virus vicieux (antivir et Hijackthis bloqués...)
Hors ligneRafiti Le 04/05/2009 Ă  11:59 Profil de Rafiti Configuration de Rafiti

Bonjour,
je viens d'attraper un virus sur mon ordi qui a pour effet de:
bloquer le lancement de plusieurs logiciels et notamment "antivir" qui m'aurait bien aidé ainsi que Hijackthis (donc pas de rapport possible)...
Il me semble que mon ordi a plus de son aussi, bref plein de symptômes qui pénalise grandement ma machine...
je précise que je pense avoir choper ça en installant une application d'un logiciel (gratuit pr un essais)... voilà..; merci de m'aider car je sais pas ce que je peux faire du coup avec tous ces élément bloqués...
Hors ligneMister_masque Le 04/05/2009 Ă  12:38 Profil de Mister_masque Configuration de Mister_masque

Salut,



Tu a été infecté par Bagle, c'est une infection très dur à éradiquer ... Elle s'attrape principalement en téléchargeant des cracks piégés sur P2P (Emule & Limewire). Bagle supprime les antivirus, firewall et t'empêche d'en installer des nouveaux.

Sache que cette infection n'est plus traité sur nombre de forum, car tu as téléchargé un crack (se qui est bête et illégale).


N'essaye pas de redémarrer en Mode sans échec, Bagle a pu détruire les clés SafeBoot.



Supprime tous les cracks téléchargés.

A lire : Les dangers des cracks



Suis ces instructions à la lettre, sinon tu risque d'endommager Windows !



  • Télécharge FindyKill sur ton Bureau et exécute le.
  • La fenêtre d'installation se lance. Clique sur "Suivant" puis accepte les conditions: Je suis d'accord avec les termes et conditions ci-dessus et re-clique sur "Suivant".
  • Clique encore sur "Suivant" en laissant le répertoire par défaut, si un message de confirmation s'affiche, accepte.
  • Clique sur "Démarrer", l'installation va s'effectuer puis clique sur "Quitter".



Pour utiliser FindyKill:

  1. Une icône est apparue sur le Bureau, double-cliquer sur FindyKill
  2. Une fenêtre noir apparait, sélectionner L'option 1 : Recherche permet de rechercher l'infection: Pour ce faire, sur le menu principal, tapes sur la touche 1 du clavier puis valides par entrée
  3. Le processus explorer.exe va s'arrêtait, la barre de tache et le bureau risque de disparaitre, laisser faire et patienter
  4. Quand la recherche est terminée, appuyes sur n'importe quelle touche pour afficher le rapport
  5. Cliquez sur le menu Édition puis Sélectionner tout. Cliquez à nouveau sur le menu Édition puis copier.
  6. Coller le rapport sur ce forum en créant un nouveau message





Bon courage !

--
Hors ligneRafiti Le 04/05/2009 Ă  13:00 Profil de Rafiti Configuration de Rafiti

9a fait flipper... merci de ton aide, voici le rapport damandé



############################## [ FindyKill V4.728 ]

# User : raph (Administrateurs) # RAPH-76CF381DCF
# Update on 03/05/09 by Chiquitine29
# Start at: 12:51:06 | 04/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

#               Intel(R) Pentium(R) 4 CPU 2.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]

# C:\ # Disque fixe local # 189,91 Go (5,47 Go free) [Dantes] # NTFS
# E:\ # Disque fixe local # 465,76 Go (688,52 Mo free) [L'ELU] # NTFS
# Q:\ # Disque fixe local # 298,09 Go (9,09 Go free) [KOUINI] # NTFS
# W:\ # Disque CD-ROM
# Z:\ # Disque fixe local # 279,47 Go (1,53 Go free) [Ulysse] # NTFS

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\raph\Application Data\drivers\winupgro.exe
C:\Documents and Settings\raph\Application Data\m\flec006.exe
C:\Program Files\Silicon Image\SiICfg\SiICfg.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\system32\wintems.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Processus infectieux stoppés ]  

"C:\Documents and Settings\raph\Application Data\drivers\winupgro.exe"  (1324)
"C:\Documents and Settings\raph\Application Data\m\flec006.exe"  (1404)
"C:\WINDOWS\system32\wintems.exe"  (4008)

################## [ Fichiers / Dossiers infectieux ]

Found ! C:\WINDOWS\Prefetch\15203406.EXE-09893C81.pf
Found ! C:\WINDOWS\Prefetch\15292875.EXE-1D36FE36.pf
Found ! C:\WINDOWS\Prefetch\15410546.EXE-259D05D3.pf
Found ! C:\WINDOWS\Prefetch\15434781.EXE-33AE3E9D.pf
Found ! C:\WINDOWS\Prefetch\15715687.EXE-33FE24CE.pf
Found ! C:\WINDOWS\Prefetch\222109.EXE-0705D04E.pf
Found ! C:\WINDOWS\Prefetch\30283062.EXE-122696BC.pf
Found ! C:\WINDOWS\Prefetch\30362640.EXE-0910DB5C.pf
Found ! C:\WINDOWS\Prefetch\30473265.EXE-036BCEF7.pf
Found ! C:\WINDOWS\Prefetch\30498953.EXE-1042C9DC.pf
Found ! C:\WINDOWS\Prefetch\30775609.EXE-3A3EC0B9.pf
Found ! C:\WINDOWS\Prefetch\33536406.EXE-0FB49C20.pf
Found ! C:\WINDOWS\Prefetch\33610906.EXE-1F5F781F.pf
Found ! C:\WINDOWS\Prefetch\358937.EXE-048039E8.pf
Found ! C:\WINDOWS\Prefetch\414578.EXE-3856DE11.pf
Found ! C:\WINDOWS\Prefetch\439125.EXE-25566ECE.pf
Found ! C:\WINDOWS\Prefetch\48119640.EXE-2A4D0FC5.pf
Found ! C:\WINDOWS\Prefetch\737484.EXE-0283EFE4.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-084DD214.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-3B00332D.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2B1270B6.pf
Found ! C:\WINDOWS\system32\ban_list.txt
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! "C:\Documents and Settings\raph\Application Data\drivers"
Found ! "C:\Documents and Settings\raph\Application Data\drivers\downld"
Found ! "C:\Documents and Settings\raph\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\raph\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\raph\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\raph\Application Data\m"
Found ! "C:\Documents and Settings\raph\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\raph\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\raph\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\raph\Application Data\m\shared"
Found ! "C:\Documents and Settings\raph\Application Data\m\srvlist.oct"

################## [ Infected Temp Files ]

Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\b64[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\b64_1[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\b64_3[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\b64_3[2].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\b64_3[3].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\file[1].txt  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\mxd[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_1[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_1[2].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_1[3].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[2].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[3].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[4].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[5].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[6].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\mxd[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64[2].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64[3].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64_1[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64_1[2].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64_1[3].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64_3[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\file[1].txt  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64[2].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_1[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_1[2].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_1[3].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_1[4].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_1[5].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_3[1].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_3[2].jpg  
Found ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_3[3].jpg  
Found ! C:\Documents and Settings\raph\Cookies\raph@cuntcrack[2].txt  
Found ! C:\Documents and Settings\raph\Cookies\raph@www.cuntcrack[2].txt  

################## [ Registre / Clés infectieuses ]

Found ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\Local AppWizard-Generated Applications\run  
Found ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro  
Found ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\bisoft  
Found ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\DateTime4  
Found ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\FFC  
Found ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\MuleAppData  
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run  
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S  
Found ! HKEY_CURRENT_USER\Software\bisoft  
Found ! HKEY_CURRENT_USER\Software\DateTime4  
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"  
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"  
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"  

# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

################## [ Recherche dans supports amovibles]


################## [ Registre / Mountpoints2 ]

# -> Not found !  

################## [ ! Fin du rapport # FindyKill V4.728 ! ]
Hors ligneMister_masque Le 04/05/2009 Ă  13:08 Profil de Mister_masque Configuration de Mister_masque

Salut,

Tu dois avoir une nouvelle variante, Antivir ne l'a étrangement pas repéré.

Relance Findy Kill avec l'option 2, poste le rapport.

# 1 - Recherche de l'infection







Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.


  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique sur Continue à l'écran Disclaimer en laissant les valeurs par défaut
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.



--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).


NB : Les deux rapports sont également sauvegardés dans le dossier: C:\rsit\



Rapport attendu:

  1. Rapport FindyKill (option 2)
  2. Rapport Log.txt
  3. Rapport info.txt

--
Hors ligneRafiti Le 04/05/2009 Ă  13:54 Profil de Rafiti Configuration de Rafiti

je poste déjà le rapport après l'opération"2"  de FindyKill (pas demandé)
et le rapport refait avec le même logiciel après coup option "1"... je vais faire le reste maintenant
Dans le premier rapport il parle du logiciel "aften", c'est ce petit logiciel de son que je voulais essayer qui je crois m'a infesté...
BON j'ai fait les autres rapport entre temps que j'edite sur ce même message:


############################## [ FindyKill V4.728 ]

# User : raph (Administrateurs) # RAPH-76CF381DCF
# Update on 03/05/09 by Chiquitine29
# Start at: 13:31:10 | 04/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

#               Intel(R) Pentium(R) 4 CPU 2.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]

# C:\ # Disque fixe local # 189,91 Go (5,48 Go free) [Dantes] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 465,76 Go (688,53 Mo free) [L'ELU] # NTFS
# Q:\ # Disque fixe local # 298,09 Go (9,09 Go free) [KOUINI] # NTFS
# W:\ # Disque CD-ROM
# Z:\ # Disque fixe local # 279,47 Go (1,53 Go free) [Ulysse] # NTFS

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\Prefetch\15203406.EXE-09893C81.pf  
Deleted ! C:\WINDOWS\Prefetch\15292875.EXE-1D36FE36.pf  
Deleted ! C:\WINDOWS\Prefetch\15410546.EXE-259D05D3.pf  
Deleted ! C:\WINDOWS\Prefetch\15434781.EXE-33AE3E9D.pf  
Deleted ! C:\WINDOWS\Prefetch\15715687.EXE-33FE24CE.pf  
Deleted ! C:\WINDOWS\Prefetch\222109.EXE-0705D04E.pf  
Deleted ! C:\WINDOWS\Prefetch\30283062.EXE-122696BC.pf  
Deleted ! C:\WINDOWS\Prefetch\30362640.EXE-0910DB5C.pf  
Deleted ! C:\WINDOWS\Prefetch\30473265.EXE-036BCEF7.pf  
Deleted ! C:\WINDOWS\Prefetch\30498953.EXE-1042C9DC.pf  
Deleted ! C:\WINDOWS\Prefetch\30775609.EXE-3A3EC0B9.pf  
Deleted ! C:\WINDOWS\Prefetch\33536406.EXE-0FB49C20.pf  
Deleted ! C:\WINDOWS\Prefetch\33610906.EXE-1F5F781F.pf  
Deleted ! C:\WINDOWS\Prefetch\358937.EXE-048039E8.pf  
Deleted ! C:\WINDOWS\Prefetch\414578.EXE-3856DE11.pf  
Deleted ! C:\WINDOWS\Prefetch\439125.EXE-25566ECE.pf  
Deleted ! C:\WINDOWS\Prefetch\48119640.EXE-2A4D0FC5.pf  
Deleted ! C:\WINDOWS\Prefetch\737484.EXE-0283EFE4.pf  
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-084DD214.pf  
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-3B00332D.pf  
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2B1270B6.pf  
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-1F2FE83B.pf  
Deleted ! C:\WINDOWS\system32\ban_list.txt  
Deleted ! C:\WINDOWS\system32\mdelk.exe  
Deleted ! C:\WINDOWS\system32\wintems.exe  
Deleted ! "C:\Documents and Settings\raph\Application Data\drivers\srosa2.sys"  
Deleted ! "C:\Documents and Settings\raph\Application Data\drivers\wfsintwq.sys"  
Deleted ! "C:\Documents and Settings\raph\Application Data\drivers\winupgro.exe"  
Deleted ! "C:\Documents and Settings\raph\Application Data\m\data.oct"  
Deleted ! "C:\Documents and Settings\raph\Application Data\m\flec006.exe"  
Deleted ! "C:\Documents and Settings\raph\Application Data\m\list.oct"  
Deleted ! "C:\Documents and Settings\raph\Application Data\m\srvlist.oct"  
Deleted ! "C:\Documents and Settings\raph\Application Data\drivers\downld"  
Deleted ! "C:\Documents and Settings\raph\Application Data\drivers"  
Deleted ! "C:\Documents and Settings\raph\Application Data\m\shared"  
Deleted ! "C:\Documents and Settings\raph\Application Data\m"  

################## [ Infected Temp Files ]

Deleted ! C:\Documents and Settings\raph\Cookies\raph@cuntcrack[2].txt  
Deleted ! C:\Documents and Settings\raph\Cookies\raph@www.cuntcrack[2].txt  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\b64[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\b64_1[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\b64_3[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\b64_3[2].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\b64_3[3].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\file[1].txt  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\4I67LJ34\mxd[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_1[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_1[2].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_1[3].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[2].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[3].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[4].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[5].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\b64_3[6].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\CBSRLTQA\mxd[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64[2].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64[3].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64_1[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64_1[2].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64_1[3].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\b64_3[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\D93KIVSA\file[1].txt  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64[2].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_1[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_1[2].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_1[3].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_1[4].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_1[5].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_3[1].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_3[2].jpg  
Deleted ! C:\Documents and Settings\raph\Local Settings\Temporary Internet Files\Content.IE5\L0ALTW66\b64_3[3].jpg  

################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa  
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa  
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA  
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA  
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s  
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s  
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S  
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S  
Deleted ! HKEY_CURRENT_USER\Software\bisoft  
Deleted ! HKEY_CURRENT_USER\Software\DateTime4  
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run  
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro  
Deleted ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\FFC  
Deleted ! HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\Software\MuleAppData  
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"  
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"  
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"  

################## [ Cleaning Removable drives ]


################## [ Registry / Mountpoint2 ]

# -> Not found !  

################## [ States / Restarting of services ]  

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3  
# Ip6Fw -> # Type of startup =2  
# SharedAccess -> # Type of startup =2  
# wuauserv -> # Type of startup =2  
# wscsvc -> # Type of startup =2  
# Safe boot mode restored !  

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\raph\Application Data\drivers\winupgro.exe
CRC32 .. : eac83766
MD5 .... : 2e227b1b3251cc18aaeedc68791d7ae9

Deleted ! : C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
# Taille : 851968 # MD5 : 2E227B1B3251CC18AAEEDC68791D7AE9

Deleted ! : E:\mular\00_IN\normal\Aften 0.08.zip
Contain run.exe [851968] with Bagle CRC32 : EAC83766


################## [ Corrupted files # Re-Installation required ]

C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgam.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgdiag.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgemc.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgnsx.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgtray.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgwdsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Program Files\backburner 2\monitor.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !  

################## [ ! End of Report # FindyKill V4.728 ! ]











l'operation 2
############################## [ FindyKill V4.728 ]

# User : raph (Administrateurs) # RAPH-76CF381DCF
# Update on 03/05/09 by Chiquitine29
# Start at: 13:48:39 | 04/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

#               Intel(R) Pentium(R) 4 CPU 2.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]

# C:\ # Disque fixe local # 189,91 Go (5,86 Go free) [Dantes] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 465,76 Go (689,44 Mo free) [L'ELU] # NTFS
# Q:\ # Disque fixe local # 298,09 Go (9,09 Go free) [KOUINI] # NTFS
# W:\ # Disque CD-ROM
# Z:\ # Disque fixe local # 279,47 Go (1,53 Go free) [Ulysse] # NTFS

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Silicon Image\SiICfg\SiICfg.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux ]


################## [ Infected Temp Files ]


################## [ Registre / Clés infectieuses ]



################## [ Recherche dans supports amovibles]


################## [ Registre / Mountpoints2 ]

# -> Not found !  

################## [ ! Fin du rapport # FindyKill V4.728 ! ]

























Logfile of random's system information tool 1.06 (written by random/random)
Run by raph at 2009-05-04 13:54:52
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 6 GB (3%) free of 194 GB
Total RAM: 1535 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:52, on 29/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Documents and Settings\raph\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Silicon Image\SiICfg\SiICfg.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\raph\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe"  -osboot
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SiICfg.lnk = C:\Program Files\Silicon Image\SiICfg\SiICfg.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: opvekl.dll,zyvywo.dll
O20 - Winlogon Notify: yaywvSIx - yaywvSIx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/raph/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

--
End of file - 7992 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-16 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-06-18 155648]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-04-13 49152]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-07-16 185896]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-03-12 81920]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2009-05-04 266497]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"WinampAgent"=C:\Program Files\Winamp3\winampa.exe [2002-07-23 12288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
SiICfg.lnk - C:\Program Files\Silicon Image\SiICfg\SiICfg.exe
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

C:\Documents and Settings\raph\Menu Démarrer\Programmes\Démarrage
Registration-Studio 8.lnk - C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-22 61440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\eMule.exe"="C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com h:
shell\Open\command - H:\resycled\ntldr.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d40f64d-3bc4-11dd-9df6-0014d139fc8a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com h:
shell\Open\command - "resycled\ntldr.c


======File associations======

.js - open - "Q:\logiciels_2006\Adobe CS3_web\Crack\Crack Adobe CS3 [Acrobat 8.0_After Effects_Contribute_Dreamweaver_Fireworks_Flash_Illustrator_InDesign_Photoshop] ® [camp@gnese]ℱ\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-05-04 13:48:36 ----A---- C:\FindyKill.txt
2009-05-04 12:50:19 ----D---- C:\FindyKill
2009-05-04 00:50:32 ----D---- C:\Program Files\Sonic
2009-05-03 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-05-02 16:26:22 ----D---- C:\Program Files\Vstplugins
2009-05-02 03:12:41 ----D---- C:\Program Files\VirtualDubMOD
2009-05-02 02:09:38 ----D---- C:\Documents and Settings\raph\Application Data\Publish Providers
2009-05-02 02:09:05 ----D---- C:\Documents and Settings\raph\Application Data\Sony
2009-05-02 01:41:00 ----D---- C:\Program Files\Sony
2009-05-02 01:39:00 ----D---- C:\Program Files\MSBuild
2009-05-02 01:34:29 ----D---- C:\WINDOWS\system32\XPSViewer
2009-05-02 01:34:26 ----D---- C:\WINDOWS\system32\en-us
2009-05-02 01:33:42 ----D---- C:\Program Files\Reference Assemblies
2009-05-02 01:33:10 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-05-02 01:28:27 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-05-02 00:46:37 ----D---- C:\Documents and Settings\raph\Application Data\Sony Setup
2009-05-02 00:46:17 ----D---- C:\Program Files\Sony Setup
2009-05-02 00:24:52 ----D---- C:\WINDOWS\system32\RNBOSENT
2009-05-02 00:24:52 ----A---- C:\WINDOWS\system32\SNTI386.DLL
2009-05-02 00:24:52 ----A---- C:\WINDOWS\system32\RNBOVDD.DLL
2009-05-02 00:24:47 ----D---- C:\Program Files\Minnetonka Audio Software
2009-05-02 00:24:34 ----D---- C:\_ISTMP1.DIR
2009-05-01 22:22:10 ----D---- C:\Program Files\AC3Filter
2009-05-01 13:11:05 ----D---- C:\Program Files\DVD Audio Extractor
2009-04-29 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-04-25 18:55:51 ----D---- C:\Program Files\Winamp3
2009-04-15 03:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 03:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-11 03:00:43 ----D---- C:\WINDOWS\system32\KB905474
2009-04-09 03:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-04-08 18:40:58 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-04-08 18:40:58 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-04-08 18:40:58 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-04-08 18:40:58 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-04-08 18:40:58 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-04-08 18:40:58 ----N---- C:\WINDOWS\system32\px.dll
2009-04-08 18:24:07 ----A---- C:\WINDOWS\IsUninst.exe
2009-04-08 18:24:04 ----D---- C:\WINDOWS\_ISTMP1.DIR
2009-04-08 14:58:36 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll
2009-04-08 14:58:36 ----RA---- C:\WINDOWS\system32\AdobePDF.dll
2009-04-08 09:30:45 ----D---- C:\Program Files\Winamp Toolbar
2009-04-08 09:27:16 ----N---- C:\WINDOWS\system32\pxafs.dll

======List of files/folders modified in the last 1 months======

2009-05-04 13:48:08 ----D---- C:\WINDOWS\system32
2009-05-04 13:48:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-04 13:48:00 ----D---- C:\Program Files\Mozilla Firefox
2009-05-04 13:47:18 ----A---- C:\WINDOWS\RTacDbg.txt
2009-05-04 13:47:14 ----AD---- C:\WINDOWS
2009-05-04 13:47:13 ----A---- C:\errlgr.txt
2009-05-04 13:32:33 ----D---- C:\WINDOWS\temp
2009-05-04 13:31:12 ----D---- C:\WINDOWS\Prefetch
2009-05-04 13:13:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-04 12:02:27 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-05-04 11:30:59 ----D---- C:\Program Files\MagicISO
2009-05-04 11:30:42 ----D---- C:\WINDOWS\system32\drivers
2009-05-04 11:15:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-04 10:54:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-04 10:24:33 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-04 10:22:57 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-04 10:22:57 ----D---- C:\Program Files\Adobe
2009-05-04 00:50:32 ----D---- C:\Program Files
2009-05-04 00:19:07 ----D---- C:\WINDOWS\Downloaded Installations
2009-05-03 21:37:15 ----D---- C:\Documents and Settings\raph\Application Data\dvdcss
2009-05-03 13:58:43 ----SHD---- C:\WINDOWS\Installer
2009-05-03 13:58:40 ----SHD---- C:\Config.Msi
2009-05-03 03:01:11 ----HD---- C:\WINDOWS\inf
2009-05-03 03:01:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-03 03:00:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-02 17:51:27 ----D---- C:\WINDOWS\Debug
2009-05-02 17:51:26 ----D---- C:\WINDOWS\Minidump
2009-05-02 11:26:30 ----D---- C:\Documents and Settings\raph\Application Data\Adobe
2009-05-02 11:19:04 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-05-02 10:37:08 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2009-05-02 10:37:07 ----D---- C:\Program Files\Fichiers communs\Autodesk Shared
2009-05-02 10:37:02 ----D---- C:\Program Files\backburner 2
2009-05-02 01:48:31 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-02 01:34:24 ----RSD---- C:\WINDOWS\Fonts
2009-05-02 01:33:22 ----D---- C:\WINDOWS\system32\spool
2009-05-02 01:30:19 ----D---- C:\WINDOWS\WinSxS
2009-05-02 01:29:47 ----D---- C:\Program Files\Internet Explorer
2009-05-02 00:25:25 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-05-02 00:25:25 ----A---- C:\WINDOWS\system32\lsprst7.dll
2009-05-01 00:36:03 ----D---- C:\Program Files\DVD Decrypter
2009-05-01 00:35:03 ----D---- C:\Program Files\SlySoft
2009-04-30 22:15:04 ----A---- C:\WINDOWS\win.ini
2009-04-29 12:54:36 ----D---- C:\Documents and Settings\raph\Application Data\AVS4YOU
2009-04-29 12:46:26 ----D---- C:\Program Files\AVS4YOU
2009-04-29 12:46:18 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2009-04-29 03:01:05 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-25 18:56:05 ----A---- C:\WINDOWS\winampa.ini
2009-04-16 03:01:27 ----D---- C:\WINDOWS\system32\fr-fr
2009-04-15 08:00:36 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 08:00:35 ----D---- C:\WINDOWS\AppPatch
2009-04-11 03:00:43 ----SD---- C:\WINDOWS\Tasks
2009-04-08 14:59:20 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-08 12:54:43 ----D---- C:\WINDOWS\security
2009-04-08 10:08:02 ----D---- C:\Fichiers de prévisualisation d'Adobe Premiere Pro
2009-04-08 09:30:35 ----D---- C:\Program Files\Windows Media Player
2009-04-08 09:30:33 ----D---- C:\WINDOWS\RegisteredPackages
2009-04-06 16:57:24 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-01-28 75072]
R1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board; C:\WINDOWS\system32\drivers\DCxxMJPG.sys [2002-06-04 132940]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-04-14 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-16 21035]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2008-12-28 73728]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-05-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-22 1522688]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-05-01 743367]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-05-03 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-08 14604]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-28 5888]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 215040]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-14 27264]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-05 57984]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S1 gaopdxserv.sys;gaopdxserv.sys; C:\WINDOWS\system32\drivers\gaopdxwiltliqh.sys []
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2005-01-19 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2009-01-13 68608]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-05-04 68865]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2009-05-04 151297]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-16 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-08 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2008-12-05 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-22 405504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------






# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\raph\Application Data\drivers\winupgro.exe
CRC32 .. : eac83766
MD5 .... : 2e227b1b3251cc18aaeedc68791d7ae9

Deleted ! : C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
# Taille : 851968 # MD5 : 2E227B1B3251CC18AAEEDC68791D7AE9

Deleted ! : E:\mular\00_IN\normal\Aften 0.08.zip
Contain run.exe [851968] with Bagle CRC32 : EAC83766


################## [ Corrupted files # Re-Installation required ]

C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgam.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgdiag.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgemc.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgnsx.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgtray.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgwdsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Program Files\backburner 2\monitor.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !  

################## [ ! End of Report # FindyKill V4.728 ! ]
Hors ligneMister_masque Le 04/05/2009 Ă  18:32 Profil de Mister_masque Configuration de Mister_masque

Hé ben ... Y a du boulot ... Tu fais vraiment n'importe quoi avec ton PC


# 1 - Suppression de l'infection



Télécharge, installe et met à jour MalwareBytes.

Aide: Un tutorial de MalwareBytes est disponible
Fait un examen complet de tout les lecteurs. Clique sur "Afficher les résultats" puis sur "Supprimer la sélection" et poste le rapport.



# 2 - AD-REMOVER



Télécharge AdRemover de Cyrildu17

  • Exécute le et installe le en cliquant sur suivant et en laissant les options par défaut
  • Exécute la nouvelle icône qui est apparu sur ton Bureau, clique sur "Ok" si une fenêtre apparait, pour choisir la langue tape F puis tape Entrée
  • Sélectionne l'option A (Recherche) avec la touche A et tape Entrée
  • Patiente, quand le scan et finit, appuie sur une touche pour afficher le rapport et psote le sur le forum



NB: Le rapport se trouve dans C:\Ad-Report-Date.log

==> Réinstalle Antivir
==> Désinstalle AVG Anti-spyware (obsolète)


Rapport attendu

  1. Rapport MalwareBytes
  2. Rapport Ad-Remover



@+

--
Hors ligneRafiti Le 05/05/2009 Ă  00:01 Profil de Rafiti Configuration de Rafiti

Les 2 rapports demandés


Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2074
Windows 5.1.2600 Service Pack 2

04/05/2009 23:59:57
mbam-log-2009-05-04 (23-59-57).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 268448
Temps écoulé: 1 hour(s), 31 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B409C46-8E8D-4DB4-99E9-9E9234ED787A}\RP411\A0229696.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B409C46-8E8D-4DB4-99E9-9E9234ED787A}\RP413\A0229818.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B409C46-8E8D-4DB4-99E9-9E9234ED787A}\RP413\A0229845.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B409C46-8E8D-4DB4-99E9-9E9234ED787A}\RP414\A0229891.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B409C46-8E8D-4DB4-99E9-9E9234ED787A}\RP414\A0230364.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5B409C46-8E8D-4DB4-99E9-9E9234ED787A}\RP414\A0230411.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
E:\mular\00_IN\normal\Sound Forge 9.0c + Vegas Pro 8.0 + DVD Architect Pro 4.5 + keygen\keygen MP3 plug-in.exe (Trojan.Downloader) -> Quarantined and deleted successfully.





------- LOGFILE OF AD-REMOVER 1.1.3.5 | ONLY XP/VISTA -------

Updated by C_XX on 03/05/2009 at 11:10
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

Start at:  0:14:58, 05/05/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XPℱ  Service Pack 2 (version 5.1.2600)
Computer Name: RAPH-76CF381DCF
Current User: raph - Administrator
Drive(s):
- C:\  (File System: NTFS)
- E:\  (File System: NTFS)
- G:\  (File System: FAT32)
- Q:\  (File System: NTFS)
- Z:\  (File System: NTFS)

============ Known Adwares Found ============

.
.
C:\Documents and Settings\raph\Application Data\Mozilla\Firefox\Profiles\a9hcpcj7.default\EBSuggestHistory
C:\Documents and Settings\raph\Application Data\Mozilla\Firefox\Profiles\a9hcpcj7.default\searchplugins\conduit.xml
C:\Documents and Settings\raph\Cookies\raph@atdmt[2].txt
C:\Documents and Settings\raph\Cookies\raph@bs.serving-sys[1].txt

+-----------------| Eorezo Elements Found:

HKCU\Software\EoRezo
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.10 ----

ProfilePath: a9hcpcj7.default (raph)
.
Prefs.js: Browser.Search.SelectedEngine:  "Softonic_France Customized Web Search"
Prefs.js: Browser.Search.DefaultUrl:  "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351374&SearchSource=3&q="
.
(Prefs.js) FOUND: user_pref("CT1351374.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
(Prefs.js) FOUND: user_pref("CT1351374.CTPBaseServerUrl", "http://grouping.services.conduit.com/");
(Prefs.js) FOUND: user_pref("CT1351374.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351374&SearchSource=2&q=");
(Prefs.js) FOUND: user_pref("CT1351374.Server", "http://users.conduit.com");
(Prefs.js) FOUND: user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351374&SearchSource=3&q=");
(Prefs.js) FOUND: user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351374&SearchSource=2&q=");
.
Invalidprefs.js: Browser.Search.SelectedEngine:  "Search"
.
(Invalidprefs.js) FOUND: user_pref("yƓuser_pref("browser.startup.homepage", "http://y.lo.st");
.
.

---- Internet Explorer Version 7.0.5730.13 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla

[HKEY_USERS\S-1-5-21-436374069-1563985344-725345543-1003\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

3552 Byte(s) - C:\Ad-Report-Scan-05.05.2009.log

1 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at:  0:30:52 | 05/05/2009
.
+-----------------| E.O.F
.
Hors ligneMister_masque Le 05/05/2009 Ă  11:47 Profil de Mister_masque Configuration de Mister_masque

keygen MP3 plug-in.exe 

Sa c'est pas malin ... Faudrait arreter de télécharger des cracks, quand on sait pas les choisir
Ta Windows Professional ... Surement une version piraté également .. Donc pas de mise à jours = vulnérable.
Lit la documentation, ce n'est pas pour t'embêter, mais je ne te désinfecterais qu'une fois, j'espère que tu suivras bien les conseils données quand on aura terminé

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys 

Rootkit gaod* ... Va falloire utiliser Combofix. Sache que vu le nombre impressionnant d'infection, ta machine peut devenir instable, n'hésite pas à faire des remarques.


D'abord :

# 1 - AD-REMOVER





Selectionne l'option B (clean), puis 1 (Adware connue) et 2 (Eorezo), puis  S (Supprimer), confirme avec o, appuye sur une touche et poste le rapport.




# 2 - Combofix

Désactive les logiciels de protection (Antivir) puis :



Télécharge Combofix sUBs : Combofix.exe

et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Accepte l'installation de la console de récupération

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.


On est sur le bonne voix
--
Hors ligneRafiti Le 05/05/2009 Ă  16:26 Profil de Rafiti Configuration de Rafiti

Dslé pr mon statut de mauvais élève. merci encore de m'aider néanmoins, il est clair que toutes ces infections me refroidissent quand à mes futurs demarches informatiques et emule notamment....
BREF !

Ad remover ne m'a jamais donné de rapport (la fin du processus était ambigu)... Il y avait néanmoins les messages suivant:
Suppression Adwares connus terminée
Suppression Eorezo  terminée
Nettoyage des fichiers temporaires terminé
Scan additionnel terminé

Pour conbofix sinon voilà le résultat:

ComboFix 09-05-04.A3 - raph 05/05/2009 16:11.2 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.33.1036.18.1535.1031 [GMT 2:00]
Lancé depuis: c:\documents and settings\raph\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-04-05 au 2009-05-05  ))))))))))))))))))))))))))))))))))))
.

2009-05-04 22:40 . 2009-05-04 22:40     --------     d-----w     c:\documents and settings\All Users\Application Data\Avira
2009-05-04 22:14 . 2009-05-04 22:14     --------     d-----w     c:\program files\Ad-remover
2009-05-04 21:38 . 2009-05-04 21:44     --------     d-----w     c:\program files\Sonic Foundry Soft Encode
2009-05-04 10:50 . 2009-05-04 11:48     --------     d-----w     C:\FindyKill
2009-05-03 22:50 . 2009-05-03 22:50     --------     d-----w     c:\program files\Sonic
2009-05-02 14:26 . 2009-05-02 14:26     --------     d-----w     c:\program files\Vstplugins
2009-05-02 01:12 . 2009-05-02 08:24     --------     d-----w     c:\program files\VirtualDubMOD
2009-05-02 00:09 . 2009-05-02 00:09     --------     d-----w     c:\documents and settings\raph\Application Data\Publish Providers
2009-05-02 00:09 . 2009-05-02 14:30     --------     d-----w     c:\documents and settings\raph\Application Data\Sony
2009-05-02 00:09 . 2009-05-02 14:30     --------     d-----w     c:\documents and settings\raph\Local Settings\Application Data\Sony
2009-05-01 23:41 . 2009-05-02 14:28     --------     d-----w     c:\program files\Sony
2009-05-01 23:39 . 2009-05-01 23:39     --------     d-----w     c:\program files\MSBuild
2009-05-01 23:38 . 2009-05-01 23:38     198008     ----a-w     c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-01 23:34 . 2009-05-01 23:34     --------     d-----w     c:\windows\system32\XPSViewer
2009-05-01 23:33 . 2009-05-01 23:33     --------     d-----w     c:\program files\Reference Assemblies
2009-05-01 23:33 . 2006-06-29 11:07     14048     ------w     c:\windows\system32\spmsg2.dll
2009-05-01 22:46 . 2009-05-01 22:46     --------     d-----w     c:\documents and settings\raph\Application Data\Sony Setup
2009-05-01 22:46 . 2009-05-02 14:25     --------     d-----w     c:\program files\Sony Setup
2009-05-01 22:24 . 2008-12-28 16:00     49664     ----a-w     c:\windows\system32\SNTI386.DLL
2009-05-01 22:24 . 2008-12-28 16:01     18432     ----a-w     c:\windows\system32\RNBOVDD.DLL
2009-05-01 22:24 . 2008-12-28 16:01     73728     ----a-w     c:\windows\system32\drivers\SENTINEL.SYS
2009-05-01 22:24 . 2009-05-01 22:24     --------     d-----w     c:\windows\system32\RNBOSENT
2009-05-01 22:24 . 2009-05-03 23:23     --------     d-----w     c:\program files\Minnetonka Audio Software
2009-05-01 22:24 . 2009-05-01 22:25     --------     d-----w     C:\_ISTMP1.DIR
2009-05-01 20:22 . 2009-05-03 12:53     --------     d-----w     c:\program files\AC3Filter
2009-05-01 18:42 . 2009-05-01 18:42     --------     d-----w     c:\documents and settings\raph02\Local Settings\Application Data\Adobe
2009-05-01 11:11 . 2009-05-01 13:31     --------     d-----w     c:\documents and settings\raph\.dvdcss
2009-05-01 11:11 . 2009-05-01 11:11     --------     d-----w     c:\program files\DVD Audio Extractor
2009-04-25 16:55 . 2009-04-25 17:04     --------     d-----w     c:\program files\Winamp3
2009-04-11 01:00 . 2009-03-10 20:18     454024     ----a-w     c:\windows\system32\KB905474\wgasetup.exe
2009-04-11 01:00 . 2009-04-11 01:00     --------     d-----w     c:\windows\system32\KB905474
2009-04-11 01:00 . 2009-03-10 20:26     1438080     ----a-w     c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-08 16:40 . 2009-04-08 16:40     20016     ------w     c:\windows\system32\drivers\pxhelp20.sys
2009-04-08 16:24 . 1998-10-29 14:45     306688     ----a-w     c:\windows\IsUninst.exe
2009-04-08 16:24 . 2009-04-08 16:24     --------     d-----w     c:\windows\_ISTMP1.DIR
2009-04-08 12:58 . 2008-04-07 03:38     22872     ----a-r     c:\windows\system32\AdobePDFUI.dll
2009-04-08 12:58 . 2008-04-07 03:38     45392     ----a-r     c:\windows\system32\AdobePDF.dll
2009-04-08 07:30 . 2009-04-09 04:12     --------     d-----w     c:\program files\Winamp Toolbar
2009-04-08 07:27 . 2008-08-20 17:58     129520     ------w     c:\windows\system32\pxafs.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 20:19 . 2009-01-26 11:30     --------     d-----w     c:\program files\Malwarebytes' Anti-Malware
2009-05-04 11:48 . 2001-08-28 10:00     83046     ----a-w     c:\windows\system32\perfc00C.dat
2009-05-04 11:48 . 2001-08-28 10:00     504492     ----a-w     c:\windows\system32\perfh00C.dat
2009-05-04 09:30 . 2006-05-02 15:40     --------     d-----w     c:\program files\MagicISO
2009-05-04 08:22 . 2008-06-16 12:31     --------     d--h--w     c:\program files\InstallShield Installation Information
2009-05-04 00:53 . 2008-06-18 14:39     664     ----a-w     c:\windows\system32\d3d9caps.dat
2009-05-03 10:21 . 2008-06-16 12:36     76064     ----a-w     c:\documents and settings\raph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-02 09:19 . 2008-06-16 17:38     --------     d-----w     c:\program files\Fichiers communs\Adobe
2009-05-02 08:37 . 2009-01-13 00:28     --------     d-----w     c:\program files\Fichiers communs\Autodesk Shared
2009-05-02 08:37 . 2009-01-13 00:28     --------     d-----w     c:\program files\backburner 2
2009-04-30 22:36 . 2009-01-26 22:31     --------     d-----w     c:\program files\DVD Decrypter
2009-04-30 22:35 . 2009-01-06 13:41     --------     d-----w     c:\program files\SlySoft
2009-04-29 10:46 . 2008-12-10 05:36     --------     d-----w     c:\program files\AVS4YOU
2009-04-29 10:46 . 2008-12-10 05:37     --------     d-----w     c:\program files\Fichiers communs\AVSMedia
2009-04-06 13:32 . 2009-01-26 11:30     38496     ----a-w     c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-26 11:30     15504     ----a-w     c:\windows\system32\drivers\mbam.sys
2009-03-29 18:42 . 2009-03-29 18:41     2931168     ----a-w     c:\program files\FLV PlayerFCSetup.exe
2009-03-29 18:38 . 2009-03-29 18:32     21319232     ----a-w     c:\program files\FLV PlayerRCSetup.exe
2009-03-29 18:32 . 2009-03-29 18:32     --------     d-----w     c:\program files\FLV Player
2009-03-25 18:02 . 2009-03-25 18:02     --------     d-----w     c:\program files\Microsoft Works
2009-03-25 18:00 . 2009-03-25 18:00     --------     d-----w     c:\program files\Microsoft.NET
2009-03-24 21:02 . 2009-03-24 21:02     13679     ----a-w     c:\program files\uninstal.log
2009-03-17 15:21 . 2009-03-16 16:06     --------     d-----w     c:\program files\Hurrican
2009-03-12 16:05 . 2008-10-12 03:37     --------     d-----w     c:\program files\Macromedia
2009-03-06 19:38 . 2008-10-03 13:10     --------     d-----w     c:\program files\Fichiers communs\Macromedia
2009-03-06 18:48 . 2009-01-26 15:35     --------     d-----w     c:\program files\Pvm
2009-03-06 14:00 . 2004-08-19 14:09     286720     ----a-w     c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2006-04-14 13:00     826368     ----a-w     c:\windows\system32\wininet.dll
2009-02-25 01:35 . 2009-02-25 01:35     158     ----a-w     C:\icremov.bat
2009-02-20 17:10 . 2004-08-19 14:09     78336     ----a-w     c:\windows\system32\ieencode.dll
2009-02-09 13:54 . 2006-04-14 12:17     1847552     ----a-w     c:\windows\system32\win32k.sys
2009-02-09 11:42 . 2006-03-16 07:51     2022912     ----a-w     c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:42 . 2006-04-15 20:14     2144768     ----a-w     c:\windows\system32\ntoskrnl.exe
2009-02-09 10:03 . 2006-04-16 14:03     401408     ----a-w     c:\windows\system32\rpcss.dll
2009-02-09 10:03 . 2006-04-14 10:36     735232     ----a-w     c:\windows\system32\lsasrv.dll
2009-02-09 10:03 . 2004-08-19 14:09     686080     ----a-w     c:\windows\system32\advapi32.dll
2009-02-09 10:03 . 2004-08-19 14:09     740352     ----a-w     c:\windows\system32\ntdll.dll
2009-02-09 09:53 . 2004-08-19 14:10     111104     ----a-w     c:\windows\system32\services.exe
2009-02-06 16:52 . 2009-02-06 16:52     49504     ----a-w     c:\windows\system32\sirenacm.dll
2009-02-06 09:54 . 2001-08-28 10:00     35328     ----a-w     c:\windows\system32\sc.exe
2004-08-19 14:09 . 2004-08-19 14:09     65024     --sha-w     c:\windows\system32\asycfilt.dll
2006-08-25 15:51 . 2006-04-14 10:01     617472     --sha-w     c:\windows\system32\comctl32.dll
2004-08-19 14:09 . 2004-08-19 14:09     1028096     --sha-w     c:\windows\system32\mfc42.dll
2001-08-28 10:00 . 2001-08-28 10:00     57344     --sha-w     c:\windows\system32\mfc42loc.dll
2004-08-19 14:09 . 2004-08-19 14:09     413696     --sha-w     c:\windows\system32\msvcp60.dll
2001-08-28 10:00 . 2001-08-28 10:00     253952     --sha-w     c:\windows\system32\msvcrt20.dll
2007-12-04 18:41 . 2004-08-19 14:09     550912     --sha-w     c:\windows\system32\oleaut32.dll
2004-08-19 14:09 . 2004-08-19 14:09     83456     --sha-w     c:\windows\system32\olepro32.dll
2004-08-19 14:09 . 2004-08-19 14:09     30749     --sha-w     c:\windows\system32\vbajet32.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-18 155648]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-16 185896]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"WinampAgent"="c:\program files\Winamp3\winampa.exe" [2002-07-23 12288]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-1-29 1183744]
SiICfg.lnk - c:\program files\Silicon Image\SiICfg\SiICfg.exe [2008-6-21 593972]
Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-7-9 634880]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [14/10/2008 01:50 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [14/10/2008 01:50 5248]
R1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\DCxxMJPG.sys [28/02/2009 03:26 132940]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [16/06/2008 15:16 215040]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - AVGIO
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com h:
\Shell\Open\command - h:\resycled\ntldr.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d40f64d-3bc4-11dd-9df6-0014d139fc8a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com h:
\Shell\Open\command - "resycled\ntldr.c
.
Contenu du dossier 'Tâches planifiées'

2009-05-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-11 20:18]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe


.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
FF - ProfilePath - c:\documents and settings\raph\Application Data\Mozilla\Firefox\Profiles\a9hcpcj7.default\
FF - prefs.js: browser.search.selectedEngine - Softonic_France Customized Web Search
FF - component: c:\documents and settings\raph\Application Data\Mozilla\Firefox\Profiles\a9hcpcj7.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}\components\FFAlert.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 16:13
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - PAL\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.fr/support/main.html"
"Search"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\[u]0[/u]_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ec,fc,0f,64,0a,21,38,87,7c,49,9c,5c,01,f4,dc,9a,a2,43,e3,bb,d9,
   cf,59,aa,7e,6c,18,99,a8,c2,93,29,b3,f0,26,72,7b,c4,d5,33,17,6b,c1,6a,e4,8a,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\‱€|ÿÿÿÿ"‱€|     â€“Ñw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ec,fc,0f,64,0a,21,38,87,7c,49,9c,5c,01,f4,dc,9a,a2,43,e3,bb,d9,
   cf,59,aa,7e,6c,18,99,a8,c2,93,29,b3,f0,26,72,7b,c4,d5,33,17,6b,c1,6a,e4,8a,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\scecli.dll
.
Heure de fin: 2009-05-05 16:15
ComboFix-quarantined-files.txt  2009-05-05 14:14
ComboFix2.txt  2009-01-29 11:50

Avant-CF: 7 516 766 208 octets libres
Après-CF: 7 512 395 776 octets libres

220     --- E O F ---     2009-05-03 01:01
Hors ligneMister_masque Le 05/05/2009 Ă  16:49 Profil de Mister_masque Configuration de Mister_masque

Hum ... Il y avais un ADS, fraudais vérifier.

Affiche les fichiers cachés et le masquage des extensions :

  • Ouvrez l'Explorateur (pour cela ouvrez un dossier ou le Poste de travail par exemple).
  • Dans le menu "Outils" choisir "Options des dossiers".
  • Choisissez l'onglet "Affichage". Décochez &#147;Masquer les extensions des fichiers dont le type est connu&#148;.



  • De la même manière que pour les extensions, ouvrez l'"explorateur" et choisissez "Options des dossiers" puis l'onglet "Affichage".
  • Cette fois, cochez la case "Afficher les dossiers et fichiers cachés".



Les dossier C:\Resycled\ existe t'il ? Avec un S.

=================


- Télécharger HijackThis de Merijn sur ton bureau.
- Clique sur Install pour exécuter HijackThis

- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sous forme de Bloc-Note

Aide: N'hésite pas à consulter l'aide : Aide HJT si tu n'y arrives pas.

>> Poste le rapport HijackThis <<



Télécharge streams.exe sur ton BUREAU
-- Démarrer >> Exécuter, tape CMD, clique sur Ok
-- Dans la fenêtre noir tapes : cd Bureau [ENTREE]
-- Tapes streams.exe -s > Rapport.txt & notepad Rapport.txt, puis [ENTREE].

>> Poste le rapport <<

Si tout va bien, on nettoieras les outils utilisé et quelque clef de registre, la désinfection à proprement parlé sera terminé dans environ 2 posts

--
Vous avez résolu votre problème avec VIC ? Faites-le savoir sur les réseaux sociaux !
Vulgarisation-informatique.com
Cours en informatique & tutoriels