.exe - C:\Windows\system32\YURA478.exe
HKCU-Run-\YUR1E68.exe - C:\Windows\system32\YUR1E68.exe
HKLM-Run-\YURBD17.exe - C:\Windows\system32\YURBD17.exe
HKLM-Run-\YURBD18.exe - C:\Windows\system32\YURBD18.exe
HKLM-Run-\YURBB91.exe - C:\Windows\system32\YURBB91.exe
HKLM-Run-\YUR39E4.exe - C:\Windows\system32\YUR39E4.exe
HKLM-Run-\YURABA9.exe - C:\Windows\system32\YURABA9.exe
HKLM-Run-\YUR3EB4.exe - C:\Windows\system32\YUR3EB4.exe
HKLM-Run-\YUR4DD1.exe - C:\Windows\system32\YUR4DD1.exe
HKLM-Run-\YUR4EF9.exe - C:\Windows\system32\YUR4EF9.exe
HKLM-Run-\YUR52EF.exe - C:\Windows\system32\YUR52EF.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 12:47:35
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Heure de fin: 2008-09-20 12:52:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-20 10:51:59
ComboFix2.txt 2008-09-20 10:21:04

Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 13,871,181,824 octets libres

295 --- E O F --- 2008-09-20 06:59:08
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses