Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Gros virus qui me rend gaga

Dernière réponse le 10 nov 2008 à 12:31:08 im3r, le 20 sep 2008 à 10:11:27

Signaler ce message aux modérateurs

Bonjour,
je vous explique,
depuis 1semaine 2 j'ai MS ANTIVIRUS 2008 qui rend fou mon pc,
ca m'affiche pleins de pub(débitel et compagnie) alors qu'avant j'avais pas tout sa,
Ensuite toutes les touches de mon clavier bug du fait a toute cette accumulation !!
je suis obligé de m'y reprendre a 2 fois pour taper un texte donc escusez moi des fautes !
Besoin d'aide urgent je vais jetter mon ordi sous un 3 tonnes si sa continu !!

Configuration: Windows Vista
Internet Explorer 7.0

Meilleures réponses pour « Gros virus qui me rend gaga » dans :

Un virus rend ma souris folle ! Voir

Virus HTML:Iframe-inf (Moteur B) (Résolu) Voir

Un virus peut avoir endommager le bios? (Résolu) Voir

[Virus] Que faire quand on est infecté ? VoirSi vous savez ou vous pensez être infecté par un virus Si vous savez ou vous pensez être infecté par un virus, il faut s'en occuper le plus rapidement possible car l'infection peut inviter d'autres infections dans votre PC et votre système risque...

Virus et Malwares ... Le truc pour les éliminer Voir

Mythe - Linux est invulnérable face aux virus VoirMythe GNU/Linux est invulnérable face aux virus. Réalité FAUX Explications GNU/Linux - tout comme Windows ou MacOS X - possède des failles de sécurité. Ces failles peuvent être exploitées par des programmes malveillants. GNU/Linux est donc...

VIRUS W32.rontokbro.k@mm Me rend fouuuuuu!!!! (Résolu) Voir

Virus - infecte et empêche de lancer les .exe Voir

Virus qui rend les photos cachées Voir

Télécharger Kaspersky Anti-Virus Voir

Télécharger Avast! Virus Cleaner VoirTout le monde connaît l' antivirus gratuit Avast. Son éditeur propose avast! Virus Cleaner, un nettoyeur de virus gratuit, permettant de supprimer de l'ordinateur, les infections d'une vaste gamme de virus et de vers (worms). Si, malgré toutes...

Télécharger Clean Virus MSN VoirLes virus se rencontrent dorénavant un peu partout sur le net par tous les moyens imaginables. Après les mails virosés, maintenant ils s'attaquent à la messagerie instantanée. Clean Virus MSN est un outil qui détecte automatiquement les virus qui...

Virus - Introduction aux virus VoirVirus Un virus est un petit programme informatique situé dans le corps d'un autre, qui, lorsqu'on l'exécute, se charge en mémoire et exécute les instructions que son auteur a programmé. La définition d'un virus pourrait être la suivante : « Tout...

Utilitaires de désinfection des principaux virus et vers VoirQu'est-ce qu'un kit de désinfection ? Un kit de désinfection est un petit exécutable dont le but est de nettoyer une machine infectée par un virus particulier. Chaque kit de désinfection est donc uniquement capable d'éradiquer un type de virus...

Posez votre question Répondre

Destrio5, le 20 sep 2008 à 10:17:34

Salut,

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.

Répondre à Destrio5

im3r, le 20 sep 2008 à 10:19:25

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:05, on 20/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFE.EXE
C:\Users\iM3r\AppData\Roaming\Adobe\Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ldlc.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par LDLC.Com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7976222E-DC29-45CD-87EA-9D2397B52D0E} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\Users\iM3r\AppData\Local\Temp\E_S3D73.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Run] "C:\Users\iM3r\AppData\Roaming\Adobe\Manager.exe"
O4 - HKCU\..\Run: [\YUR6031.exe] C:\Windows\system32\YUR6031.exe
O4 - HKCU\..\Run: [\YURE48C.exe] C:\Windows\system32\YURE48C.exe
O4 - HKCU\..\Run: [\YUR6459.exe] C:\Windows\system32\YUR6459.exe
O4 - HKCU\..\Run: [\YURB78B.exe] C:\Windows\system32\YURB78B.exe
O4 - HKCU\..\Run: [\YUR3C73.exe] C:\Windows\system32\YUR3C73.exe
O4 - HKCU\..\Run: [\YUR169C.exe] C:\Windows\system32\YUR169C.exe
O4 - HKCU\..\Run: [\YUR9453.exe] C:\Windows\system32\YUR9453.exe
O4 - HKCU\..\Run: [\YUR1114.exe] C:\Windows\system32\YUR1114.exe
O4 - HKCU\..\Run: [\YUR8BB3.exe] C:\Windows\system32\YUR8BB3.exe
O4 - HKCU\..\Run: [\YUR670.exe] C:\Windows\system32\YUR670.exe
O4 - HKCU\..\Run: [\YUR811F.exe] C:\Windows\system32\YUR811F.exe
O4 - HKCU\..\Run: [\YUR6641.exe] C:\Windows\system32\YUR6641.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [008e6461] rundll32.exe "C:\Users\iM3r\AppData\Local\Temp\jpgyuunc.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\iM3r\AppData\Local\Temp\qoMfgeeF.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (file missing)
End of file - 10245 bytes

Répondre à im3r

im3r, le 20 sep 2008 à 10:19:31

Répondre à im3r

Destrio5, le 20 sep 2008 à 10:20:37

C'est très joli...

---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 13213 desactiver l uac de windows vista

- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://siri.geekstogo.com/SmitfraudFix.exe

- Enregistre-le sur le bureau

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix

Répondre à Destrio5

im3r, le 20 sep 2008 à 10:31:10

SmitFraudFix v2.352

Scan done at 10:30:00,25, 20/09/2008
Run from C:\Users\iM3r\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\alg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFE.EXE
C:\Users\iM3r\AppData\Roaming\Adobe\Manager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

C:\Windows\system32\1.ico FOUND !
C:\Windows\system32\MicroAV.cpl FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\iM3r

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\iM3r\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\iM3r\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\Users\iM3r\Desktop\QUALITY PORN.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\PCHealthCenter\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Linksys Wireless-G PCI Adapter
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Répondre à im3r

Destrio5, le 20 sep 2008 à 10:44:10

- Redémarre ton ordinateur en mode sans échec :
http://www.sosordi.net/Faq/Faq.2.html

- Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

- Réponds O(oui) à ces deux questions si elles te sont posées

Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?

- Un rapport sera généré, sauvegarde-le sur le bureau

- Redémarre en mode normal

- Poste le rapport SmitfraudFix

Répondre à Destrio5

im3r, le 20 sep 2008 à 10:57:52

SmitFraudFix v2.352

Scan done at 10:53:38,18, 20/09/2008
Run from C:\Users\iM3r\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Windows\system32\1.ico Deleted
C:\Windows\system32\2.ico Deleted
C:\Windows\system32\MicroAV.cpl Deleted
C:\Users\iM3r\Desktop\BEST ZOO PORN.url Deleted
C:\Users\iM3r\Desktop\QUALITY PORN.url Deleted
C:\Program Files\PCHealthCenter\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{504F2A59-F22E-4592-80A8-FC762354C851}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Répondre à im3r

Destrio5, le 20 sep 2008 à 11:06:49

---> Supprime SmitFraudFix

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
http://www.malekal.com/modesansechec.php

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Répondre à Destrio5

im3r, le 20 sep 2008 à 11:50:13

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1103
Windows 6.0.6000

20/09/2008 11:44:31
mbam-log-2008-09-20 (11-44-31).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 197055
Temps écoulé: 33 minute(s), 26 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Users\iM3r\AppData\Local\Temp\qoMfgeeF.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d31dd850-f2f1-4949-882b-6e73cf6d4e29} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d31dd850-f2f1-4949-882b-6e73cf6d4e29} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\008e6461 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\008e6461 (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\users\im3r\appdata\local\temp\qomfgeef -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\users\im3r\appdata\local\temp\qomfgeef -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\iM3r\AppData\Local\Temp\qoMfgeeF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Users\iM3r\AppData\Local\Temp\FeegfMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Temp\FeegfMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xdlxwknj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\jnkwxldx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXTOZHY\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W6414SJ\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W6414SJ\cntr[2].gif (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7YYS4R9\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K55FIR90\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K55FIR90\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Users\iM3r\AppData\Roaming\Adobe\Manager.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Répondre à im3r

Destrio5, le 20 sep 2008 à 11:52:28

Après redémarrage :

---> Relance MBAM, va dans Quarantaine et supprime tout

---> Poste un nouveau rapport HijackThis

Répondre à Destrio5

im3r, le 20 sep 2008 à 11:54:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:28, on 20/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\YURBD17.exe
C:\Windows\System32\YUR39E4.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par LDLC.Com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7976222E-DC29-45CD-87EA-9D2397B52D0E} - (no file)
O3 - Toolbar: fqbewlna - {32678B97-2C98-4D22-A8F6-55C35572E946} - C:\Windows\fqbewlna.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [\YURD519.exe] C:\Windows\system32\YURD519.exe
O4 - HKLM\..\Run: [\YURD670.exe] C:\Windows\system32\YURD670.exe
O4 - HKLM\..\Run: [\YURDA57.exe] C:\Windows\system32\YURDA57.exe
O4 - HKLM\..\Run: [\YURDD24.exe] C:\Windows\system32\YURDD24.exe
O4 - HKLM\..\Run: [\YUR5CFD.exe] C:\Windows\system32\YUR5CFD.exe
O4 - HKLM\..\Run: [\YURBFC5.exe] C:\Windows\system32\YURBFC5.exe
O4 - HKLM\..\Run: [\YURBD17.exe] C:\Windows\system32\YURBD17.exe
O4 - HKLM\..\Run: [\YURBD18.exe] C:\Windows\system32\YURBD18.exe
O4 - HKLM\..\Run: [\YURBB91.exe] C:\Windows\system32\YURBB91.exe
O4 - HKLM\..\Run: [\YUR39E4.exe] C:\Windows\system32\YUR39E4.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKLM\..\Run: [\YURABA9.exe] C:\Windows\system32\YURABA9.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\Users\iM3r\AppData\Local\Temp\E_S3D73.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [\YUR6031.exe] C:\Windows\system32\YUR6031.exe
O4 - HKCU\..\Run: [\YURE48C.exe] C:\Windows\system32\YURE48C.exe
O4 - HKCU\..\Run: [\YUR6459.exe] C:\Windows\system32\YUR6459.exe
O4 - HKCU\..\Run: [\YURB78B.exe] C:\Windows\system32\YURB78B.exe
O4 - HKCU\..\Run: [\YUR3C73.exe] C:\Windows\system32\YUR3C73.exe
O4 - HKCU\..\Run: [\YUR169C.exe] C:\Windows\system32\YUR169C.exe
O4 - HKCU\..\Run: [\YUR9453.exe] C:\Windows\system32\YUR9453.exe
O4 - HKCU\..\Run: [\YUR1114.exe] C:\Windows\system32\YUR1114.exe
O4 - HKCU\..\Run: [\YUR8BB3.exe] C:\Windows\system32\YUR8BB3.exe
O4 - HKCU\..\Run: [\YUR670.exe] C:\Windows\system32\YUR670.exe
O4 - HKCU\..\Run: [\YUR811F.exe] C:\Windows\system32\YUR811F.exe
O4 - HKCU\..\Run: [\YUR6641.exe] C:\Windows\system32\YUR6641.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [\YURD519.exe] C:\Windows\system32\YURD519.exe
O4 - HKCU\..\Run: [\YURD670.exe] C:\Windows\system32\YURD670.exe
O4 - HKCU\..\Run: [\YURDA57.exe] C:\Windows\system32\YURDA57.exe
O4 - HKCU\..\Run: [\YURDD24.exe] C:\Windows\system32\YURDD24.exe
O4 - HKCU\..\Run: [\YUR5CFD.exe] C:\Windows\system32\YUR5CFD.exe
O4 - HKCU\..\Run: [\YURBFC5.exe] C:\Windows\system32\YURBFC5.exe
O4 - HKCU\..\Run: [\YURBD17.exe] C:\Windows\system32\YURBD17.exe
O4 - HKCU\..\Run: [\YURBD18.exe] C:\Windows\system32\YURBD18.exe
O4 - HKCU\..\Run: [\YURBB91.exe] C:\Windows\system32\YURBB91.exe
O4 - HKCU\..\Run: [\YUR39E4.exe] C:\Windows\system32\YUR39E4.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MicroAV\MicroAV.exe
O4 - HKCU\..\Run: [\YURABA9.exe] C:\Windows\system32\YURABA9.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (file missing)
End of file - 10609 bytes

Répondre à im3r

Destrio5, le 20 sep 2008 à 11:56:26

---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 13213 desactiver l uac de windows vista

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

Répondre à Destrio5

im3r, le 20 sep 2008 à 12:25:25

ComboFix 08-09-19.09 - iM3r 2008-09-20 12:17:51.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1268 [GMT 2:00]
Lancé depuis: C:\Users\iM3r\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MicroAV
C:\Program Files\MicroAV\MicroAV.cpl
C:\Program Files\MicroAV\MicroAV.exe
C:\Program Files\MicroAV\MicroAV.ooo
C:\Program Files\MicroAV\MicroAV0.dat
C:\Program Files\MicroAV\MicroAV1.dat
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0/u.exe
C:\Program Files\PCHealthCenter\[u]0/u.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\iM3r\AppData\Roaming\Adobe\crc.dat
C:\Windows\26.6315.exe
C:\Windows\eflx.exe
C:\Windows\elms.exe
C:\Windows\fqbewlna.dll
C:\Windows\mqgldfvo.exe
C:\Windows\system32\1.ico
C:\Windows\system32\2.ico
C:\Windows\system32\actskn43.ocx
C:\Windows\system32\MSINET.oca
C:\x

----- BITS: Il y a peut-être des sites infectés -----

http://hqsextube08.com
http://lovelypornovideo.net
http://pornotube30.net
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 08:53 691 ----a-w C:\Users\iM3r\AppData\Roaming\GetValue.vbs
2008-09-20 08:53 4,964 ----a-w C:\Windows\System32\tmp.reg
2008-09-20 08:53 35 ----a-w C:\Users\iM3r\AppData\Roaming\SetValue.bat
2008-09-20 08:18 --------- dc----w C:\Program Files\Trend Micro
2008-09-20 06:58 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-19 10:26 82,944 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-09-19 01:06 74,752 ----a-w C:\Windows\System32\YUR3EB4.exe
2008-09-19 01:06 74,752 ----a-w C:\Windows\System32\YUR39E4.exe
2008-09-19 01:06 25,088 ----a-w C:\Windows\System32\YUR4EF9.exe
2008-09-19 01:06 25,088 ----a-w C:\Windows\System32\YUR4DD1.exe
2008-09-19 01:06 24,064 ----a-w C:\Windows\System32\YURBD18.exe
2008-09-19 01:06 24,064 ----a-w C:\Windows\System32\YURBD17.exe
2008-09-19 01:06 24,064 ----a-w C:\Windows\System32\YURBB91.exe
2008-09-19 01:06 24,064 ----a-w C:\Windows\System32\YURABA9.exe
2008-09-19 01:06 24,064 ----a-w C:\Windows\System32\YUR52EF.exe
2008-09-16 15:53 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-14 07:41 --------- d---a-w C:\ProgramData\TEMP
2008-09-14 07:34 --------- dc----w C:\Program Files\RelevantKnowledge
2008-09-14 07:17 --------- dc----w C:\Program Files\SUPERAntiSpyware
2008-09-14 07:17 --------- d-----w C:\Users\iM3r\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 07:17 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 07:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-13 17:36 --------- dc----w C:\Program Files\Enigma Software Group
2008-09-12 14:20 159,744 ----a-w C:\Windows\System32\mx14876.dll
2008-09-12 14:19 50,373,731 ----a-w C:\Windows\Adobe Photoshop CS3 Lite.exe
2008-09-12 14:05 --------- dc----w C:\Program Files\Paint.NET
2008-09-12 08:40 --------- dc----w C:\Program Files\epson
2008-09-11 17:54 --------- d-----w C:\Users\iM3r\AppData\Roaming\EPSON
2008-09-11 13:14 --------- d-----w C:\ProgramData\WLInstaller
2008-09-11 06:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 17:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-10 16:58 --------- d-----w C:\ProgramData\UDL
2008-09-10 16:56 --------- dc----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-09-10 16:54 --------- d-----w C:\ProgramData\EPSON
2008-09-08 21:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe
2008-09-08 13:57 737,280 ----a-w C:\Windows\iun6002.exe
2008-09-08 13:57 --------- dc----w C:\Program Files\AndreaMosaic Beta
2008-09-08 06:08 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 17:35 --------- d-----w C:\Users\iM3r\AppData\Roaming\uTorrent
2008-09-04 15:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-04 13:23 --------- d-----w C:\Users\iM3r\AppData\Roaming\.wyzo
2008-09-04 06:51 --------- dc----w C:\Program Files\AGEIA Technologies
2008-09-04 06:44 --------- d-----w C:\ProgramData\GRAW2
2008-09-03 14:11 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-09-02 20:08 --------- dc----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-02 20:08 --------- d-----w C:\Users\iM3r\AppData\Roaming\Malwarebytes
2008-09-02 20:08 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-02 18:02 --------- d-----w C:\ProgramData\ArcSoft
2008-09-02 17:14 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-09-02 14:51 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-27 18:40 --------- d-----w C:\Users\iM3r\AppData\Roaming\Ubisoft
2008-08-27 18:39 --------- d-----w C:\ProgramData\Ubisoft
2008-08-27 18:30 --------- d-----w C:\Users\iM3r\AppData\Roaming\InstallShield
2008-08-25 09:58 --------- dc----w C:\Program Files\Sun
2008-08-25 09:58 --------- d-----w C:\Program Files\Java
2008-08-24 19:12 --------- d-----w C:\Users\iM3r\AppData\Roaming\OpenOffice.org2
2008-08-20 06:27 --------- d-----w C:\Users\iM3r\AppData\Roaming\Samsung
2008-08-18 10:19 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-15 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 17:30 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-08-10 17:29 --------- d-----w C:\ProgramData\VideoSpin
2008-08-10 17:27 --------- d-----w C:\ProgramData\Pinnacle
2008-08-07 10:52 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-06 10:54 --------- d-----w C:\Users\iM3r\AppData\Roaming\Blender Foundation
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-20 15:09 --------- d-----w C:\Users\iM3r\AppData\Roaming\TransRender
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 11:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2007-11-16 14:42 22,328 ----a-w C:\Users\iM3r\AppData\Roaming\PnkBstrK.sys
2007-06-23 16:25 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-06-24 190024]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-20 171448]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 1510640]
"\YURBD17.exe"="C:\Windows\system32\YURBD17.exe" [2008-09-19 24064]
"\YURBD18.exe"="C:\Windows\system32\YURBD18.exe" [2008-09-19 24064]
"\YURBB91.exe"="C:\Windows\system32\YURBB91.exe" [2008-09-19 24064]
"\YUR39E4.exe"="C:\Windows\system32\YUR39E4.exe" [2008-09-19 74752]
"\YURABA9.exe"="C:\Windows\system32\YURABA9.exe" [2008-09-19 24064]
"\YUR3EB4.exe"="C:\Windows\system32\YUR3EB4.exe" [2008-09-19 74752]
"\YUR4DD1.exe"="C:\Windows\system32\YUR4DD1.exe" [2008-09-19 25088]
"\YUR4EF9.exe"="C:\Windows\system32\YUR4EF9.exe" [2008-09-19 25088]
"\YUR52EF.exe"="C:\Windows\system32\YUR52EF.exe" [2008-09-19 24064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208]
"UnlockerAssistant"="D:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"\YURBD17.exe"="C:\Windows\system32\YURBD17.exe" [2008-09-19 24064]
"\YURBD18.exe"="C:\Windows\system32\YURBD18.exe" [2008-09-19 24064]
"\YURBB91.exe"="C:\Windows\system32\YURBB91.exe" [2008-09-19 24064]
"\YUR39E4.exe"="C:\Windows\system32\YUR39E4.exe" [2008-09-19 74752]
"\YURABA9.exe"="C:\Windows\system32\YURABA9.exe" [2008-09-19 24064]
"\YUR3EB4.exe"="C:\Windows\system32\YUR3EB4.exe" [2008-09-19 74752]
"\YUR4DD1.exe"="C:\Windows\system32\YUR4DD1.exe" [2008-09-19 25088]
"\YUR4EF9.exe"="C:\Windows\system32\YUR4EF9.exe" [2008-09-19 25088]
"\YUR52EF.exe"="C:\Windows\system32\YUR52EF.exe" [2008-09-19 24064]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 C:\Windows\System32\ptipbmf.dll]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 C:\Windows\System32\ptipbm.dll]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{466BB97F-763F-4389-B2EE-3ECEF5AFC265}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C9F0357F-8FB3-46C0-862B-3A90AD89BD2D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E7C3C09F-59D5-4BE2-8297-31A3924F722B}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{568C2419-1FD8-46F6-A351-81DF6F97F8E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EDF137CB-ADF5-43EE-AE86-AFBCB131DCF0}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0E53DF14-500A-494C-B14E-C6F2E9BC7698}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EB9AF448-DAE7-4738-80D8-45DF078AF327}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{DE35F737-662E-4588-BF57-F08CB59B00B7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D450F052-FAB8-476A-B69E-5A2F19B93856}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{58C609C3-0A88-4E99-BD4D-0C2E5C8EEF40}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AA224AD9-9AE1-4403-84BB-3102F9F1C3BA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{24AD0EBB-1209-47AA-8BBE-4711A3288D9A}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{71CDAC5B-A69E-4B6F-B8B6-C7F592AD2E1B}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"{D8A199AE-97CC-4B7E-9D12-44A273142ECA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{899A0EA3-A571-493B-8F47-AEC74C9FD259}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EEB57C24-00FE-4693-80C0-55F920F56FF4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DB7296E2-33BF-4E8A-9BB3-F1A0E9D5C696}C:\\valve\\steam\\steam.exe"= UDP:C:\valve\steam\steam.exe:Steam
"UDP Query User{57EB6A92-8075-44D7-8E03-775D424FBDB4}C:\\valve\\steam\\steam.exe"= TCP:C:\valve\steam\steam.exe:Steam
"{6D622CC5-1486-4EF1-854D-C609838B1351}"= UDP:D:\Jeux Video\Bin32\Crysis.exe:Crysis_32_sp_demo
"{43445DB5-F264-4BCC-B0ED-C2BF6BC91250}"= TCP:D:\Jeux Video\Bin32\Crysis.exe:Crysis_32_sp_demo
"{F858FD5C-F8C3-4529-A6BD-857573494430}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12101783-120E-427D-8FA1-EEC399BC2E5B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{41188597-2C04-4EDB-B46C-919A6D959F79}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D59AB175-7615-4507-8964-E2181844339A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{BBA48EBD-8911-43F5-AE35-787B1B445373}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{F8E80C7B-8859-4F77-9EE3-1963BF819D8C}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{5934084E-1831-471E-983A-E8B65C942BE4}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{B76C5D0E-5DBE-44CD-A3E1-9F8E8735F287}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{664C6A29-3C7F-4D8D-A651-3C25CCD11622}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{0BC20E5E-3BC4-41FE-8A74-41600DF675E8}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"UDP Query User{AD714821-D8CA-46F8-88CD-A74D9774600A}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"TCP Query User{64352FB7-FF6F-41F2-A46B-DEB76E32DF6F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B831A2E2-AFEA-44D5-9842-F058853D01DD}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{121B9BB7-315E-44DC-B5FC-2D51DCD0FE5A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{17B32F7D-89CB-4382-8830-8479308DD99B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5EE1B676-6FCB-46F0-8C2E-8D3C1A0B648D}"= UDP:D:\Program Files\Programs\RM.exe:Render Manager
"{7CEBC61D-7CDB-4A56-9A24-47A6BC6B1221}"= TCP:D:\Program Files\Programs\RM.exe:Render Manager
"{D03DED42-53AF-45E8-B45F-DB3279BF5418}"= UDP:D:\Program Files\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{24E25D6D-D3A7-4171-82DD-1145993EB0C6}"= TCP:D:\Program Files\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{61FD464F-11D0-4FDF-A794-1AF1E8BCC52A}"= UDP:D:\Program Files\Programs\umi.exe:umi
"{EBAF80CF-32F7-44A1-8947-09FE63DDAEE2}"= TCP:D:\Program Files\Programs\umi.exe:umi
"{42AE84F2-7EC5-477B-9D1B-3F95621493C7}"= UDP:D:\Program Files\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{370728E4-A10A-4830-A4F8-E85C1D168233}"= TCP:D:\Program Files\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{D7B66A59-14BC-462A-9668-2C7BE3D54B42}"= UDP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{A27175C2-3FC6-4401-BF18-520651C53A7D}"= TCP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{4E7D76C2-4658-4B60-B619-8BBB13EB1B4B}"= UDP:D:\Program Files\uTorrent.exe:µTorrent (TCP-In)
"{47B45957-0138-4E23-BA85-94E4AAA867DE}"= TCP:D:\Program Files\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{993D5682-791A-4B8E-86CE-2A0396AF76A4}C:\\users\\im3r\\desktop\\utorrent.exe"= UDP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"UDP Query User{6C307C85-F138-48B8-815B-E3F231642274}C:\\users\\im3r\\desktop\\utorrent.exe"= TCP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"TCP Query User{DD4CC9FA-AD8B-441F-8F0A-E6A49E577032}C:\\users\\im3r\\desktop\\utorrent.exe"= UDP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"UDP Query User{04AD187D-B97F-47D2-B7DC-B4DEEDD23FF5}C:\\users\\im3r\\desktop\\utorrent.exe"= TCP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"{FC761D09-3CB9-4061-9651-A777D0A44F6F}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{E37A02FE-B018-4CF0-8071-45324159CDE7}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{92142B85-3D06-48B7-8743-BB21D77492E1}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6E58E642-BC0F-4A7A-BD05-79DAE028793B}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{3005730E-9103-4074-9519-97E3A97D6A7C}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3805D176-B9A1-4ED5-B1FA-C4A6C3ADB35B}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{9FDDCEAB-76D8-490B-B530-74C934EC5E51}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4ECE267E-899F-4BD6-9AEA-2FA6D64225B7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{826D0AAC-A095-4F89-9347-0E2FCA3D37FF}D:\\jeux video\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:D:\jeux video\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"UDP Query User{E39B93D3-F22E-4486-B181-1D5500A199D8}D:\\jeux video\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:D:\jeux video\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"TCP Query User{98E0AA0A-0B0F-4F7C-9994-CDA048083AD8}D:\\wyzo\\wyzo.exe"= UDP:D:\wyzo\wyzo.exe:Wyzo
"UDP Query User{E1AA1347-1FE2-4DBF-AFF6-1DCE44E0D6F3}D:\\wyzo\\wyzo.exe"= TCP:D:\wyzo\wyzo.exe:Wyzo
"{9EA6A76E-EB6F-4E75-B30E-4F0A4483A875}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0DB78905-ED5F-42EB-A676-104D13CD239F}D:\\jeux video\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:D:\jeux video\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{CEC7EC99-91EB-40A2-B3F1-BDE8EC1BA0B0}D:\\jeux video\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:D:\jeux video\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files\RelevantKnowledge\rlservice.exe [ ]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-16 92656]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdb0afb-9fd8-11dc-ba2f-806e6f6e6963}]
\shell\AutoRun\command - Explorer URL=http:\\www.topannonces.fr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d61173f1-1e56-11dc-9b02-806e6f6e6963}]
\shell\AutoRun\command - E:\EPSETUP.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{7976222E-DC29-45CD-87EA-9D2397B52D0E} - (no file)
Toolbar-{32678B97-2C98-4D22-A8F6-55C35572E946} - C:\Windows\fqbewlna.dll
HKCU-Run-Steam - c:\valve\steam\steam.exe
HKCU-Run-\YUR6031.exe - C:\Windows\system32\YUR6031.exe
HKCU-Run-\YURE48C.exe - C:\Windows\system32\YURE48C.exe
HKCU-Run-\YUR6459.exe - C:\Windows\system32\YUR6459.exe
HKCU-Run-\YURB78B.exe - C:\Windows\system32\YURB78B.exe
HKCU-Run-\YUR3C73.exe - C:\Windows\system32\YUR3C73.exe
HKCU-Run-\YUR169C.exe - C:\Windows\system32\YUR169C.exe
HKCU-Run-\YUR9453.exe - C:\Windows\system32\YUR9453.exe
HKCU-Run-\YUR1114.exe - C:\Windows\system32\YUR1114.exe
HKCU-Run-\YUR8BB3.exe - C:\Windows\system32\YUR8BB3.exe
HKCU-Run-\YUR670.exe - C:\Windows\system32\YUR670.exe
HKCU-Run-\YUR811F.exe - C:\Windows\system32\YUR811F.exe
HKCU-Run-\YUR6641.exe - C:\Windows\system32\YUR6641.exe
HKCU-Run-\YURD519.exe - C:\Windows\system32\YURD519.exe
HKCU-Run-\YURD670.exe - C:\Windows\system32\YURD670.exe
HKCU-Run-\YURDA57.exe - C:\Windows\system32\YURDA57.exe
HKCU-Run-\YURDD24.exe - C:\Windows\system32\YURDD24.exe
HKCU-Run-\YUR5CFD.exe - C:\Windows\system32\YUR5CFD.exe
HKCU-Run-\YURBFC5.exe - C:\Windows\system32\YURBFC5.exe
HKLM-Run-\YURD519.exe - C:\Windows\system32\YURD519.exe
HKLM-Run-\YURD670.exe - C:\Windows\system32\YURD670.exe
HKLM-Run-\YURDA57.exe - C:\Windows\system32\YURDA57.exe
HKLM-Run-\YURDD24.exe - C:\Windows\system32\YURDD24.exe
HKLM-Run-\YUR5CFD.exe - C:\Windows\system32\YUR5CFD.exe
HKLM-Run-\YURBFC5.exe - C:\Windows\system32\YURBFC5.exe
HKLM-Run-ANTIVIRUS - C:\Program Files\MicroAV\MicroAV.exe
MSConfigStartUp-Comrade - C:\Program Files\GameSpy\Comrade\Comrade.exe

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = www.orange.fr/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 12:19:34
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-20 12:21:03
ComboFix-quarantined-files.txt 2008-09-20 10:20:19

Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 13,881,294,848 octets libres

346 --- E O F --- 2008-09-20 06:59:08

Répondre à im3r

Destrio5, le 20 sep 2008 à 12:28:11

Je te fais un script.

Répondre à Destrio5

im3r, le 20 sep 2008 à 12:29:30

En tous cas merci de ton aide !!
Je dois être vraiment infecté pour faire tout sa

Répondre à im3r

Destrio5, le 20 sep 2008 à 12:37:02

/!\ Seul im3r peut suivre cette procédure /!\

1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

File::
C:\Windows\System32\YUR3EB4.exe
C:\Windows\System32\YUR39E4.exe
C:\Windows\System32\YUR4EF9.exe
C:\Windows\System32\YUR4DD1.exe
C:\Windows\System32\YURBD18.exe
C:\Windows\System32\YURBD17.exe
C:\Windows\System32\YURBB91.exe
C:\Windows\System32\YURABA9.exe
C:\Windows\System32\YUR52EF.exe
C:\Windows\iun6002.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"=-
"swg"=-
"LogitechSoftwareUpdate"=-
"\YURBD17.exe"=-
"\YURBD18.exe"=-
"\YURBB91.exe"=-
"\YUR39E4.exe"=-
"\YURABA9.exe"=-
"\YUR3EB4.exe"=-
"\YUR4DD1.exe"=-
"\YUR4EF9.exe"=-
"\YUR52EF.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"\YURBD17.exe"=-
"\YURBD18.exe"=-
"\YURBB91.exe"=-
"\YUR39E4.exe"=-
"\YURABA9.exe"=-
"\YUR3EB4.exe"=-
"\YUR4DD1.exe"=-
"\YUR4EF9.exe"=-
"\YUR52EF.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdb0afb-9fd8-11dc-ba2f-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d61173f1-1e56-11dc-9b02-806e6f6e6963}]

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/...

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt

Répondre à Destrio5

im3r, le 20 sep 2008 à 12:52:54

ComboFix 08-09-19.09 - iM3r 2008-09-20 12:43:40.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1401 [GMT 2:00]
Lancé depuis: C:\Users\iM3r\Desktop\ComboFix.exe
Commutateurs utilisés :: C:\Users\iM3r\Desktop\CFScript.txt

FILE ::
C:\Windows\iun6002.exe
C:\Windows\System32\YUR39E4.exe
C:\Windows\System32\YUR3EB4.exe
C:\Windows\System32\YUR4DD1.exe
C:\Windows\System32\YUR4EF9.exe
C:\Windows\System32\YUR52EF.exe
C:\Windows\System32\YURABA9.exe
C:\Windows\System32\YURBB91.exe
C:\Windows\System32\YURBD17.exe
C:\Windows\System32\YURBD18.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\iun6002.exe
C:\Windows\System32\YUR3EB4.exe
C:\Windows\System32\YUR4DD1.exe
C:\Windows\System32\YUR4EF9.exe
C:\Windows\System32\YUR52EF.exe
C:\Windows\System32\YURABA9.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 08:53 691 ----a-w C:\Users\iM3r\AppData\Roaming\GetValue.vbs
2008-09-20 08:53 35 ----a-w C:\Users\iM3r\AppData\Roaming\SetValue.bat
2008-09-20 08:18 --------- dc----w C:\Program Files\Trend Micro
2008-09-20 06:58 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-16 15:53 --------- d-----w C:\Program Files\Common Files\Steam
2008-09-14 07:41 --------- d---a-w C:\ProgramData\TEMP
2008-09-14 07:34 --------- dc----w C:\Program Files\RelevantKnowledge
2008-09-14 07:17 --------- dc----w C:\Program Files\SUPERAntiSpyware
2008-09-14 07:17 --------- d-----w C:\Users\iM3r\AppData\Roaming\SUPERAntiSpyware.com
2008-09-14 07:17 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-09-14 07:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-13 17:36 --------- dc----w C:\Program Files\Enigma Software Group
2008-09-12 14:19 50,373,731 ----a-w C:\Windows\Adobe Photoshop CS3 Lite.exe
2008-09-12 14:05 --------- dc----w C:\Program Files\Paint.NET
2008-09-12 08:40 --------- dc----w C:\Program Files\epson
2008-09-11 17:54 --------- d-----w C:\Users\iM3r\AppData\Roaming\EPSON
2008-09-11 13:14 --------- d-----w C:\ProgramData\WLInstaller
2008-09-11 06:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 17:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-10 16:58 --------- d-----w C:\ProgramData\UDL
2008-09-10 16:56 --------- dc----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-09-10 16:54 --------- d-----w C:\ProgramData\EPSON
2008-09-08 13:57 --------- dc----w C:\Program Files\AndreaMosaic Beta
2008-09-08 06:08 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 17:35 --------- d-----w C:\Users\iM3r\AppData\Roaming\uTorrent
2008-09-04 15:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-04 13:23 --------- d-----w C:\Users\iM3r\AppData\Roaming\.wyzo
2008-09-04 06:51 --------- dc----w C:\Program Files\AGEIA Technologies
2008-09-04 06:44 --------- d-----w C:\ProgramData\GRAW2
2008-09-03 14:11 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-09-02 20:08 --------- dc----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-02 20:08 --------- d-----w C:\Users\iM3r\AppData\Roaming\Malwarebytes
2008-09-02 20:08 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-02 18:02 --------- d-----w C:\ProgramData\ArcSoft
2008-09-02 17:14 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-27 18:40 --------- d-----w C:\Users\iM3r\AppData\Roaming\Ubisoft
2008-08-27 18:39 --------- d-----w C:\ProgramData\Ubisoft
2008-08-27 18:30 --------- d-----w C:\Users\iM3r\AppData\Roaming\InstallShield
2008-08-25 09:58 --------- dc----w C:\Program Files\Sun
2008-08-25 09:58 --------- d-----w C:\Program Files\Java
2008-08-24 19:12 --------- d-----w C:\Users\iM3r\AppData\Roaming\OpenOffice.org2
2008-08-20 06:27 --------- d-----w C:\Users\iM3r\AppData\Roaming\Samsung
2008-08-15 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 17:30 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-08-10 17:29 --------- d-----w C:\ProgramData\VideoSpin
2008-08-10 17:27 --------- d-----w C:\ProgramData\Pinnacle
2008-08-07 10:52 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-06 10:54 --------- d-----w C:\Users\iM3r\AppData\Roaming\Blender Foundation
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-20 15:09 --------- d-----w C:\Users\iM3r\AppData\Roaming\TransRender
2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-10 11:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-11-16 14:42 22,328 ----a-w C:\Users\iM3r\AppData\Roaming\PnkBstrK.sys
2007-06-23 16:25 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-20_12.20.05.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-20 09:49:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-20 10:47:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-20 10:47:27 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-20 10:19:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-20 10:47:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-20 10:47:27 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-20 10:18:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-20 10:40:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-20 10:18:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-20 10:40:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-20 10:18:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-20 10:40:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-20 10:18:40 124,938 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-20 10:28:07 124,938 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-20 10:18:40 144,656 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-20 10:28:07 144,656 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-20 10:18:40 664,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-20 10:28:07 664,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-20 10:18:40 754,470 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-20 10:28:07 754,470 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-20 09:50:18 13,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1863894731-3784064027-2305876514-1003_UserData.bin
+ 2008-09-20 10:25:16 13,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1863894731-3784064027-2305876514-1003_UserData.bin
- 2008-09-20 09:50:17 50,790 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-20 10:25:16 50,790 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-20 09:50:16 52,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-20 10:48:57 53,368 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208]
"UnlockerAssistant"="D:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 C:\Windows\System32\ptipbmf.dll]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 C:\Windows\System32\ptipbm.dll]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 C:\Windows\RtHDVCpl.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{466BB97F-763F-4389-B2EE-3ECEF5AFC265}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C9F0357F-8FB3-46C0-862B-3A90AD89BD2D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E7C3C09F-59D5-4BE2-8297-31A3924F722B}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{568C2419-1FD8-46F6-A351-81DF6F97F8E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EDF137CB-ADF5-43EE-AE86-AFBCB131DCF0}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{0E53DF14-500A-494C-B14E-C6F2E9BC7698}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EB9AF448-DAE7-4738-80D8-45DF078AF327}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"TCP Query User{DE35F737-662E-4588-BF57-F08CB59B00B7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D450F052-FAB8-476A-B69E-5A2F19B93856}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{58C609C3-0A88-4E99-BD4D-0C2E5C8EEF40}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AA224AD9-9AE1-4403-84BB-3102F9F1C3BA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{24AD0EBB-1209-47AA-8BBE-4711A3288D9A}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{71CDAC5B-A69E-4B6F-B8B6-C7F592AD2E1B}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"{D8A199AE-97CC-4B7E-9D12-44A273142ECA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{899A0EA3-A571-493B-8F47-AEC74C9FD259}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EEB57C24-00FE-4693-80C0-55F920F56FF4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DB7296E2-33BF-4E8A-9BB3-F1A0E9D5C696}C:\\valve\\steam\\steam.exe"= UDP:C:\valve\steam\steam.exe:Steam
"UDP Query User{57EB6A92-8075-44D7-8E03-775D424FBDB4}C:\\valve\\steam\\steam.exe"= TCP:C:\valve\steam\steam.exe:Steam
"{6D622CC5-1486-4EF1-854D-C609838B1351}"= UDP:D:\Jeux Video\Bin32\Crysis.exe:Crysis_32_sp_demo
"{43445DB5-F264-4BCC-B0ED-C2BF6BC91250}"= TCP:D:\Jeux Video\Bin32\Crysis.exe:Crysis_32_sp_demo
"{F858FD5C-F8C3-4529-A6BD-857573494430}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12101783-120E-427D-8FA1-EEC399BC2E5B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{41188597-2C04-4EDB-B46C-919A6D959F79}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D59AB175-7615-4507-8964-E2181844339A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{BBA48EBD-8911-43F5-AE35-787B1B445373}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{F8E80C7B-8859-4F77-9EE3-1963BF819D8C}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{5934084E-1831-471E-983A-E8B65C942BE4}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{B76C5D0E-5DBE-44CD-A3E1-9F8E8735F287}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{664C6A29-3C7F-4D8D-A651-3C25CCD11622}C:\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:C:\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{0BC20E5E-3BC4-41FE-8A74-41600DF675E8}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"UDP Query User{AD714821-D8CA-46F8-88CD-A74D9774600A}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game
"TCP Query User{64352FB7-FF6F-41F2-A46B-DEB76E32DF6F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B831A2E2-AFEA-44D5-9842-F058853D01DD}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{121B9BB7-315E-44DC-B5FC-2D51DCD0FE5A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{17B32F7D-89CB-4382-8830-8479308DD99B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5EE1B676-6FCB-46F0-8C2E-8D3C1A0B648D}"= UDP:D:\Program Files\Programs\RM.exe:Render Manager
"{7CEBC61D-7CDB-4A56-9A24-47A6BC6B1221}"= TCP:D:\Program Files\Programs\RM.exe:Render Manager
"{D03DED42-53AF-45E8-B45F-DB3279BF5418}"= UDP:D:\Program Files\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{24E25D6D-D3A7-4171-82DD-1145993EB0C6}"= TCP:D:\Program Files\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{61FD464F-11D0-4FDF-A794-1AF1E8BCC52A}"= UDP:D:\Program Files\Programs\umi.exe:umi
"{EBAF80CF-32F7-44A1-8947-09FE63DDAEE2}"= TCP:D:\Program Files\Programs\umi.exe:umi
"{42AE84F2-7EC5-477B-9D1B-3F95621493C7}"= UDP:D:\Program Files\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{370728E4-A10A-4830-A4F8-E85C1D168233}"= TCP:D:\Program Files\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{D7B66A59-14BC-462A-9668-2C7BE3D54B42}"= UDP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{A27175C2-3FC6-4401-BF18-520651C53A7D}"= TCP:C:\Program Files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{4E7D76C2-4658-4B60-B619-8BBB13EB1B4B}"= UDP:D:\Program Files\uTorrent.exe:µTorrent (TCP-In)
"{47B45957-0138-4E23-BA85-94E4AAA867DE}"= TCP:D:\Program Files\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{993D5682-791A-4B8E-86CE-2A0396AF76A4}C:\\users\\im3r\\desktop\\utorrent.exe"= UDP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"UDP Query User{6C307C85-F138-48B8-815B-E3F231642274}C:\\users\\im3r\\desktop\\utorrent.exe"= TCP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"TCP Query User{DD4CC9FA-AD8B-441F-8F0A-E6A49E577032}C:\\users\\im3r\\desktop\\utorrent.exe"= UDP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"UDP Query User{04AD187D-B97F-47D2-B7DC-B4DEEDD23FF5}C:\\users\\im3r\\desktop\\utorrent.exe"= TCP:C:\users\im3r\desktop\utorrent.exe:utorrent.exe
"{FC761D09-3CB9-4061-9651-A777D0A44F6F}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{E37A02FE-B018-4CF0-8071-45324159CDE7}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{92142B85-3D06-48B7-8743-BB21D77492E1}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6E58E642-BC0F-4A7A-BD05-79DAE028793B}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{3005730E-9103-4074-9519-97E3A97D6A7C}"= UDP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3805D176-B9A1-4ED5-B1FA-C4A6C3ADB35B}"= TCP:D:\Jeux Video\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{9FDDCEAB-76D8-490B-B530-74C934EC5E51}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4ECE267E-899F-4BD6-9AEA-2FA6D64225B7}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{826D0AAC-A095-4F89-9347-0E2FCA3D37FF}D:\\jeux video\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:D:\jeux video\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"UDP Query User{E39B93D3-F22E-4486-B181-1D5500A199D8}D:\\jeux video\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:D:\jeux video\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"TCP Query User{98E0AA0A-0B0F-4F7C-9994-CDA048083AD8}D:\\wyzo\\wyzo.exe"= UDP:D:\wyzo\wyzo.exe:Wyzo
"UDP Query User{E1AA1347-1FE2-4DBF-AFF6-1DCE44E0D6F3}D:\\wyzo\\wyzo.exe"= TCP:D:\wyzo\wyzo.exe:Wyzo
"{9EA6A76E-EB6F-4E75-B30E-4F0A4483A875}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0DB78905-ED5F-42EB-A676-104D13CD239F}D:\\jeux video\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= UDP:D:\jeux video\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{CEC7EC99-91EB-40A2-B3F1-BDE8EC1BA0B0}D:\\jeux video\\valve\\steam\\steamapps\\im3r_h3h3\\condition zero\\hl.exe"= TCP:D:\jeux video\valve\steam\steamapps\im3r_h3h3\condition zero\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 286208]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files\RelevantKnowledge\rlservice.exe [ ]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-16 92656]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-\YURBD17.exe - C:\Windows\system32\YURBD17.exe
HKCU-Run-\YURBD18.exe - C:\Windows\system32\YURBD18.exe
HKCU-Run-\YURBB91.exe - C:\Windows\system32\YURBB91.exe
HKCU-Run-\YUR39E4.exe - C:\Windows\system32\YUR39E4.exe
HKCU-Run-\YURABA9.exe - C:\Windows\system32\YURABA9.exe
HKCU-Run-\YUR3EB4.exe - C:\Windows\system32\YUR3EB4.exe
HKCU-Run-\YUR4DD1.exe - C:\Windows\system32\YUR4DD1.exe
HKCU-Run-\YUR4EF9.exe - C:\Windows\system32\YUR4EF9.exe
HKCU-Run-\YUR52EF.exe - C:\Windows\system32\YUR52EF.exe
HKCU-Run-\YURA0D0.exe - C:\Windows\system32\YURA0D0.exe
HKCU-Run-\YURA266.exe - C:\Windows\system32\YURA266.exe
HKCU-Run-\YURA478.exe - C:\Windows\system32\YURA478.exe
HKCU-Run-\YUR1E68.exe - C:\Windows\system32\YUR1E68.exe
HKLM-Run-\YURBD17.exe - C:\Windows\system32\YURBD17.exe
HKLM-Run-\YURBD18.exe - C:\Windows\system32\YURBD18.exe
HKLM-Run-\YURBB91.exe - C:\Windows\system32\YURBB91.exe
HKLM-Run-\YUR39E4.exe - C:\Windows\system32\YUR39E4.exe
HKLM-Run-\YURABA9.exe - C:\Windows\system32\YURABA9.exe
HKLM-Run-\YUR3EB4.exe - C:\Windows\system32\YUR3EB4.exe
HKLM-Run-\YUR4DD1.exe - C:\Windows\system32\YUR4DD1.exe
HKLM-Run-\YUR4EF9.exe - C:\Windows\system32\YUR4EF9.exe
HKLM-Run-\YUR52EF.exe - C:\Windows\system32\YUR52EF.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 12:47:35
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Heure de fin: 2008-09-20 12:52:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-20 10:51:59
ComboFix2.txt 2008-09-20 10:21:04

Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 13,871,181,824 octets libres

295 --- E O F --- 2008-09-20 06:59:08

Répondre à im3r

Destrio5, le 20 sep 2008 à 12:56:29

Fais un scan rapide avec MBAM.

Répondre à Destrio5

im3r, le 20 sep 2008 à 13:05:09

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1103
Windows 6.0.6000

20/09/2008 13:04:55
mbam-log-2008-09-20 (13-04-55).txt

Type de recherche: Examen rapide
Eléments examinés: 42959
Temps écoulé: 2 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Répondre à im3r

59 réponses 12 3 Suivant

Posez votre question Répondre