Infection multivirale

raon

21 Juillet 2009 20:33:13

Hello
Dans un moment d'égarement ce matin j'ai installé un programme qui m'a tout de suite infecté de partout.
Y'en a dans Temp, dans Sys32 etc.
log Hijackthis plus bas, j'ai corrigé les trucs évidents mais ca change pas grand chose.

Mon AV est Avira Antivir et je viens aussi d'installer Spybot pour enrayer la contamination ( trop tard cependant )
En analyse totale, Avira me detecte : TR/Crypt.XPACK.Gen, TR/Buzus.body, TR/Crypt.ZPACK.Gen, TR/Scrip.Agent.html.U, GEN/PwdZIP. Même en cliquant sur supprimer, ils reviennent :]
Au démarrage il me detecte un tas de merdes qui se lancent ( 6-7 alertes).

Spybot lui detecte : DNSFLush.cws, Win32FraudLoad.edt, Microsoft Windows active dekstop (impossibilité de changer le papier peint), SMitfraud-C., Smitfraud-C.gp, Win32.BHO.sx

La plupart des applications windows ( Windows Media player, Paint, l'invite de commande....) sont bloquées par le virus : apparition d'un message "WARNING Application cannot be executed. The file is infected. Please activate your antivirus software" : j'ai une version de Vista en francais, si le message était de la sécurité Windows il serait en francais je suppose.

Aussi, toute les 30 seconde apparait dans la barre des taches une pop up qui me dit en gros " Your computer is infected! Windows has detected spyware infection! It is recommanded to use special antispyware tools to prevent data loss. Windows will now download and install the most up to date antispyware software" qui si je clique dessus redirige vers un site avec l'adresse du genre "bestantispywarepro2009" ( j'étais hors connexion ).
Ce petit con me bloque aussi le Task Manager.
Mon ordi commence a faire des freeze maintenant.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:34, on 21/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\winupdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\winupdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/7
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 10131 bytes

Autres pages sur : infection multivirale

| Etre averti des réponses
| Alerter

Répondre à raon

raon

21 Juillet 2009 21:51:50

Salut
Merci !
Bon, mise a jour : ce fumier a infecté mon deuxieme ordi grace a un autorun dans mon disque dur externe. J'ai aussi combotfixer l'ordi.

Combotfix de l'ordi 2 : ComboFix 09-07-20.05 - Administrateur 21/07/2009 23:34.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1545 [GMT 2:00]
Running from: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\bcrypt.html
c:\recycler\S-1-5-21-1853913266-1317692025-879932094-3804
c:\recycler\S-1-5-21-1853913266-1317692025-879932094-3804\Desktop.ini
c:\recycler\S-1-5-21-1853913266-1317692025-879932094-3804\msimfo32.exe
c:\recycler\S-1-5-21-2896781866-4583373378-642156371-0801
c:\windows\msa.exe
c:\windows\system32\msconfig.exe
c:\windows\system32\winupdate.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
D:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-21 21:29 . 2009-07-21 21:29 -------- d-----w- c:\program files\Trend Micro
2009-07-20 00:57 . 2009-07-20 00:57 -------- d-----w- c:\program files\Fichiers communs\DirectX
2009-07-20 00:56 . 2009-07-20 00:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-20 00:56 . 2009-07-20 00:56 -------- d-----w- c:\windows\system32\AGEIA
2009-07-20 00:56 . 2009-07-20 00:56 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-20 00:45 . 2009-07-20 00:45 -------- d--h--r- c:\documents and settings\Administrateur\Application Data\SecuROM
2009-07-20 00:39 . 2009-07-20 00:39 -------- d-----w- c:\program files\Codemasters
2009-07-20 00:39 . 2009-07-20 00:39 -------- d-----w- c:\documents and settings\Administrateur\Application Data\InstallShield
2009-07-16 15:56 . 2009-07-16 15:56 -------- d-----w- c:\windows\ie8updates
2009-07-13 17:28 . 2009-07-13 17:28 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE
2009-07-13 11:03 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 11:03 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-11 12:38 . 2009-07-11 12:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-10 22:21 . 2009-07-10 22:21 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-07-10 12:36 . 2009-07-10 12:38 -------- dc-h--w- c:\windows\ie8
2009-07-09 15:53 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-09 15:53 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-09 15:53 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-09 15:53 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-09 15:53 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-09 15:53 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-09 15:53 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-07-09 15:47 . 2009-07-09 15:47 -------- d-----w- c:\program files\Ubisoft
2009-07-09 15:44 . 2009-07-09 15:54 -------- d-----w- C:\temp
2009-07-04 12:04 . 2009-07-04 12:04 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-04 11:42 . 2009-07-04 11:42 -------- d-----w- c:\program files\Fichiers communs\Creative Labs Shared
2009-07-04 11:41 . 2008-04-13 15:33 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-07-04 11:41 . 2008-04-13 15:33 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2009-07-04 11:41 . 2008-04-13 07:46 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-07-04 11:41 . 2008-04-13 07:46 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2009-07-04 11:39 . 2009-07-04 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-07-04 11:38 . 2009-05-15 19:05 593920 ------w- c:\windows\system32\ati2sgag.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 00:39 . 2009-04-11 11:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 11:16 . 2009-04-11 11:17 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
2009-07-09 15:55 . 2009-06-03 10:45 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Ubisoft
2009-07-09 15:53 . 2009-04-21 20:39 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-09 15:53 . 2009-04-21 20:39 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-04 11:42 . 2009-04-11 11:28 -------- d-----w- c:\program files\Creative
2009-07-04 11:42 . 2009-04-11 11:28 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-04 11:42 . 2009-04-11 11:28 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-04 11:39 . 2009-04-11 11:20 -------- d-----w- c:\program files\ATI Technologies
2009-07-04 11:37 . 2009-04-11 12:57 -------- d-----w- c:\program files\Curse
2009-07-04 11:35 . 2009-04-11 11:07 -------- d-----w- c:\program files\RocketDock
2009-06-18 10:17 . 2009-06-18 10:03 -------- d-----w- c:\program files\Prototype
2009-06-03 15:15 . 2009-06-03 15:15 -------- d-----w- c:\program files\iTunes
2009-06-03 15:15 . 2009-06-03 15:15 -------- d-----w- c:\program files\iPod
2009-06-03 15:15 . 2009-04-11 13:01 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-03 15:15 . 2009-06-03 15:14 -------- d-----w- c:\program files\QuickTime
2009-06-03 15:12 . 2009-06-03 15:12 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 10:30 . 2009-06-03 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-05-29 11:36 . 2009-04-11 13:02 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 11:36 . 2009-04-11 13:02 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-20 15:12 . 2008-04-14 16:00 78812 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-20 15:12 . 2008-04-14 16:00 497616 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-20 02:32 . 2009-05-20 15:05 52552 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\LGMLauncher.exe
2009-05-20 02:32 . 2009-05-20 15:05 204112 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe
2009-05-20 02:32 . 2009-05-20 15:05 1047888 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2009-05-20 02:29 . 2009-05-20 15:05 24576 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDLRapi.dll
2009-05-19 06:13 . 2009-05-20 15:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2009-05-17 21:19 . 2009-05-20 15:05 450560 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2009-05-16 03:58 . 2009-05-16 03:58 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2009-02-25 21:42 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2009-05-16 03:38 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2009-05-16 03:18 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2009-02-25 21:29 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2009-05-16 03:07 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2009-05-16 02:55 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:33 . 2009-05-16 02:33 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-05-16 02:31 . 2009-02-25 20:38 139264 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:31 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-05-16 02:30 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:26 . 2009-05-16 02:26 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-05-16 02:24 . 2009-05-16 02:24 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-05-16 01:35 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 01:34 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:33 . 2009-05-16 01:33 3158016 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-13 05:04 . 2008-05-08 12:22 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 13:46 . 2009-05-09 13:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-09 13:46 . 2009-05-09 13:46 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:33 . 2008-04-14 16:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-05-04 10:57 . 2009-04-13 11:15 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-04 10:57 . 2009-04-13 11:15 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-23 19:04 . 2009-04-23 19:04 189051 ----a-w- c:\windows\system32\atiicdxx.dat
2009-06-15 12:26 . 2009-04-11 11:18 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-05-03 10:06 . 2009-04-20 18:14 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-04-20 18:14 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-20 18:14 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-05-08 12:22 724480 DB3AB42404D66860A4C4E9ED8530D0FD c:\windows\system32\user32.dll

[-] 2008-05-08 12:22 568320 AE0D48AF37F5A48156D4A6BAE07C9121 c:\windows\system32\winlogon.exe

[-] 2007-10-29 09:53 1916416 D84567752FB42D8DC55CFB85FE0EDECE c:\windows\explorer.exe

[-] 2008-05-08 12:13 40960 58DB2EE838D5B7BAD0F7F10A6C920390 c:\windows\system32\ctfmon.exe

[-] 2008-05-08 12:13 2004480 65C243BD71E319B59BCF24696C039B29 c:\windows\system32\comres.dll

[-] 2008-05-08 12:12 647680 D449DF66B6335B443508A58B1E8DB996 c:\windows\system32\comctl32.dll
[7] 2008-04-14 16:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 16:00 1054208 F92E6BEA9349D49341383F8403B4DFE5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-05-15 17:53 1571840 A5780186A76EABA3E656E63B41862997 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-08 40960]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2009-03-04 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Codemasters\\Overlord II\\Overlord2.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/04/2009 13:15 VALR 108289]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [04/03/2009 14:42 VALR 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [04/03/2009 14:42 VALR 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [04/03/2009 14:42 VALR 566296]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [11/04/2009 13:22 VALR 36864]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [04/03/2009 14:42 VALR 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [04/07/2009 13:42 VALR 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [04/03/2009 14:42 VALR 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [04/03/2009 14:42 VALR 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [04/03/2009 14:42 VALR 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [04/03/2009 14:42 VALR 566296]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 23:10 VALR 32512]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-21 c:\windows\Tasks\User_Feed_Synchronization-{B56F71E7-DAA3-4561-8055-3748F0A845DF}.job
- c:\windows\system32\msfeedssync.exe [2008-05-06 02:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
HKCU-Run-VisualTaskTip - \Program Files\VisualTaskTips\VisualTaskTips.exe
HKU-Default-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
HKU-Default-Run-VisualTaskTip - \Program Files\VisualTaskTips\VisualTaskTips.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {506ADD01-7824-4C58-AEED-2673274BE04A} = 80.10.246.2,80.10.246.129
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\3torrg6t.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 23:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(2020)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\shimgvw.dll
c:\windows\system32\webcheck.dll
c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\ntshrui.dll
c:\windows\system32\msls31.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-21 23:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-21 21:43

Pre-Run: 44 138 627 072 octets libres
Post-Run: 44 429 111 296 octets libres

278 --- E O F --- 2009-07-16 15:56

| Alerter

Répondre à raon

raon

21 Juillet 2009 21:54:36

Combofix ordi 1 :
ComboFix 09-07-20.05 - Luchas 21/07/2009 23:28.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3066.1829 [GMT 2:00]
Lancé depuis: c:\users\Luchas\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2246883897-1058968358-2961460090-500
c:\$recycle.bin\S-1-5-21-3395499582-3656299844-1299793059-500
c:\recycler\S-1-5-21-3209846082-2195448594-504941516-9761
c:\recycler\S-1-5-21-3209846082-2195448594-504941516-9761\Desktop.ini
c:\recycler\S-1-5-21-3209846082-2195448594-504941516-9761\msimfo32.exe
c:\users\Luchas\AppData\Roaming\bcrypt.html
c:\windows\system32\winupdate.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-21 au 2009-07-21 ))))))))))))))))))))))))))))))))))))
.

2009-07-21 21:32 . 2009-07-21 21:34 -------- d-----w- c:\users\Luchas\AppData\Local\temp
2009-07-21 18:29 . 2009-07-21 18:29 -------- d-----w- c:\program files\Trend Micro
2009-07-21 18:25 . 2009-07-21 18:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-21 18:25 . 2009-07-21 18:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-20 17:24 . 2007-03-20 12:49 2781184 ----a-w- c:\users\Luchas\AppData\Roaming\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2009-07-14 22:54 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 22:54 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 22:54 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 22:54 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 17:58 . 2009-07-14 17:58 -------- d-----w- c:\users\Luchas\AppData\Roaming\CyberLink
2009-07-14 17:58 . 2009-07-14 17:58 -------- d-----w- c:\programdata\CyberLink
2009-07-14 16:45 . 2009-07-14 16:45 -------- d-----w- c:\program files\CCleaner
2009-07-13 15:38 . 2009-07-13 15:38 -------- d-----w- c:\programdata\ATI
2009-07-13 15:13 . 2009-07-14 16:43 -------- d-----w- c:\programdata\ma-config.com
2009-07-13 15:13 . 2009-07-14 16:43 -------- d-----w- c:\program files\ma-config.com
2009-07-12 16:21 . 2009-07-12 16:21 -------- d-----w- c:\program files\ATI
2009-07-12 16:20 . 2009-07-12 16:20 -------- d-----w- C:\ATI
2009-07-08 02:10 . 2009-07-21 21:12 -------- d-----w- c:\users\Luchas\AppData\Roaming\vlc
2009-07-05 11:24 . 2007-03-23 02:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2009-07-01 13:33 . 2009-07-01 13:33 -------- d-----w- c:\programdata\Tages
2009-06-30 19:51 . 2009-07-01 10:02 -------- d-----w- c:\temp\Anno1404
2009-06-30 19:51 . 2009-06-30 19:51 -------- d-----w- C:\temp
2009-06-29 20:23 . 2009-06-29 20:23 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-29 20:23 . 2009-06-29 20:23 -------- d-----w- c:\windows\system32\AGEIA
2009-06-29 20:22 . 2009-06-29 20:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-29 19:46 . 2009-06-29 19:46 -------- d--h--r- c:\users\Luchas\AppData\Roaming\SecuROM
2009-06-29 19:38 . 2009-06-29 19:38 -------- d-----w- c:\program files\Codemasters
2009-06-29 19:36 . 2009-06-29 19:36 -------- d-----w- c:\program files\Cyanide
2009-06-28 17:47 . 2009-06-28 17:47 -------- d-----w- c:\programdata\FLEXnet
2009-06-28 17:40 . 2009-06-28 17:40 -------- d-----w- c:\program files\Common Files\Control Panels
2009-06-28 17:38 . 2009-06-28 17:38 -------- d-----w- c:\programdata\ALM
2009-06-28 17:10 . 2009-06-28 17:10 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 21:33 . 2009-06-13 15:20 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-21 21:08 . 2008-01-21 08:40 672470 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-21 21:08 . 2008-01-21 08:40 124400 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-21 04:32 . 2009-06-11 11:01 -------- d-----w- c:\users\Luchas\AppData\Roaming\uTorrent
2009-07-20 21:30 . 2009-06-11 15:04 -------- d-----w- c:\users\Luchas\AppData\Roaming\dvdcss
2009-07-15 01:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 16:40 . 2009-06-02 20:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 15:37 . 2009-06-02 20:40 -------- d-----w- c:\program files\ATI Technologies
2009-06-30 23:35 . 2009-06-30 23:35 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-30 23:35 . 2009-06-30 23:35 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-28 17:46 . 2009-06-11 09:36 71424 ----a-w- c:\users\Luchas\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 17:42 . 2009-06-02 20:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 16:18 . 2009-06-17 16:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-17 10:55 . 2009-06-15 20:37 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-06-16 19:09 . 2009-06-16 19:04 -------- d-----w- c:\program files\Warcraft 3
2009-06-15 20:37 . 2009-06-15 20:37 -------- d-----w- c:\users\Luchas\AppData\Roaming\MessengerDiscovery 2
2009-06-15 14:55 . 2009-06-15 14:55 -------- d-----w- c:\users\Luchas\AppData\Roaming\DivX
2009-06-15 14:55 . 2009-06-15 14:55 -------- d-----w- c:\program files\DivX
2009-06-15 14:55 . 2009-06-15 14:55 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-15 06:00 . 2009-06-15 06:00 680 ----a-w- c:\users\Luchas\AppData\Local\d3d9caps.dat
2009-06-14 20:34 . 2009-06-02 21:05 -------- d-----w- c:\programdata\Microsoft Help
2009-06-14 18:19 . 2009-06-14 18:19 -------- d-----w- c:\program files\PDFCreator
2009-06-13 15:34 . 2009-06-02 20:59 -------- d-----w- c:\program files\Microsoft
2009-06-12 15:35 . 2009-06-12 15:35 -------- d-----w- c:\program files\MSXML 4.0
2009-06-12 11:09 . 2009-06-02 21:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-12 07:48 . 2009-06-12 07:48 -------- d-----w- c:\users\Luchas\AppData\Roaming\LG Electronics
2009-06-12 06:49 . 2009-06-12 06:49 -------- d-----w- c:\program files\LG PC Suite 2
2009-06-12 06:49 . 2009-06-12 06:49 -------- d-----w- c:\users\Luchas\AppData\Roaming\InstallShield
2009-06-12 06:46 . 2009-06-12 06:46 -------- d-----w- c:\program files\LG Electronics
2009-06-12 06:44 . 2009-06-12 06:43 -------- d-----w- c:\programdata\LGMOBILEAX
2009-06-12 01:07 . 2009-06-02 20:45 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 17:53 . 2009-06-11 17:53 10134 ----a-r- c:\users\Luchas\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-11 17:53 . 2009-06-11 17:53 -------- d-----w- c:\program files\Microsoft WSE
2009-06-11 16:17 . 2009-06-11 16:17 -------- d-----w- c:\program files\Electronic Arts
2009-06-11 16:11 . 2009-06-11 16:04 -------- d-----w- c:\users\Luchas\AppData\Roaming\DAEMON Tools Lite
2009-06-11 16:08 . 2009-06-11 16:08 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-11 16:07 . 2009-06-11 16:07 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-11 16:07 . 2009-06-11 16:07 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-11 16:04 . 2009-06-11 16:04 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-11 14:34 . 2009-06-11 14:34 -------- d-----w- c:\users\Luchas\AppData\Roaming\Reallusion
2009-06-11 14:34 . 2009-06-11 12:46 -------- d-----w- c:\programdata\Creative
2009-06-11 14:26 . 2009-06-11 14:26 -------- d-----w- c:\programdata\Messenger Plus!
2009-06-11 14:25 . 2009-06-02 20:42 -------- d-----w- c:\programdata\McAfee
2009-06-11 13:24 . 2009-06-11 12:05 -------- d-----w- c:\users\Luchas\AppData\Roaming\Apple Computer
2009-06-11 13:20 . 2009-06-11 13:20 -------- d-----w- c:\programdata\Avira
2009-06-11 13:20 . 2009-06-11 13:20 -------- d-----w- c:\program files\Avira
2009-06-11 12:45 . 2009-06-11 12:45 -------- d-----w- c:\users\Luchas\AppData\Roaming\Creative
2009-06-11 12:43 . 2009-06-02 20:35 -------- d-----w- c:\program files\Dell
2009-06-11 12:36 . 2009-06-02 20:52 -------- d-----w- c:\programdata\Dell
2009-06-11 12:16 . 2009-06-11 12:16 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-11 12:11 . 2009-06-02 20:59 -------- d-----w- c:\program files\Windows Live
2009-06-11 12:04 . 2009-06-11 12:04 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-11 12:04 . 2009-06-11 12:04 -------- d-----w- c:\program files\iTunes
2009-06-11 12:04 . 2009-06-11 12:04 -------- d-----w- c:\program files\iPod
2009-06-11 12:04 . 2009-06-11 12:01 -------- d-----w- c:\program files\Common Files\Apple
2009-06-11 12:04 . 2009-06-11 12:03 -------- d-----w- c:\programdata\Apple Computer
2009-06-11 12:03 . 2009-06-11 10:54 -------- d-----w- c:\program files\Bonjour
2009-06-11 12:03 . 2009-06-11 12:03 -------- d-----w- c:\program files\QuickTime
2009-06-11 12:02 . 2009-06-11 12:02 -------- d-----w- c:\program files\Apple Software Update
2009-06-11 12:01 . 2009-06-11 12:01 -------- d-----w- c:\programdata\Apple
2009-06-11 11:01 . 2009-06-11 11:01 -------- d-----w- c:\program files\uTorrent
2009-06-11 10:39 . 2009-06-11 10:39 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-11 10:31 . 2009-06-11 10:31 -------- d-----w- c:\program files\VideoLAN
2009-06-11 09:39 . 2009-06-11 09:39 -------- d-----w- c:\users\Luchas\AppData\Roaming\ATI
2009-06-11 09:36 . 2009-06-11 09:36 -------- d-----w- c:\users\Luchas\AppData\Roaming\Dell
2009-06-11 09:32 . 2009-06-11 09:32 -------- d-sh--we c:\programdata\Modèles
2009-06-11 09:32 . 2009-06-11 09:32 -------- d-sh--we c:\programdata\Menu Démarrer
2009-06-11 09:32 . 2009-06-11 09:32 -------- d-sh--we c:\programdata\Favoris
2009-06-11 09:32 . 2009-06-11 09:32 -------- d-sh--we c:\programdata\Documents
2009-06-11 09:32 . 2009-06-11 09:32 -------- d-sh--we c:\programdata\Bureau
2009-06-11 09:32 . 2009-06-11 09:32 -------- d-sh--we c:\program files\Fichiers communs
2009-06-11 05:45 . 2009-06-12 06:44 1056080 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2009-06-11 05:44 . 2009-06-12 06:44 454656 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2009-06-11 01:08 . 2009-06-12 06:44 86016 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-02 23:13 . 2009-06-02 23:13 -------- d-----w- c:\program files\Synaptics
2009-06-02 23:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-02 23:11 . 2009-06-02 23:11 26112 ----a-w- c:\windows\system32\hidserv.dll
2009-06-02 23:11 . 2009-06-02 23:11 22016 ----a-w- c:\windows\system32\hid.dll
2009-06-02 23:10 . 2009-06-02 23:10 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-06-02 23:08 . 2009-06-02 23:08 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-06-02 23:08 . 2009-06-02 23:08 36864 ----a-w- c:\windows\system32\cdd.dll
2009-06-02 23:08 . 2009-06-02 23:08 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2009-06-02 23:08 . 2009-06-02 23:08 45056 ----a-w- c:\windows\system32\dataclen.dll
2009-06-02 23:08 . 2009-06-02 23:08 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-06-02 23:07 . 2009-06-02 23:07 1645568 ----a-w- c:\windows\system32\connect.dll
2009-06-02 23:07 . 2009-06-02 23:07 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-06-02 23:07 . 2009-06-02 23:07 2927104 ----a-w- c:\windows\explorer.exe
2009-06-02 23:06 . 2009-06-02 23:06 738304 ----a-w- c:\windows\system32\inetcomm.dll
2009-06-02 23:06 . 2009-06-02 23:06 269312 ----a-w- c:\windows\system32\es.dll
2009-06-02 23:05 . 2009-06-02 23:05 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-02 23:04 . 2009-06-02 23:04 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-06-02 23:03 . 2009-06-02 23:03 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-06-02 23:02 . 2009-06-02 23:02 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-06-02 23:00 . 2009-06-02 23:00 885248 ----a-w- c:\windows\system32\RacEngn.dll
2009-06-02 23:00 . 2009-06-02 23:00 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 23:00 . 2009-06-02 23:00 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-06-02 23:00 . 2009-06-02 23:00 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-06-12 19:38 . 2009-06-11 10:30 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-02 20:49 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2246883897-1058968358-2961460090-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5D1D327E-822A-4E36-848A-C05011B52C1B}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe

ell Video Chat
"{AA635ACF-B5B3-4683-A0A5-361DCFE14BB5}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe

ell Video Chat
"{7549C0B1-AF60-4206-BE13-ED69E16B2CCF}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX
"{F951D4C0-89DE-442B-8B9E-D9943E9CA636}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program
"{2A2980F9-6A52-4820-ABEE-65B6276F3291}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{688106A6-254E-409A-9AE7-08324AA2A4BB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4230581F-1B8D-4DB8-9CEB-8A5DACFC76D2}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{928F8EBA-8479-4A2A-8C42-6A6240C48CF4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{406BC2EA-B830-44FE-8F79-A536E448F527}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5DAAE6AB-1C7B-4FA8-8F98-31BC8811B218}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{79B47509-0F2E-457F-A364-EC9E68D7FB1C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BD1C999F-9E66-444C-B40A-722C9F5791C6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4F49C0CA-A4AE-4116-A1E1-22EE443BAEB0}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{853A66AF-152C-4761-86C5-E86E3F8A64B4}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{9E78F163-0B00-42C3-B7EC-24AFD3D0B586}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{EFC41C8E-A9DD-471E-A91F-CDC6D36E18D4}c:\\program files\\warcraft 3\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft 3\warcraft iii\war3.exe:Warcraft III
"UDP Query User{A902634E-0123-4FB9-BD0F-CE05D49343AC}c:\\program files\\warcraft 3\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft 3\warcraft iii\war3.exe:Warcraft III
"{5758FBE5-6FC1-4F23-93D0-562E973CE71D}"= UDP:c:\program files\Codemasters\Overlord II\Overlord2.exe

verlord II
"{17DDDF20-C483-4C47-BF9A-FA2FB21D8B5A}"= TCP:c:\program files\Codemasters\Overlord II\Overlord2.exe

verlord II
"{A857A1CE-E206-44A4-ACFD-C22B81CE2DCD}"= UDP:c:\program files\Cyanide\Blood Bowl\BB.exe:Blood Bowl
"{BD74B449-A0EA-4F68-9424-C6612138BBFA}"= TCP:c:\program files\Cyanide\Blood Bowl\BB.exe:Blood Bowl
"{1A3041C9-D20C-44B4-91AE-9D8C4307FAAE}"= UDP:c:\program files\Cyanide\Blood Bowl\Autorun\Exe\Autorun.exe:Blood Bowl - AutoRun
"{E26D03DE-CA75-4D19-8541-80D829516C08}"= TCP:c:\program files\Cyanide\Blood Bowl\Autorun\Exe\Autorun.exe:Blood Bowl - AutoRun
"TCP Query User{7095C75C-9358-42CF-B951-887B96700E45}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{1F985400-2E5E-4247-A5B3-4C3C11A243C7}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{73E8DAB2-1B06-4A64-A0F7-19FFF19FEFC6}c:\\program files\\warcraft 3\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft 3\warcraft iii\war3.exe:Warcraft III
"UDP Query User{104D23CF-B644-4C55-8F4E-F2AB73819FEB}c:\\program files\\warcraft 3\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft 3\warcraft iii\war3.exe:Warcraft III
"{54ADEC0E-1888-475C-BF56-265D1345EFBC}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{58F85B2E-FE7E-4EE4-9F30-FEE3E353FE1D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{D29F17C2-DAD0-48D6-AF3B-AE644BFAAF2F}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{960A1840-20CB-4EE9-83FF-3C1F0FB492C4}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [03/06/2009 01:13 81920]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/06/2009 15:20 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [21/07/2009 20:25 1153368]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [24/04/2009 07:43 95544]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\System32\drivers\CtClsFlt.sys [02/06/2009 22:53 135936]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [03/06/2009 01:13 212992]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\System32\drivers\OA008Ufd.sys [03/06/2009 01:13 133472]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\System32\drivers\OA008Vid.sys [03/06/2009 01:13 271616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-07-21 c:\windows\Tasks\User_Feed_Synchronization-{CBEB5B93-D7D7-42A7-9BDD-ED568E3998D6}.job
- c:\windows\system32\msfeedssync.exe [2009-06-13 11:31]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Luchas\AppData\Roaming\Mozilla\Firefox\Profiles\hb3wixi5.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 23:35
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2246883897-1058968358-2961460090-1000\Software\SecuROM\License information*]
"datasecu"=hex:bc,b4,a4,fd,a3,ae,7e,d4,21,ba,ad,14,fb,77,be,54,82,38,93,c1,63,
36,ea,7e,b5,da,07,ef,da,dc,0d,6b,34,01,5b,00,6a,a7,6d,51,74,75,9d,d3,a6,6d,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-07-21 23:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-07-21 21:39

Avant-CF: 154 798 059 520 octets libres
Après-CF: 155 048 624 128 octets libres

310 --- E O F --- 2009-07-16 23:45

Plus d'alertes au démarrage, plus de pop up, et appli windows disponibles mais toujours des freezes violents (seulement sur l'ordi 1)

| Alerter

Répondre à raon

Destrio5

21 Juillet 2009 21:57:56

Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.

Lance l'installation avec les paramètres par défaut.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur le raccourci UsbFix sur ton Bureau.
(Sous Vista, clique droit sur le raccourci UsbFix et choisis Exécuter en tant qu'administrateur)

Choisis l'option 1 (Recherche).

Laisse travailler l'outil.

Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

| Alerter

Répondre à Destrio5

raon

21 Juillet 2009 22:06:43

############################## | UsbFix V6.009 |

# User : Luchas (Administrateurs) # PC-DE-LUCHAS
# Update on 20/07/09 by Chiquitine29 & C_XX
# Start at: 00:03:20 | 22/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18783
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 283,4 Go (144,36 Go free) [OS] # NTFS
# D:\ # Disque fixe local # 14,65 Go (8,48 Go free) [RECOVERY] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque fixe local # 298,08 Go (67,48 Go free) [My Book] # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

################## | C:\Users\Luchas\Temporary Internet Files |

################## | All Drives ... |

################## | Registre # Clés Run infectieuses |

################## | Registre # Mountpoints2 |

################## | Other |

################## | Cracks / Keygens / Serials |

"C:\Users\Luchas\Documents\Nouveau dossier\Adobe CS3 Master Collection Corporate\Crack\AdobeCS3AllVersionsKeygen.exe"
07/12/2008 21:54 |Size : 542208 |Crc32 : b2928623 |Md5 : a73210a724d062eff260b92639f6853c

"C:\Users\Luchas\Downloads\The.Sims.3.Crackfix.Read.Nfo-Razor1911\TS3.exe"
11/06/2009 18:24 |Size : 11285776 |Crc32 : 368ce21a |Md5 : 2fcdcd3025033c85c19d9c1aea8c3b9a

################## | ! Fin du rapport # UsbFix V6.009 ! |

Y'a plus l'air d'y avoir de freeze depuis un reboot

| Alerter

Répondre à raon

Destrio5

21 Juillet 2009 22:36:19

Désinstalle UsbFix.

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

| Alerter

Répondre à Destrio5

raon

21 Juillet 2009 23:57:42

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2476
Windows 6.0.6001 Service Pack 1

22/07/2009 01:57:04
mbam-log-2009-07-22 (01-57-04).txt

Type de recherche: Examen rapide
Eléments examinés: 80940
Temps écoulé: 2 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Voila

| Alerter

Répondre à raon

Destrio5

22 Juillet 2009 00:00:42

Plus de souci ?

| Alerter

Répondre à Destrio5

raon

22 Juillet 2009 02:44:34

nope, tout va bien merci beaucoup!

| Alerter

Répondre à raon

Destrio5

22 Juillet 2009 02:50:49

1/

Désinstalle HijackThis.

Télécharge ToolsCleaner2 sur ton Bureau.

Clique droit sur ToolsCleaner2.exe et choisis Exécuter en tant qu'administrateur.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

Télécharge et installe CCleaner Slim.

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.

3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

==Prévention==

Réactive l'UAC.

Supprimer les popups d'Antivir : Lien

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

Sois plus vigilant(e) sur Internet

| Alerter

Répondre à Destrio5

Tom's guide dans le monde