virus bagle vista

[nico52]

Bonjour à tous. Voila depuis ce matin je me suis aperçu que j'ai été le cible du virus bagle. J'ai essayé plusieurs méthodes comme ELIBAGLA, Combofix mais sa ne marche pas. J'ai aussi voulut lancer HijackThis mais le message C:\Commun\Users\Desktop\HijackThis.exe n'est pas une application Win32 valide". Pourriez vous m'aider s'il vous plait. Merci

[pear]

Bonjour,

 

Vous allez télécharger Combofix.

Ce logiciel est très puissant et ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version que vous allez charger sera obsolète dans quelques jours.

Avant de l'installer,lisez ce Mode opératoire:

Ensuite

Télécharger combofix.exe de sUBs

et sauvegardez le sur le bureau

 

 

Renommer ComboFix

Dans certains cas, Ver Bagle par exemple,,il est nécessaire de renommer ComboFix.exe en Combo-Fix.exe avant le téléchargement pour traiter l' infection.

Bagle cible tout fichier nommé ComboFix et génère un message d'erreur.

Désinstallez Combofix:

Démarrer > Exécuter ->combofix.exe /u

Valider par OK

ComboFix démarre et affiche un message disant que ComboFix est bien éliminé: cliquer sur OK.

.

Attention, par défaut, Firefox ne permet pas le renommage avant sauvegarde, utiliser plutôt IE

Pour le renommer:

Clic droit sur http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Choisir "Enregistrer la cible du lien..sous...."

Choisir le bureau

En bas, à Nom du Fichier:

Insérez un trait d'union (-) entre Combo et Fix.

Vous devez obtenir -> Combo-Fix.exe

Cliquez enfin sur -> Enregistrer

Lancez Combo-fix.exe

En cas de problème, :

méthode illustrée

[nico52]

ComboFix 08-10-04.07 - Commun 2008-10-05 15:27:17.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.312 [GMT 2:00]

Lancé depuis: C:\Users\Commun\Desktop\Combo-Fix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\InfoSat.txt

C:\Users\Commun\AppData\Roaming\m

C:\Users\Commun\AppData\Roaming\m\data.oct

C:\Users\Commun\AppData\Roaming\m\flec006.exe

C:\Users\Commun\AppData\Roaming\m\list.oct

C:\Users\Commun\AppData\Roaming\m\shared\ABC_Amber_Lotus_Notes_Converter_4.01.zip

C:\Users\Commun\AppData\Roaming\m\shared\ActiveResize_Control_3.3_Patch.zip

C:\Users\Commun\AppData\Roaming\m\shared\Advanced_ZIP_Password_Recovery_4.0.24.zip

C:\Users\Commun\AppData\Roaming\m\shared\Age_of_Empires_II_The_Conquerors_-_Shipwreck_map.zip

C:\Users\Commun\AppData\Roaming\m\shared\Age_of_Mythology_-_Theris_scenario.zip

C:\Users\Commun\AppData\Roaming\m\shared\Altdo_Apple_TV_Video_Converter_1.1.zip

C:\Users\Commun\AppData\Roaming\m\shared\Animated_MSN_Emoticons_Set_1_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\antivirus.kaspersky.2006.+.nod.32.saba.ok.zip

C:\Users\Commun\AppData\Roaming\m\shared\ARulesXL_2.0.6_(Crack).zip

C:\Users\Commun\AppData\Roaming\m\shared\Australia_Ashes_Screensaver_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Autumn_XP_Falls_Screensaver_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Axialis_MediaBrowser_4.01_KeyGen.zip

C:\Users\Commun\AppData\Roaming\m\shared\Big_Mountain_4.39_(Patch).zip

C:\Users\Commun\AppData\Roaming\m\shared\Birth_Alert_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\BoliGego_Mediaplayer_3.04.zip

C:\Users\Commun\AppData\Roaming\m\shared\BrowserBob_Professional_Edition_4.1.3.zip

C:\Users\Commun\AppData\Roaming\m\shared\BudgetKel_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Calc_360_1.2.2.zip

C:\Users\Commun\AppData\Roaming\m\shared\Call_of_Duty_Nuenen_Map.zip

C:\Users\Commun\AppData\Roaming\m\shared\CD_FrontEnd_Lite_3.0_[KeyGen].zip

C:\Users\Commun\AppData\Roaming\m\shared\Click'n_Design_3D_5.1.4.zip

C:\Users\Commun\AppData\Roaming\m\shared\Collmate_1.36_[KeyGen].zip

C:\Users\Commun\AppData\Roaming\m\shared\Colorado_Web_Cams_1.1.zip

C:\Users\Commun\AppData\Roaming\m\shared\ContactsCollector_1.10_[Patch].zip

C:\Users\Commun\AppData\Roaming\m\shared\Cool_MP3_Burner_6.0_[Key].zip

C:\Users\Commun\AppData\Roaming\m\shared\Crocodiles_Screensaver2_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Csmith_2.8.zip

C:\Users\Commun\AppData\Roaming\m\shared\DB_Organizer_Deluxe_2.8.zip

C:\Users\Commun\AppData\Roaming\m\shared\dbSuite_Admin_Tool_for_MySQL_1.2.zip

C:\Users\Commun\AppData\Roaming\m\shared\DealSucker_Alerts_1.4.zip

C:\Users\Commun\AppData\Roaming\m\shared\Debt_Analyzer_3.5_Key.zip

C:\Users\Commun\AppData\Roaming\m\shared\Disney's_Animal_Kingdom_Screensaver_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\DJ_Boo_Boo_2.0.8.zip

C:\Users\Commun\AppData\Roaming\m\shared\DotNetPanel_2.1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\DUNDUP_1.20_beta_1.zip

C:\Users\Commun\AppData\Roaming\m\shared\DynamicMagic_4.0_[Patch].zip

C:\Users\Commun\AppData\Roaming\m\shared\Easy_Favorite_1.zip

C:\Users\Commun\AppData\Roaming\m\shared\Easy_Login_1.1.5.zip

C:\Users\Commun\AppData\Roaming\m\shared\EasyBMPtoAVI_Movie_Creator_0.51.zip

C:\Users\Commun\AppData\Roaming\m\shared\EBRclock_1.2.zip

C:\Users\Commun\AppData\Roaming\m\shared\EditCNC_3.0.2.9_[With_Crack].zip

C:\Users\Commun\AppData\Roaming\m\shared\Email_Manager_1_revision_4.zip

C:\Users\Commun\AppData\Roaming\m\shared\FantasyCodec_2.9_Build_1018.zip

C:\Users\Commun\AppData\Roaming\m\shared\FCOPY_1.12.zip

C:\Users\Commun\AppData\Roaming\m\shared\FileAssurity_OpenPGP_2.02_build_263_[serial].zip

C:\Users\Commun\AppData\Roaming\m\shared\Flady_1.0.4.zip

C:\Users\Commun\AppData\Roaming\m\shared\FlowChartX_control_4.1.1.zip

C:\Users\Commun\AppData\Roaming\m\shared\Grand_Theft_Auto_Vice_City_1967_Ford_Shelby_Mustang_GT500_Model.zip

C:\Users\Commun\AppData\Roaming\m\shared\Harmony-Complete_Home_Automation_5_Lite_5.0_build_156.zip

C:\Users\Commun\AppData\Roaming\m\shared\Hotbasic_Debugger_2.2.zip

C:\Users\Commun\AppData\Roaming\m\shared\i.Vista_Panorama_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\ICE_iMap_Image_Mapper_1.1.zip

C:\Users\Commun\AppData\Roaming\m\shared\Inside_Website_Logger_2.2.zip

C:\Users\Commun\AppData\Roaming\m\shared\InvesTraK_3.0.4.2_Patch.zip

C:\Users\Commun\AppData\Roaming\m\shared\JobPro_Central_2.6.zip

C:\Users\Commun\AppData\Roaming\m\shared\Kaspersky.Avp.Blacklist.Removal.Tool.v1.8.zip

C:\Users\Commun\AppData\Roaming\m\shared\Kernel_Palm_PDB_4.03.zip

C:\Users\Commun\AppData\Roaming\m\shared\LingvoSoft_Picture_Dictionary_2007_English_-_Serbian_1.1.17_(Key+Serial).zip

C:\Users\Commun\AppData\Roaming\m\shared\LingvoSoft_Suite_2007_English_-_Polish_2.0.23_(Serial).zip

C:\Users\Commun\AppData\Roaming\m\shared\Little_Big_League_Baseball_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Log_researcher_1.0_(Serial).zip

C:\Users\Commun\AppData\Roaming\m\shared\Look_It_Up_1.0.7_(With_Crack).zip

C:\Users\Commun\AppData\Roaming\m\shared\Magic_DeskX_3.2.zip

C:\Users\Commun\AppData\Roaming\m\shared\Magic_Ellipses_1.3.zip

C:\Users\Commun\AppData\Roaming\m\shared\Magic_Sharpener_1.5.zip

C:\Users\Commun\AppData\Roaming\m\shared\MeGaSearch_1.2.zip

C:\Users\Commun\AppData\Roaming\m\shared\Microsoft_Windows_Malicious_Software_Removal_Tool_1.12.zip

C:\Users\Commun\AppData\Roaming\m\shared\Mighty_Ticker_1.1.4.zip

C:\Users\Commun\AppData\Roaming\m\shared\Miro_0.9.8.1_Public_Preview_1.zip

C:\Users\Commun\AppData\Roaming\m\shared\Moon_3D_Space_Tour_1.1_(Cracked).zip

C:\Users\Commun\AppData\Roaming\m\shared\mp3-Arranger_6.2-1.zip

C:\Users\Commun\AppData\Roaming\m\shared\MP3_Audio_Converter_3.06.zip

C:\Users\Commun\AppData\Roaming\m\shared\MP3_CD_Ripper_2.53.zip

C:\Users\Commun\AppData\Roaming\m\shared\MP3_to_CD_Burners_2.50_Key.zip

C:\Users\Commun\AppData\Roaming\m\shared\My_Command_Button_ActiveX_4.02.zip

C:\Users\Commun\AppData\Roaming\m\shared\My_Reminder_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Natural_Resources_Database_NRDB_Pro_2.2.2.zip

C:\Users\Commun\AppData\Roaming\m\shared\Netsticker_1.0_(Cracked).zip

C:\Users\Commun\AppData\Roaming\m\shared\NHL_2002_demo.zip

C:\Users\Commun\AppData\Roaming\m\shared\Optenet_PC_Parental_Control_Software_9.4.1.zip

C:\Users\Commun\AppData\Roaming\m\shared\Optimizer_Rx_1.01.zip

C:\Users\Commun\AppData\Roaming\m\shared\Panda_TruPrevent_Personal_2006_Promotional_Version_3.zip

C:\Users\Commun\AppData\Roaming\m\shared\Paraben's_AdStopper_6.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Paraben's_Icon_Builder_7.02.zip

C:\Users\Commun\AppData\Roaming\m\shared\Password_Retriever_5.3.4.zip

C:\Users\Commun\AppData\Roaming\m\shared\PDF_Split-Merge_2.2_Cracked.zip

C:\Users\Commun\AppData\Roaming\m\shared\Perf'Control_Personal_Edition_1.1.1.zip

C:\Users\Commun\AppData\Roaming\m\shared\Pixel_Grease_-_Easy_Image_Editor_2.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Projects_Manager_1.0.2.zip

C:\Users\Commun\AppData\Roaming\m\shared\PUB_SMOOTH_1.0_KeyGen.zip

C:\Users\Commun\AppData\Roaming\m\shared\Quicken_Password_Recovery_Key_8.0_build_2514.zip

C:\Users\Commun\AppData\Roaming\m\shared\Renamer_1.6_Build_80.zip

C:\Users\Commun\AppData\Roaming\m\shared\Repair_Tool_for_Outlook_Express_1.6.zip

C:\Users\Commun\AppData\Roaming\m\shared\Restore_Deleted_from_Outlook_Express_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\RideWay_2.2.zip

C:\Users\Commun\AppData\Roaming\m\shared\Robo-Logan_Adventure_2_1.zip

C:\Users\Commun\AppData\Roaming\m\shared\SageTV_Media_Center_6.1.9_[Crack].zip

C:\Users\Commun\AppData\Roaming\m\shared\SASA_ADSL_Statistics_Analyser_0.16.zip

C:\Users\Commun\AppData\Roaming\m\shared\Save_Message_Action_for_InboxRULES_2.10_Cracked.zip

C:\Users\Commun\AppData\Roaming\m\shared\Scancat-Gold_8.50_Serial.zip

C:\Users\Commun\AppData\Roaming\m\shared\Scenic_Drive_-_Alexandria_to_Johnstown_in_the_Rain_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\SCWebCam_3.5.14.zip

C:\Users\Commun\AppData\Roaming\m\shared\Secrets_Protector_Pro_2006_3.09_[Key].zip

C:\Users\Commun\AppData\Roaming\m\shared\Security_Explorer_5.3.1.zip

C:\Users\Commun\AppData\Roaming\m\shared\SF_Giants_Screensaver_2001.zip

C:\Users\Commun\AppData\Roaming\m\shared\Sid_Meier's_Alpha_Centauri_Nod_mod.zip

C:\Users\Commun\AppData\Roaming\m\shared\Snap_Font_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Soccer_Assistant_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Soft_Sea_Drop-Down_Menu_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Speaking_Calendar_6.6.8.zip

C:\Users\Commun\AppData\Roaming\m\shared\StarOffice_IFilter_1.2_Serial.zip

C:\Users\Commun\AppData\Roaming\m\shared\SubTool_2.6.zip

C:\Users\Commun\AppData\Roaming\m\shared\SWF_'n_Slide_Pro_for_Mac_1.017.zip

C:\Users\Commun\AppData\Roaming\m\shared\TeachWord_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\The_Washington_Memorial_ScreenSaver_5.07_[Patch].zip

C:\Users\Commun\AppData\Roaming\m\shared\TourGroup_Manager_3.00.10.zip

C:\Users\Commun\AppData\Roaming\m\shared\TrayDay_7.02.zip

C:\Users\Commun\AppData\Roaming\m\shared\uCertify_-_MCSA_Practice_Test_for_Exam_N10-002_-_192+_Questions_6.10.05.zip

C:\Users\Commun\AppData\Roaming\m\shared\Uninstaller_for_Total_Commander_1.7.3d.zip

C:\Users\Commun\AppData\Roaming\m\shared\UninstallKing2005_2.18_Cracked.zip

C:\Users\Commun\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_No_Contest_map.zip

C:\Users\Commun\AppData\Roaming\m\shared\urlStart_1.0.2.1.zip

C:\Users\Commun\AppData\Roaming\m\shared\Visual_File_Downloader_1.4_(KeyGen).zip

C:\Users\Commun\AppData\Roaming\m\shared\Weaverslave_Syntax_Editor_1.0.zip

C:\Users\Commun\AppData\Roaming\m\shared\Web_Explorer_2.3.zip

C:\Users\Commun\AppData\Roaming\m\shared\Windows_2000_Protected_Store_Key_Length_Vulnerability_Patch.zip

C:\Users\Commun\AppData\Roaming\m\shared\WinInstallDate_1.41.zip

C:\Users\Commun\AppData\Roaming\m\shared\WishBin_RC8.zip

C:\Users\Commun\AppData\Roaming\m\shared\XPTS_1.2_release_3.zip

C:\Users\Commun\AppData\Roaming\m\srvlist.oct

C:\Windows\system32\ban_list.txt

C:\Windows\system32\drivers\downld

C:\Windows\system32\drivers\downld\136046.exe

C:\Windows\system32\drivers\downld\140765.exe

C:\Windows\system32\drivers\downld\158765.exe

C:\Windows\system32\drivers\downld\164296.exe

C:\Windows\system32\drivers\downld\165375.exe

C:\Windows\system32\drivers\downld\169843.exe

C:\Windows\system32\drivers\downld\172156.exe

C:\Windows\system32\drivers\downld\174640.exe

C:\Windows\system32\drivers\downld\174859.exe

C:\Windows\system32\drivers\downld\186203.exe

C:\Windows\system32\drivers\downld\191250.exe

C:\Windows\system32\drivers\downld\193609.exe

C:\Windows\system32\drivers\downld\194281.exe

C:\Windows\system32\drivers\downld\195656.exe

C:\Windows\system32\drivers\downld\196625.exe

C:\Windows\system32\drivers\downld\207734.exe

C:\Windows\system32\drivers\downld\207984.exe

C:\Windows\system32\drivers\downld\211375.exe

C:\Windows\system32\drivers\downld\237203.exe

C:\Windows\system32\drivers\downld\252078.exe

C:\Windows\system32\drivers\downld\252156.exe

C:\Windows\system32\drivers\downld\257312.exe

C:\Windows\system32\drivers\downld\259015.exe

C:\Windows\system32\drivers\downld\263234.exe

C:\Windows\system32\drivers\downld\264453.exe

C:\Windows\system32\drivers\downld\271984.exe

C:\Windows\system32\drivers\downld\308031.exe

C:\Windows\system32\drivers\downld\44411406.exe

C:\Windows\system32\drivers\downld\44412734.exe

C:\Windows\system32\drivers\downld\44427593.exe

C:\Windows\system32\drivers\hldrrr.exe

C:\Windows\system32\mdelk.exe

C:\Windows\system32\MSINET.oca

C:\Windows\system32\rtl60.bpl

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_srosa

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))

.

 

2008-10-05 15:20 . 2008-10-05 15:25 <REP> d-------- C:\32788R22FWJFW

2008-10-05 13:56 . 2008-10-05 14:02 49 --a------ C:\Windows\NeroDigital.ini

2008-10-05 13:19 . 2008-10-05 13:20 <REP> d-------- C:\Program Files\Trend Micro

2008-10-05 13:01 . 2008-10-05 13:04 <REP> d-------- C:\Users\Commun\AppData\Roaming\Spyware Terminator

2008-10-05 13:01 . 2008-10-05 15:15 <REP> d-------- C:\Users\All Users\Spyware Terminator

2008-10-05 13:01 . 2008-10-05 13:04 <REP> d-------- C:\Program Files\Spyware Terminator

2008-10-05 13:01 . 2008-10-05 15:15 <REP> d-------- C:\PROGRA~2\Spyware Terminator

2008-10-05 13:01 . 2008-10-05 13:01 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys

2008-10-05 12:49 . 2008-10-05 12:49 <REP> d-------- C:\Muestras

2008-10-04 23:23 . 2008-10-04 23:25 <REP> d-------- C:\Users\All Users\Lavasoft

2008-10-04 23:23 . 2008-10-04 23:23 <REP> d-------- C:\Program Files\Lavasoft

2008-10-04 23:23 . 2008-10-04 23:25 <REP> d-------- C:\PROGRA~2\Lavasoft

2008-10-04 23:15 . 2008-10-05 11:36 68,382 --a------ C:\Windows\System32\wintems.exe.ren

2008-10-04 13:29 . 2008-10-04 13:29 <REP> d-------- C:\Program Files\TerraGame

2008-10-04 13:29 . 2008-10-04 13:29 <REP> d-------- C:\Program Files\Paprikari

2008-10-04 13:29 . 1999-12-17 09:13 86,016 --a------ C:\Windows\unvise32.exe

2008-09-27 11:17 . 2008-09-27 11:17 <REP> d-------- C:\Users\Commun\AppData\Roaming\Thunderbird

2008-09-27 11:17 . 2008-09-27 11:17 <REP> d-------- C:\Program Files\Mozilla Thunderbird

2008-09-18 09:48 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-18 09:48 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-18 09:48 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-18 09:48 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-18 09:47 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-18 09:47 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-18 09:47 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-18 09:47 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-18 09:47 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-14 21:36 . 2008-09-14 21:36 <REP> d-------- C:\Program Files\Apple Software Update

2008-09-13 10:32 . 2008-09-13 10:32 <REP> d-------- C:\Program Files\Hercules

2008-09-13 10:31 . 2007-01-31 17:01 256,000 --a------ C:\Windows\System32\drivers\netr73.sys

2008-09-11 20:10 . 2008-09-11 20:11 <REP> d-------- C:\Users\Commun\AppData\Roaming\SPORE

2008-09-11 18:55 . 2008-09-11 18:55 <REP> d-------- C:\Users\Commun\SPORE

2008-09-10 17:11 . 2008-09-10 17:11 <REP> d-------- C:\Users\Commun\AppData\Roaming\SolidWorks

2008-09-10 17:10 . 2008-09-10 17:10 <REP> d-------- C:\Users\Commun\AppData\Roaming\DWGeditor

2008-09-10 17:10 . 2008-09-10 17:10 <REP> d-------- C:\Program Files\DWGeditor

2008-09-10 17:09 . 2008-09-10 17:09 <REP> d-------- C:\Program Files\Common Files\eDrawings2006

2008-09-10 17:08 . 2004-11-05 11:08 670,208 --a------ C:\Windows\System32\drivers\hardlock.sys

2008-09-10 17:07 . 2004-05-10 14:19 639,052 --a------ C:\Windows\System32\BBPDFPortMon.dll

2008-09-10 17:07 . 2008-09-10 17:07 23 --ah----- C:\Windows\yacht.xws

2008-09-10 17:03 . 2008-09-10 17:21 <REP> d-------- C:\Program Files\Common Files\Bluebeam Software

2008-09-10 16:59 . 2008-09-10 17:22 <REP> d-------- C:\Program Files\SolidWorks

2008-09-10 16:59 . 2008-09-10 16:59 <REP> d-------- C:\Program Files\Common Files\Solidworks Data

2008-09-10 16:55 . 2008-09-10 16:55 42 --a------ C:\Windows\trailer.xws

2008-09-10 11:17 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-10 11:17 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 11:17 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 11:17 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 11:17 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 11:17 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 11:17 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 11:17 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-10 11:17 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-06 18:32 . 2008-09-06 18:32 <REP> d-------- C:\Users\All Users\WindowsSearch

2008-09-06 18:32 . 2008-09-06 18:32 <REP> d-------- C:\PROGRA~2\WindowsSearch

2008-09-06 18:32 . 2002-09-28 20:09 505,104 --a------ C:\Windows\System32\msxml.dll

2008-09-06 18:32 . 2002-09-28 20:09 115,016 --a------ C:\Windows\System32\MSINET.OCX

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-05 13:23 --------- d-----w C:\Program Files\Transcode360

2008-10-05 13:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-10-05 11:11 --------- d-----w C:\Program Files\eMule

2008-10-05 11:11 --------- d-----w C:\PROGRA~2\eMule

2008-10-05 10:57 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy

2008-10-04 21:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-10-03 12:49 --------- d-----w C:\PROGRA~2\lx_cats

2008-10-01 12:11 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-01 12:11 --------- d-----w C:\Program Files\Red Storm Entertainment

2008-09-28 18:48 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-09-23 16:48 --------- d-----w C:\Program Files\DivX

2008-09-21 08:23 --------- d-----w C:\Program Files\Neuf

2008-09-14 13:27 139,600 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-09-14 13:26 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-09-11 17:46 --------- d-----w C:\Program Files\Electronic Arts

2008-09-11 07:26 --------- d-----w C:\PROGRA~2\Microsoft Help

2008-08-30 17:50 --------- d-----w C:\Program Files\id Software

2008-08-30 16:07 --------- d-----w C:\Program Files\EA GAMES

2008-08-28 13:12 --------- d-----w C:\Program Files\Ubi Soft

2008-08-28 13:02 89,360 ----a-w C:\Windows\System32\VB5DB.DLL

2008-08-28 13:02 69,632 ----a-w C:\Windows\System32\xmltok.dll

2008-08-28 13:02 36,864 ----a-w C:\Windows\System32\xmlparse.dll

2008-08-28 13:02 28,432 ----a-w C:\Windows\System32\msxmlr.dll

2008-08-28 13:02 26,064 ----a-w C:\Windows\System32\xmlinst.exe

2008-08-28 13:02 24,576 ----a-w C:\Windows\System32\msxml3a.dll

2008-08-28 09:17 --------- d-----w C:\Program Files\Windows Mail

2008-08-14 17:00 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-08-14 16:59 --------- d-----w C:\Program Files\Microsoft Games

2008-08-14 15:15 --------- d-----w C:\Program Files\Steam

2008-08-13 17:58 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-08 10:05 --------- d-----w C:\Program Files\Sun

2008-08-08 10:05 --------- d-----w C:\Program Files\Java

2008-08-06 17:19 --------- d-----w C:\Program Files\Max Payne

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll

2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll

2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll

2008-07-19 11:49 174 --sha-w C:\Program Files\desktop.ini

2008-07-19 11:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-07-19 11:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-14 14:45 35,332 ----a-w C:\Windows\uninst.exe

2008-03-01 09:03 31,744 ----a-w C:\Users\All Users\webcam.exe

2008-03-01 09:03 31,744 ----a-w C:\PROGRA~2\webcam.exe

2008-02-03 11:34 22,328 ----a-w C:\Users\Commun\AppData\Roaming\PnkBstrK.sys

2007-12-25 18:31 71,696 ----a-w C:\Users\Commun\AxDecrypt.exe

2007-10-20 09:42 382,352 ----a-w C:\Users\Commun\jre-6u3-windows-i586-p-iftw.exe

2007-10-14 14:39 1,271,557 ----a-w C:\Users\Commun\wrar371fr.exe

2007-10-09 07:02 24,536,608 ----a-w C:\Users\Commun\AdbeRdr810_fr_FR.exe

2008-07-04 19:37 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-07-04 19:37 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-07-04 19:37 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll

2008-03-16 12:30 216,064 --sh--r C:\Windows\System32\nbDX.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-10-05 2156368]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 37376]

"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-02-16 90112]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 267048]

"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]

"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]

"FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 185896]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]

"Transcode360"="C:\Program Files\Transcode360\Transcode360Tray.exe" [2006-12-10 196608]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

 

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WiFiStation.exe [2008-09-13 98304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.i420"= i420vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiSpywareOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2249935324-959544306-317576264-1000]

"EnableNotificationsRef"=dword:00000004

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{0530733A-5BE3-4F88-87A7-3ADAC4651491}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{46E9F6F1-FDD9-4BB4-9B81-B746EE440428}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"TCP Query User{33477EA5-7780-4479-A5F1-4AC62A3EEBA2}C:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:C:\program files\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded

"UDP Query User{2DC8C0C3-FD20-4A80-A0C2-EAF7AA32BA4C}C:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:C:\program files\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded

"{862239C0-7EFB-4341-BE90-B09AB02B48AD}"= UDP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2

"{B58259D7-D440-4559-A9B8-1BD61AFC68E4}"= TCP:C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:Battlefield 2

"TCP Query User{0651CEAF-D90B-4F7F-89B4-C6B042F0860E}C:\\program files\\club-internet\\assistance\\updatehitachi\\maj_hitachi.exe"= UDP:C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe:Firmware Upgrader Hitachi

"UDP Query User{3AD65A66-CA17-4A76-A151-933C586DE207}C:\\program files\\club-internet\\assistance\\updatehitachi\\maj_hitachi.exe"= TCP:C:\program files\club-internet\assistance\updatehitachi\maj_hitachi.exe:Firmware Upgrader Hitachi

"TCP Query User{BF22745A-973A-4EC3-BC48-0DCAC76FC9C3}C:\\program files\\steam\\steamapps\\lloyd_banks03\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\lloyd_banks03\counter-strike source\hl2.exe:hl2

"UDP Query User{8708D067-430F-431A-BDA7-A668BB3AC0AE}C:\\program files\\steam\\steamapps\\lloyd_banks03\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\lloyd_banks03\counter-strike source\hl2.exe:hl2

"TCP Query User{8DEE5377-2167-48BB-BA43-2BCBAE7BE67D}C:\\users\\commun\\appdata\\local\\temp\\wzse0.tmp\\b\\wpadvisor.exe"= UDP:C:\users\commun\appdata\local\temp\wzse0.tmp\b\wpadvisor.exe:wpadvisor.exe

"UDP Query User{2D860630-357C-4037-B7F4-A4ACD241E5E6}C:\\users\\commun\\appdata\\local\\temp\\wzse0.tmp\\b\\wpadvisor.exe"= TCP:C:\users\commun\appdata\local\temp\wzse0.tmp\b\wpadvisor.exe:wpadvisor.exe

"TCP Query User{1DAB892D-99BC-4062-9412-70E828D0E6E9}C:\\program files\\blue coat systems\\winproxy 6\\proxylog.exe"= UDP:C:\program files\blue coat systems\winproxy 6\proxylog.exe:proxylog

"UDP Query User{19D65F80-8C34-4BDC-9293-2249B1A1323F}C:\\program files\\blue coat systems\\winproxy 6\\proxylog.exe"= TCP:C:\program files\blue coat systems\winproxy 6\proxylog.exe:proxylog

"TCP Query User{0F7C7FF2-2A6A-4C46-97A1-15F7E6AF64D4}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader

"UDP Query User{2AF2F1FA-BC16-4D55-B7ED-71B02E89FED9}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader

"TCP Query User{BB5D958D-4F80-4C8C-978C-BBE9DCC0AEC2}C:\\windows\\temp\\navbrowser.exe"= UDP:C:\windows\temp\navbrowser.exe:navbrowser.exe

"UDP Query User{E59C87F0-144D-46BC-88CD-D66FD2AEB9FB}C:\\windows\\temp\\navbrowser.exe"= TCP:C:\windows\temp\navbrowser.exe:navbrowser.exe

"TCP Query User{C535DAF0-1FD7-42E3-AC32-644B7EAE04FF}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{2CB45351-D3D4-4176-8759-B002936136D1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{538B6813-6186-4351-A856-816F5406B4AA}"= UDP:80:80

"{C10CABB9-0516-4544-BA69-D4086CDFA8C1}"= UDP:8080:8080

"{8A2FB675-985C-4B8F-B4D5-2DD6D60ED284}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{7AC3B0DB-3F95-4076-81E7-806584523B0D}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{FC340B5B-5230-4B8B-A243-0F9916A596E5}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{8AA56FFF-F508-4DC0-AD11-1600BDEC0A35}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{C31379E9-C1FF-4C1B-AB23-0486C4B57DDC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{14909CF3-7F4A-482D-BA4C-72FE0B29837E}"= UDP:C:\Program Files\Midway Home Entertainment\Stranglehold Demo\Binaries\Retail-Stranglehold.exe:Stranglehold Demo

"{A51A47C9-F21C-41A1-A825-883DCB5AE1FC}"= TCP:C:\Program Files\Midway Home Entertainment\Stranglehold Demo\Binaries\Retail-Stranglehold.exe:Stranglehold Demo

"TCP Query User{F1CC3B73-C3CD-4356-9B10-BE6E9A6524BC}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{2AD2F90C-233B-42D2-917F-10B071440D96}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"TCP Query User{69C31266-9C52-44AB-B946-2852D4B67114}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

"UDP Query User{5CC41231-C660-4330-BA07-63E265DB7A91}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

"TCP Query User{6E98FF91-F74A-43D8-AFA1-A885AF3A0EE9}C:\\users\\commun\\appdata\\local\\temp\\_pa274\\repairtoto.exe"= UDP:C:\users\commun\appdata\local\temp\_pa274\repairtoto.exe:repairtoto.exe

"UDP Query User{BE674C25-B08C-4061-9A8D-DE3AF7B038D6}C:\\users\\commun\\appdata\\local\\temp\\_pa274\\repairtoto.exe"= TCP:C:\users\commun\appdata\local\temp\_pa274\repairtoto.exe:repairtoto.exe

"TCP Query User{0BFA50DF-0BEB-4DC8-B3B9-95FE08279417}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam

"UDP Query User{6750A368-11C6-43F5-9729-DB9284C14EA2}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam

"TCP Query User{9F684172-FF99-47C9-A14F-14E398B4941F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{D6B697C2-4888-4851-A5BE-CADF899DDB28}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"{C7D0E959-179D-4EEE-A70B-4E03DF20EF4B}"= UDP:C:\Program Files\DreamCatcher\Painkiller Overdose Demo\Bin\OverdoseDemo.exe:Painkiller Overdose Demo

"{D5B576FC-A51D-4B51-840A-7B2A946DB946}"= TCP:C:\Program Files\DreamCatcher\Painkiller Overdose Demo\Bin\OverdoseDemo.exe:Painkiller Overdose Demo

"{CF760DBA-24F9-40BC-9881-2B490307F06D}"= UDP:3724:Blizzard Downloader: 3724

"TCP Query User{09F85533-E997-4AD4-9985-A54EE9E36C90}C:\\users\\commun\\desktop\\core\\core\\mangosd.exe"= UDP:C:\users\commun\desktop\core\core\mangosd.exe:mangosd.exe

"UDP Query User{A9C082E5-6D57-4BB3-B358-E9CB6916DF6B}C:\\users\\commun\\desktop\\core\\core\\mangosd.exe"= TCP:C:\users\commun\desktop\core\core\mangosd.exe:mangosd.exe

"TCP Query User{AA461569-ACF3-4B24-A123-21C65D280122}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps

"UDP Query User{2E07DB1F-1883-4AB6-9EE2-EBA7A016EEB9}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps

"{89BCD43F-0AE7-4496-A0EA-5272CC95EE2B}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{779333E5-176F-42AF-B325-73575928300B}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{5E27F897-0ABD-4337-86FB-390145DD4782}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{9D0DA76D-564F-457B-9E01-EC25C1AD40BC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{0A3BCE20-47C3-4DB7-AA99-092531D812A7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{C6FBD172-A868-4EEA-B36C-D976E532CAB6}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{C02876E4-87E0-45FB-A4F6-AE1CC7E5BAB4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{D8B634B1-6C9A-4126-AFFA-9D23282D7DF0}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{DE4FB1B7-4B4B-4821-B6A0-C6108F602F89}C:\\program files\\id software\\quake 4 multiplayer demo\\quake4.exe"= UDP:C:\program files\id software\quake 4 multiplayer demo\quake4.exe:Quake 4

"UDP Query User{BA6BCA79-8AD4-42DB-BC36-C52EB6A0C374}C:\\program files\\id software\\quake 4 multiplayer demo\\quake4.exe"= TCP:C:\program files\id software\quake 4 multiplayer demo\quake4.exe:Quake 4

"TCP Query User{2E8FF36C-9B12-4027-AB1B-291FAEEA25C8}C:\\program files\\id software\\quake 4 demo\\quake4.exe"= UDP:C:\program files\id software\quake 4 demo\quake4.exe:Quake 4

"UDP Query User{D04375D0-8EF7-4595-A67C-D8C953F1434C}C:\\program files\\id software\\quake 4 demo\\quake4.exe"= TCP:C:\program files\id software\quake 4 demo\quake4.exe:Quake 4

"TCP Query User{96DF4F7C-0861-42FC-98E7-6B19F93B9B33}C:\\program files\\pinnacle\\mediacenter\\pmc.exe"= UDP:C:\program files\pinnacle\mediacenter\pmc.exe:

"UDP Query User{111A6560-0F4E-427E-AC79-7C4508C1A9C8}C:\\program files\\pinnacle\\mediacenter\\pmc.exe"= TCP:C:\program files\pinnacle\mediacenter\pmc.exe:

"{4B8C2550-D974-49AC-88E6-675BDB3C67CF}"= UDP:C:\Users\Commun\Downloads\eMule\Incoming\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{86A90D70-9C14-4B3D-93A2-60415B03410C}"= TCP:C:\Users\Commun\Downloads\eMule\Incoming\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"TCP Query User{05EFE469-E82B-418F-9ACD-9DA77E653558}C:\\users\\commun\\downloads\\emule\\incoming\\call.of.duty.4.modern.warfare.full.rip-skullptura.[jackpot]\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\users\commun\downloads\emule\incoming\call.of.duty.4.modern.warfare.full.rip-skullptura.[jackpot]\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe

"UDP Query User{1AD83CEF-BE25-4F24-8E54-FDE050D11244}C:\\users\\commun\\downloads\\emule\\incoming\\call.of.duty.4.modern.warfare.full.rip-skullptura.[jackpot]\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\users\commun\downloads\emule\incoming\call.of.duty.4.modern.warfare.full.rip-skullptura.[jackpot]\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe

"{059A51F9-AEFA-4CA7-869F-DA962CB852A5}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{1D5A3733-8F89-4EC5-BA70-BEAEE3567F7F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{A8B4F0B9-BC43-4418-831F-12D467BF8F94}"= UDP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu\game.dat:La Bataille pour la Terre du Milieu

"{E1006043-ABC4-47A2-897C-B3ECFB30B2A5}"= TCP:C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu\game.dat:La Bataille pour la Terre du Milieu

"{40621493-D470-4A91-84D6-ABA0B6D8F7C2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{95CCA3BA-4253-4CB2-A369-05664D8E446F}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{55E01552-FCFE-47A5-95A8-9C7FC2FAF8DA}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{D5764C06-F744-4EE0-8F9B-11F40FF7DBC8}"= UDP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System

"{91EA1527-2CDC-41CC-8D6C-4729913CBBA7}"= TCP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System

"{11154FC6-A497-4FB5-9784-7D334FA52BDC}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor

"{C0F4A6FF-BD95-4DED-8DBC-AE72433BD9BD}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor

"{D7A3C12B-0963-4DA3-BA8D-720C930EEB4F}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio

"{E9099265-E1BF-49C5-9DB3-F642CB4FAB1B}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio

"{6A6E36D3-9833-4674-A23C-E8F12E7ED835}"= UDP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader

"{37EB0E45-91F1-4269-B0E2-E0EA5B9462FF}"= TCP:C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader

"{EA99108B-E23F-457A-AD8F-F42175A66C40}"= UDP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software

"{1BDAC1A6-F8CE-4A1F-909F-46815BE93089}"= TCP:C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:Fax software

"{00DE48B2-B8EB-4B6A-A3E1-FDBD8D47183F}"= UDP:C:\Users\Commun\AppData\Local\Temp\lxdi\wireless\FRENCH\lxdiwpss.exe:

"{FD1DE1A6-042F-4C72-8335-79E9762B92A7}"= TCP:C:\Users\Commun\AppData\Local\Temp\lxdi\wireless\FRENCH\lxdiwpss.exe:

"{52D220B8-DF76-498D-A17F-703E7A04D81C}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor

"{0F71D672-3FF5-4FF6-A0BC-144E1D1C6E7F}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor

"TCP Query User{D7D83E7F-5DA7-42C1-BF07-6E33DEE0E0A5}C:\\windows\\system32\\electricsheep.scr"= UDP:C:\windows\system32\electricsheep.scr:ElectricSheep

"UDP Query User{08799F94-85CB-4D58-AA11-2998EEBFC762}C:\\windows\\system32\\electricsheep.scr"= TCP:C:\windows\system32\electricsheep.scr:ElectricSheep

"TCP Query User{6E1198CF-AE5C-4556-9BCC-877ED7DE4BBD}C:\\program files\\qq\\africa2003\\qq.exe"= UDP:C:\program files\qq\africa2003\qq.exe:QQ

"UDP Query User{38620135-8B9F-4560-8C7D-2224D33D594C}C:\\program files\\qq\\africa2003\\qq.exe"= TCP:C:\program files\qq\africa2003\qq.exe:QQ

"TCP Query User{EB37AC30-076E-4F8D-B884-2183F98B5010}L:\\nicolas\\call.of.duty.4.modern.warfare.full.rip-skullptura.[jackpot]\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:L:\nicolas\call.of.duty.4.modern.warfare.full.rip-skullptura.[jackpot]\call of duty 4 - modern warfare\iw3mp.exe:iw3mp

"UDP Query User{CFE23F75-FD32-424F-9F91-9FD569772D36}L:\\nicolas\\call.of.duty.4.modern.warfare.full.rip-skullptura.[jackpot]\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:L:\nicolas\call.of.duty.4.modern.warfare.full.rip-skullptura.[jackpot]\call of duty 4 - modern warfare\iw3mp.exe:iw3mp

"TCP Query User{8A634B6F-9B6D-4DEF-A79D-E2F1600272D0}C:\\program files\\popcap games\\zuma deluxe\\zuma.exe"= UDP:C:\program files\popcap games\zuma deluxe\zuma.exe:Zuma

"UDP Query User{C74CE05E-A214-4922-8AAD-CDD1835A8DB8}C:\\program files\\popcap games\\zuma deluxe\\zuma.exe"= TCP:C:\program files\popcap games\zuma deluxe\zuma.exe:Zuma

"TCP Query User{F1869A28-B58F-4750-8997-8CDCA12E859F}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer

"UDP Query User{57C376BF-67D4-4B36-9684-D68F7AB72CC6}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer

"TCP Query User{ADF5B7A3-8856-487B-AB3A-94BCA8BBFB72}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{F7B96102-FE31-4EE3-8B7D-0E0D169DB04B}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"TCP Query User{CF866959-C503-4EF6-96FC-DD7E118D2F50}C:\\program files\\steam\\steamapps\\lloyd_banks03\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\lloyd_banks03\source sdk base\hl2.exe:hl2

"UDP Query User{5AD244FE-B54A-40B9-B4DD-1DCF7B6C6C32}C:\\program files\\steam\\steamapps\\lloyd_banks03\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\lloyd_banks03\source sdk base\hl2.exe:hl2

"TCP Query User{08B04179-B5A2-4F9C-87C4-CC026329125B}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{3F0FA018-024F-42C2-849C-071D057499F2}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{F8A06FBE-D1B6-4256-9145-9F2ACC52A61A}C:\\program files\\steam\\steamapps\\lloyd_banks03\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\lloyd_banks03\day of defeat source\hl2.exe:hl2

"UDP Query User{BFF6ECF5-E2B8-41F6-9C66-A5D392B1A1B6}C:\\program files\\steam\\steamapps\\lloyd_banks03\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\lloyd_banks03\day of defeat source\hl2.exe:hl2

"{D56E7153-A47C-4D9D-ACC2-7FC29713CEA2}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{8E54999B-201C-40B4-9860-EC8B400DA370}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{1FE9714B-5599-47E3-B050-E425F2ACE04F}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{F1768EEA-FA39-48A3-BEF7-8615DA6E05F1}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{F2897429-F435-45C6-B4D3-C3810608952A}"= UDP:6869:emule

"{E5FFD668-21E3-4B22-A6E7-7BDAB590A058}"= TCP:6879:emule 2

"TCP Query User{74EEE8D2-9A49-4FAD-A64D-D62E48126DC4}C:\\program files\\steam\\steamapps\\lloyd_banks03\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\lloyd_banks03\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{64D8ED86-9DB2-4316-936B-AAFF416F99EA}C:\\program files\\steam\\steamapps\\lloyd_banks03\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\lloyd_banks03\half-life 2 deathmatch\hl2.exe:hl2

"TCP Query User{4E7518F7-455B-4724-90B1-DEA82D7C9668}C:\\program files\\transcode360\\transcode360tray.exe"= UDP:C:\program files\transcode360\transcode360tray.exe:

"UDP Query User{04548152-65B1-4E04-8A83-BA5F0EDE8E0A}C:\\program files\\transcode360\\transcode360tray.exe"= TCP:C:\program files\transcode360\transcode360tray.exe:

"TCP Query User{6AFF27F3-7832-4274-BAA6-E4030CBFD018}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II

"UDP Query User{79B156BD-FC1D-4AC0-81A7-09BF46053C53}C:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:C:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II

"TCP Query User{9FC0A562-9239-40BE-B03A-9572EF01FA31}C:\\program files\\transcode360\\transcode360tray.exe"= UDP:C:\program files\transcode360\transcode360tray.exe:

"UDP Query User{81594CAD-9A72-498E-92B7-E3104B953D87}C:\\program files\\transcode360\\transcode360tray.exe"= TCP:C:\program files\transcode360\transcode360tray.exe:

"{1DB18A16-821F-4DC2-BED3-6A0B39E8326F}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{DA154C0F-AD2F-40A6-82CE-021CE8826AF1}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{886EC92A-28E4-418F-BE60-9B95DA808508}"= UDP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)

"{4804556A-D6A6-467D-9D09-7BF1D908EDE3}"= TCP:C:\Program Files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)

"TCP Query User{243067FD-DB6B-4675-AE78-93DD020305B1}C:\\program files\\neuf\\media center\\httpd\\httpd.exe"= UDP:C:\program files\neuf\media center\httpd\httpd.exe:Apache HTTP Server

"UDP Query User{0FCD4248-78FA-4059-9043-C1DD415C779E}C:\\program files\\neuf\\media center\\httpd\\httpd.exe"= TCP:C:\program files\neuf\media center\httpd\httpd.exe:Apache HTTP Server

 

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

R2 lxdi_device;lxdi_device;C:\Windows\system32\lxdicoms.exe [2007-04-26 517040]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]

S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 99248]

S3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 576680]

S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 256000]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-01 87288]

S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]

S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\Windows\system32\DRIVERS\emBDA.sys [2006-02-08 217216]

S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2006-02-08 17792]

S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 24635]

S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [ ]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\shell\AutoRun\command - I:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17bbe61d-c8e2-11dc-91c8-0019db531394}]

\shell\AutoRun\command - setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50b3d3ba-11d1-11dd-b6c0-0019db531394}]

\shell\AutoRun\command - J:\setupSNK.exe

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-eMuleAutoStart - C:\Program Files\eMule\emule.exe

 

 

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\Users\Commun\AppData\Roaming\Mozilla\Firefox\Profiles\i5rncyji.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

FF -: plugin - C:\Program Files\Neuf\TV_PC\VLC\npvlc.dll

FF -: plugin - C:\Users\Commun\AppData\Roaming\Mozilla\Firefox\Profiles\i5rncyji.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-05 15:43:20

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

C:\Windows\System32\nvvsvc.exe

C:\Windows\System32\audiodg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\Windows\System32\PnkBstrA.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\conime.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2008-10-05 15:50:21 - La machine a redémarré [Commun]

ComboFix-quarantined-files.txt 2008-10-05 13:50:14

 

Avant-CF: 37,483,937,792 octets libres

Après-CF: 40,087,203,840 octets libres

 

548 --- E O F --- 2008-10-03 06:54:42

 

 

Je me retrouve avec ça? C'est bon signe ?

[pear]

Cela fait un sacré nettoyage!

 

bagle détruit généralement les protectios.

Vous utilisiez Avast.

A propos d'Avast

 

Avast vs Antivir

vous pouvez utiliser cet outil de suppression d'Avast!

Supprimer Avast

Il est conseillé de redémarrer l'ordinateur une fois Avast! désinstallé.

 

Télécharger Avira AntiVir Personal

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

 

Paramètres conseillés

Clic droit sur le parapluie->Configure

Cliquer Expert mode->Scan:

Cocher: All files

Additionnal Settings:tout cocher

Clic sur scan +

Action for concerning files:

Cocher

copie file to quarantine before action

Primary action...................: repair => au cas ou ce serait un fichier système corrompu

Secondary action.................: delete => s'il y a détection, autant supprimer. une sauvegarde sera dans la quarantaine

 

Désactivez votre antivirus actuel

Redémarrez en mode sans échec.

Lancez le scan

Postez le rapport