Votre question

[Résolu] Bagle ! + Rapport Elibagla

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Novembre 2008 18:21:52

Bonjour à tous,
j'ai choper un serial sur eMule et il contenait bagle ... :/ 
Bref j'essaie avec elibagla de le virer mais il est vraiment corriace ...
Besoin d'aide :D 

Rapport elibagla :


Mon Nov 10 16:29:57 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\LIST.OCT --> Eliminado Bagle
Reinicie para Completar la Limpieza.

Mon Nov 10 16:31:03 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\LIST.OCT --> Eliminado Bagle
Reinicie para Completar la Limpieza.

Mon Nov 10 16:31:49 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 10 16:31:53 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 10 16:33:06 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 10 16:33:12 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 10 16:33:58 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 10 16:34:02 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 10 16:35:00 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 10 16:35:03 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 10 16:35:35 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 10 16:35:42 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 10 16:35:55 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 10 16:35:57 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 10 16:38:08 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\USERS\BARNABA\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 10 16:38:11 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\

Nº Total de Directorios: 1
Nº Total de Ficheros: 203
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Nov 10 16:44:17 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\USERS\BARNABA\APPDATA\ROAMING\M\FLEC006.EXE --> Bagle Renombrado a .VIR
Eliminada Carpeta "%AppData%\M"
Reinicie para Completar la Limpieza.

Mon Nov 10 16:44:23 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 10 16:45:06 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Nov 10 16:45:07 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 10 16:46:16 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Nov 10 16:46:20 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 10 16:48:22 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Nov 10 16:50:49 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado

Mon Nov 10 17:08:51 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Nov 10 17:08:53 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Windows\System32\MDELK.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\110885.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\114364.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\234672.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\239508.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\244999.EXE --> Eliminado Bagle

Nº Total de Directorios: 22360
Nº Total de Ficheros: 210735
Nº de Ficheros Analizados: 18170
Nº de Ficheros Infectados: 6
Nº de Ficheros Limpiados: 6

Mon Nov 10 17:15:17 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Nov 10 17:15:18 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 22373
Nº Total de Ficheros: 210759
Nº de Ficheros Analizados: 18164
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Nov 10 17:41:11 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Nov 10 17:41:13 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 22375
Nº Total de Ficheros: 210763
Nº de Ficheros Analizados: 18164
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Nov 10 17:45:24 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon Nov 10 17:45:25 2008
EliBagle v11.94 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 7 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 22378
Nº Total de Ficheros: 210773
Nº de Ficheros Analizados: 18164
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0



Bon bagle ne pas pas toucher à ma clé safeboot pour boot en mode sans echec, donc j'ai pu boot en mode sans echec par F8, cependant elibagla bloque dans le scan parfois, il a bloqué les dernières fois ... je l'ai refait plein de fois.
Combofix ne peut pas se lancer (appli win32 non valide) et malware bite en mode sans echec mais dit runtime error 481 invalid image, donc voilà je suis vraiment bloqué ... je viens de virer les UAC. vista !
Merci


A noter que lors du scan elibagla j'ai eu une notification : Programme de démarrage bloqués par windows " j'ai regardé quel programme il bloqué et c'était Bisoft.exe, soit bagle !
Nb: j'arrive pas à virer les uac

Autres pages sur : resolu bagle rapport elibagla

10 Novembre 2008 19:13:13

J'edit pas,
Je suis content j'ai réussi à lancer combofix en mettant - entre combo et fix du coup combo fix à l'air d'avoir pas mal nettoyer, car mon steam qui été infecté ne pouvant plus se lancer et ayant une clé en icone à la place du logo steam maintenant ne retrouve pas son logo mais un logo windows appli, donc c'est pas mal, maintenant il faut faire un scan malware en mse je pense pour voir s'il reste des morceaux infectés, en attendant le ptit rapport combofix ;) 






ComboFix 08-11-09.04 - Barnaba 2008-11-10 18:56:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1105 [GMT 1:00]
Lancé depuis: c:\users\Barnaba\Desktop\combo-fix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\install.exe
c:\program files\steam\steam.exe
c:\windows\config.ini
c:\windows\msnimport.exe
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\132928.exe
c:\windows\system32\drivers\downld\161195.exe
c:\windows\system32\drivers\downld\166640.exe
c:\windows\system32\drivers\downld\220320.exe
c:\windows\system32\drivers\downld\221240.exe
c:\windows\system32\drivers\downld\265638.exe
c:\windows\system32\drivers\downld\282330.exe
c:\windows\system32\drivers\downld\286870.exe
c:\windows\system32\drivers\downld\311689.exe
c:\windows\system32\drivers\downld\351407.exe
c:\windows\system32\drivers\downld\36351056.exe
c:\windows\system32\drivers\downld\36358700.exe
c:\windows\system32\drivers\downld\36359792.exe
c:\windows\system32\drivers\downld\363716.exe
c:\windows\system32\drivers\downld\36399198.exe
c:\windows\system32\drivers\downld\36415578.exe
c:\windows\system32\drivers\downld\36418807.exe
c:\windows\system32\drivers\downld\36556619.exe
c:\windows\system32\drivers\downld\36561969.exe
c:\windows\system32\drivers\downld\36581844.exe
c:\windows\system32\drivers\downld\36588365.exe
c:\windows\system32\drivers\downld\377023.exe
c:\windows\system32\drivers\downld\470467.exe
c:\windows\system32\drivers\downld\476770.exe
c:\windows\system32\drivers\downld\493696.exe
c:\windows\system32\drivers\downld\533554.exe
c:\windows\system32\drivers\downld\67454.exe
c:\windows\system32\drivers\downld\92149.exe
c:\windows\system32\drivers\downld\93725.exe
c:\windows\system32\drivers\winfilse.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_poof


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-10 18:00 . 2008-11-10 18:00 <REP> d-------- c:\users\Barnaba\AppData\Roaming\Malwarebytes
2008-11-10 18:00 . 2008-11-10 18:00 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-10 18:00 . 2008-11-10 18:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 18:00 . 2008-11-10 18:00 <REP> d-------- c:\progra~2\Malwarebytes
2008-11-10 18:00 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-10 18:00 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-08 23:06 . 2008-11-10 16:27 7,168 --a------ c:\windows\System32\drivers\srosa2.sys
2008-11-08 22:27 . 2008-11-08 22:27 <REP> d-------- c:\program files\VideoMach-5.1.1
2008-11-07 19:27 . 2006-10-07 17:43 502,784 --a------ c:\windows\x2.64.exe
2008-11-07 19:27 . 2005-02-28 13:16 240,128 --a------ c:\windows\System32\x.264.exe
2008-11-07 19:27 . 2006-04-12 09:47 217,073 --a------ c:\windows\meta4.exe
2008-11-07 19:27 . 2004-01-25 00:00 70,656 --a------ c:\windows\System32\i420vfw.dll
2008-11-07 19:27 . 2006-04-05 08:09 66,560 --a------ c:\windows\MOTA113.exe
2008-11-07 19:27 . 2005-07-14 12:31 27,648 --a------ c:\windows\System32\AVSredirect.dll
2008-11-07 19:26 . 2008-11-07 19:26 <REP> d-------- c:\program files\eRightSoft
2008-11-01 12:50 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-01 12:50 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-01 12:50 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-01 12:50 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-01 12:50 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 12:38 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 12:38 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 12:38 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-26 17:40 . 2008-10-26 17:41 204,355,777 --a------ c:\windows\MEMORY.DMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 17:57 --------- d-----w c:\program files\Steam
2008-11-08 22:19 --------- d-----w c:\program files\MSN Messenger
2008-11-08 22:16 --------- d---a-w c:\progra~2\TEMP
2008-11-08 13:44 --------- d-----w c:\program files\Common Files\Steam
2008-11-04 22:14 --------- d-----w c:\users\Barnaba\AppData\Roaming\uTorrent
2008-11-04 17:15 --------- d-----w c:\progra~2\TrackMania
2008-11-04 15:35 --------- d-----w c:\users\Barnaba\AppData\Roaming\teamspeak2
2008-11-03 14:42 --------- d-----w c:\users\Barnaba\AppData\Roaming\HLSW
2008-11-02 19:51 --------- d-----w c:\users\Barnaba\AppData\Roaming\OpenOffice.org2
2008-11-02 14:01 183,120 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-02 14:01 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-01 16:16 --------- d-----w c:\users\Barnaba\AppData\Roaming\FileZilla
2008-10-29 02:02 --------- d-----w c:\users\Barnaba\AppData\Roaming\mIRC
2008-10-24 22:20 --------- d-----w c:\users\Barnaba\AppData\Roaming\Mumble
2008-10-23 16:06 --------- d-----w c:\progra~2\Xfire
2008-10-22 19:22 --------- d-----w c:\users\Barnaba\AppData\Roaming\Xfire
2008-10-22 18:17 --------- d-----w c:\program files\Xfire
2008-10-18 08:12 --------- d-----w c:\program files\Windows Mail
2008-10-15 11:12 --------- d-----w c:\program files\Google
2008-10-11 09:04 --------- d-----w c:\program files\Java
2008-10-09 00:47 42,320 ----a-w c:\windows\System32\xfcodec.dll
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-19 19:21 --------- d-----w c:\users\Barnaba\AppData\Roaming\Ventrilo
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
2008-08-17 15:15 174 --sha-w c:\program files\desktop.ini
2008-08-17 14:55 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-08-17 14:54 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-08-17 14:29 47,560 ----a-w c:\windows\System32\SPReview.exe
2008-08-17 14:29 152,576 ----a-w c:\windows\System32\SPWizUI.dll
2007-12-25 16:51 22,328 ----a-w c:\users\Barnaba\AppData\Roaming\PnkBstrK.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2008-06-24 5674352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-11-10 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]
"DeathAdder"="c:\program files\RazerMse\DeathAdder\razerhid.exe" [2007-05-07 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1772316304-2762622859-974373420-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{9B6BC057-4C97-4EE5-BE02-8D8747BFFB20}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{C55A3EF8-AC09-4998-9F3B-322A46E584E5}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{06224626-92BF-4DC2-A1AF-ACC19BA34311}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{9B35DF4E-B482-4E8F-9B97-B79325AB93BC}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"TCP Query User{6980D05A-37C3-4914-A252-0361A7C49AF5}c:\\program files\\call of duty game of the year edition\\codmp.exe"= UDP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"UDP Query User{18ABF5D3-EA70-4139-B173-F21D9D892E14}c:\\program files\\call of duty game of the year edition\\codmp.exe"= TCP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"TCP Query User{C584C3B9-D308-4377-BC2F-442A87665D77}c:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:c:\program files\codemasters\dirt\dirt.exe:D iRT Executable
"UDP Query User{2DF64198-C6D0-4C48-90D7-7D0C4CB22DEC}c:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:c:\program files\codemasters\dirt\dirt.exe:D iRT Executable
"TCP Query User{BE335FA5-5156-4639-87F5-4D08825A182B}c:\\counter-strike source lan edition\\hl2.exe"= UDP:c:\counter-strike source lan edition\hl2.exe:hl2
"UDP Query User{52451095-827A-4B8A-9B94-619C98F15576}c:\\counter-strike source lan edition\\hl2.exe"= TCP:c:\counter-strike source lan edition\hl2.exe:hl2
"{880EEA45-EB03-4C64-9A33-D48947886E00}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{CAE21F18-51F0-40AB-B11F-9A0CBEBF4A7E}c:\\program files\\steam\\steamapps\\mathieu604\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mathieu604\counter-strike source\hl2.exe:hl2
"UDP Query User{82AB9CDB-AF8C-4AD5-99CA-6A086CE16B1E}c:\\program files\\steam\\steamapps\\mathieu604\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mathieu604\counter-strike source\hl2.exe:hl2
"TCP Query User{66F00A5C-9C5D-4732-8995-60123CCB64E6}c:\\program files\\call of duty game of the year edition\\codmp.exe"= UDP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"UDP Query User{267BF383-A8F2-427A-929F-9D1D26601E25}c:\\program files\\call of duty game of the year edition\\codmp.exe"= TCP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"TCP Query User{B4F7E90F-A578-4F35-A74B-3C19B390F1A1}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{AC66AF0B-5AB7-423A-87F4-4357B8FE8803}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{6EB7BCFB-DE49-4AF1-B6F2-B070BE41A010}c:\\program files\\steam\\steamapps\\mathieu604\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mathieu604\counter-strike source\hl2.exe:hl2
"UDP Query User{CC60BC46-0E7C-4B20-A5F1-BC10548BAF60}c:\\program files\\steam\\steamapps\\mathieu604\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mathieu604\counter-strike source\hl2.exe:hl2
"TCP Query User{BB2DBD6F-FEFC-4403-8FE8-5160B34C970B}c:\\counter-strike source lan edition\\hl2.exe"= UDP:c:\counter-strike source lan edition\hl2.exe:hl2
"UDP Query User{1285C4C8-C3C2-4956-88D0-7DD4EDE02CC5}c:\\counter-strike source lan edition\\hl2.exe"= TCP:c:\counter-strike source lan edition\hl2.exe:hl2
"TCP Query User{B155F585-9B21-4FAC-BA3D-1E5525CE3C60}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FA5380F3-D455-4AA2-9537-ADA0A3CB49C3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6FAE8BC0-CFF7-4215-AF25-403FBC6A2908}c:\\program files\\steam\\steamapps\\mathieu604\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mathieu604\day of defeat source\hl2.exe:hl2
"UDP Query User{E38EAA0A-4D52-4CEF-BAB3-D7628943B6AB}c:\\program files\\steam\\steamapps\\mathieu604\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mathieu604\day of defeat source\hl2.exe:hl2
"{98E3305B-F177-45B7-8854-74CE35C6DC92}"= UDP:c:\windows\System32\PnkBstrA.exe:p nkBstrA
"{22009243-C394-4672-B2B8-3D11E7B3513F}"= TCP:c:\windows\System32\PnkBstrA.exe:p nkBstrA
"{31F31461-F22B-48C8-957C-130BE35C2391}"= UDP:c:\windows\System32\PnkBstrB.exe:p nkBstrB
"{0C3A941E-383F-414A-9A31-557421DFCD7C}"= TCP:c:\windows\System32\PnkBstrB.exe:p nkBstrB
"{730A199E-9FD5-4B0E-9861-28A5B6DDD6AD}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{4042134C-E3F4-4500-9E4A-E5599CC7440A}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{42E0BD95-2DBF-418A-858C-4D83CFC98741}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E3B6E72F-4228-4565-B05B-44AA1E4E9406}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{F6801F77-A562-4158-B456-6B0C0E6F43C7}c:\\program files\\steam\\steamapps\\mathieu604\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\mathieu604\source dedicated server\srcds.exe:srcds
"UDP Query User{FCBFB9AA-AA71-4323-9085-9CA61C820403}c:\\program files\\steam\\steamapps\\mathieu604\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\mathieu604\source dedicated server\srcds.exe:srcds
"TCP Query User{34B2AAE5-B8A1-4EAD-9002-7D613E68DD71}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{46790EF7-5FCA-4598-8C77-64EBDA832ED3}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{D5F3AD43-B194-4E4A-8BC3-1A7C6B2C3DA2}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{856BC291-E037-4DC0-A5EB-3206F5504556}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{B00F6B4B-52C3-48A7-BBD2-C1E0BF089A00}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{6D9402DF-59FD-4D15-9D9C-845E260BAB4B}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{56C1E67E-9161-459C-94CD-8C91765B1299}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{4688660D-DA71-4E2A-8C76-CA257E1EFD57}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{9EE31FB2-EF68-4D40-B91C-D05A7C514EAF}c:\\program files\\steam\\steamapps\\alexoudu64\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\alexoudu64\counter-strike source\hl2.exe:hl2
"UDP Query User{C7FF323E-FB9C-4AA3-B2DB-BA1FAE5A5A5B}c:\\program files\\steam\\steamapps\\alexoudu64\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\alexoudu64\counter-strike source\hl2.exe:hl2
"TCP Query User{BE681F61-44C9-4935-BC0B-F6D94BAD0B04}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D64EBC0B-779E-4D7F-9FF4-F533A44ABCE9}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{D565FD9A-DFAC-4AC2-AA8C-2A288DC0A47B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A1500B7-ACA8-4D4A-81F7-E133B6441619}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6D8112AC-7230-4EB0-832A-F021EFB9F183}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{F8B0D32E-6E4D-41D9-A646-4677D6B8B6EE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{D61FD2F5-803B-4527-A4B5-0FBC7E24BFCA}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E5999CB3-658D-4DED-9AC9-67A3E0E4D8C9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{4D0E2F47-E984-4FCB-86A0-F6C43DEBE2F1}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{B7429E33-4E48-4C1F-BD99-428410E4F2C9}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{87F20635-59E3-41FB-BB64-651BAEED3437}c:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{75FBEB9E-9B54-405F-8820-FA274472AFA9}c:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{E8572338-8F7F-4EDD-BE33-3957F7F8E257}c:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{CDC19744-EE40-4CC8-B940-B55274D1CB47}c:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{F0974D33-E5A8-447D-897E-A540F74A1928}c:\\users\\barnaba\\documents\\jeux\\css lan\\ap-css-lan\\hl2.exe"= UDP:c:\users\barnaba\documents\jeux\css lan\ap-css-lan\hl2.exe:hl2.exe
"UDP Query User{C4AF3EA4-DAC6-45C0-A552-C35909152F4B}c:\\users\\barnaba\\documents\\jeux\\css lan\\ap-css-lan\\hl2.exe"= TCP:c:\users\barnaba\documents\jeux\css lan\ap-css-lan\hl2.exe:hl2.exe
"TCP Query User{C5B0B6FC-0A2E-40EF-AA4C-3DB4E7D7205D}c:\\users\\barnaba\\documents\\jeux\\cs 1.6 lan\\counter strike 1.6\\hl.exe"= UDP:c:\users\barnaba\documents\jeux\cs 1.6 lan\counter strike 1.6\hl.exe:hl.exe
"UDP Query User{22B90640-B833-4129-B523-A9DF9C87A3F3}c:\\users\\barnaba\\documents\\jeux\\cs 1.6 lan\\counter strike 1.6\\hl.exe"= TCP:c:\users\barnaba\documents\jeux\cs 1.6 lan\counter strike 1.6\hl.exe:hl.exe
"TCP Query User{12D00C04-1800-4795-88FA-8085617771A2}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.794\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.794\freezer.exe:freezer.exe
"UDP Query User{F02CBCF1-9A4C-454D-9662-EE4FCC06E9D5}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.794\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.794\freezer.exe:freezer.exe
"TCP Query User{8C5D5FEE-5284-4805-A365-EF7E2834B9D3}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.341\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.341\freezer.exe:freezer.exe
"UDP Query User{2D87BD32-7C27-43F8-A8D7-2C0A7562A96F}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.341\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.341\freezer.exe:freezer.exe
"TCP Query User{2E7BACA3-807A-40BC-82F3-0BB21DA99196}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.654\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.654\freezer.exe:freezer.exe
"UDP Query User{F704E346-6E04-4F40-85D5-7ECA85345FDE}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.654\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.654\freezer.exe:freezer.exe
"TCP Query User{B6018835-286D-47DC-A013-E810D638F54A}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.994\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.994\freezer.exe:freezer.exe
"UDP Query User{BCB88D26-CDF5-4EE3-8FA0-F9E2F04C0A6B}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.994\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.994\freezer.exe:freezer.exe
"{66582AFD-DD35-485D-87DB-ED6D6DEC99E6}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{073A8E79-1A98-4CFA-9D08-47AEA9CF75FA}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{7EF7F3D9-9B83-4561-97E5-1EC2946486A9}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{D651EABC-F962-4637-9C49-DF6B95B376B0}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{CACF024C-6007-448A-8F4C-6D8E655338C2}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.732\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.732\freezer.exe:freezer.exe
"UDP Query User{73DF1747-2C70-435E-AB85-F1A9C1A6C33B}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.732\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.732\freezer.exe:freezer.exe
"TCP Query User{568438C0-9726-4157-8761-9195960FD7F0}c:\\users\\barnaba\\documents\\jeux\\aoe2\\age2_x1.exe"= UDP:c:\users\barnaba\documents\jeux\aoe2\age2_x1.exe:age2_x1.exe
"UDP Query User{A8C61F9F-656A-4D70-9FA0-9B4D5F260274}c:\\users\\barnaba\\documents\\jeux\\aoe2\\age2_x1.exe"= TCP:c:\users\barnaba\documents\jeux\aoe2\age2_x1.exe:age2_x1.exe
"TCP Query User{6B9C0EFB-90ED-48D0-9C5B-38CF7A6982AA}c:\\users\\barnaba\\documents\\jeux\\aoe2\\empires2.exe"= UDP:c:\users\barnaba\documents\jeux\aoe2\empires2.exe:empires2.exe
"UDP Query User{53292909-D5DA-491C-94CF-2A8882930CDD}c:\\users\\barnaba\\documents\\jeux\\aoe2\\empires2.exe"= TCP:c:\users\barnaba\documents\jeux\aoe2\empires2.exe:empires2.exe
"TCP Query User{27C8FA8D-B09C-4C45-B41E-C09561E6EA28}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query User{BA7D28AF-8733-4781-9F38-9DAC44767A2B}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"TCP Query User{9464AF4E-1E81-4110-9F60-0F56F0B04DDD}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{48110697-82BC-4BE4-B82D-C64E03FAA7DE}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{2600EB43-DFE1-4413-872D-57A1E6350494}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{C399B3D7-07DC-4D05-B160-41F3B1FD0B7F}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{AA0D2391-F0DB-4A80-915A-ED3BB1FA0078}c:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:c:\program files\thq\titan quest\titan quest.exe:Titan Quest
"UDP Query User{6878F4D1-56B6-4872-AA69-693A3DC1FC7A}c:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:c:\program files\thq\titan quest\titan quest.exe:Titan Quest
"TCP Query User{ECF9E1B7-A102-4EB7-88B9-8277FA67B73F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{032A9FA3-1C09-48AD-B26A-1065A521C9EA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{5025C74A-4BC9-4BAE-824C-8E6B8069A4F8}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.529\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.529\freezer.exe:freezer.exe
"UDP Query User{3E0D2881-E1A6-45B6-9413-6A9367EADFCD}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.529\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.529\freezer.exe:freezer.exe
"TCP Query User{02AB4A2B-5AD1-4C9A-908D-B59F19F2DF8A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3BD298D3-D5DF-48C0-BA42-61B3C6264E74}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{D77C9172-8DC6-49B8-8C7C-0F74F6184323}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{28ABBE4C-FD66-45C2-9836-FA560A781D18}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{A26F3C02-A750-4A58-A790-032316604B08}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{41C0DE3F-330E-42FF-A732-9F6FC0BD9CC4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{0B2B0DE6-4052-4135-B447-6C9A3B6E983A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{64952FED-8BD1-407E-9E42-CF78F7B090CB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{6EEAB100-B1A7-49E7-B00E-1F4FB1D3864F}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{B11477BB-C143-43D9-8344-D54E466B64C8}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{DF4EA1A1-509A-400A-BAB3-EC2B8DFAB13B}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:p MSRegisterFile
"{2420B601-BC63-496B-A657-81198F940ABF}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:p MSRegisterFile
"{0B8D862A-B165-435F-8E4B-70F35DED19E0}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{5E664BD9-8744-4D71-83D9-4D301C796C58}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{3A7377B0-FA40-4533-9EEE-90DE2D92C034}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:p innacle VideoSpin
"{8134F12D-0285-43A8-A759-70EA8A2F5227}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:p innacle VideoSpin
"{D3F5E9C9-3A70-43C6-8D30-A7EDCCC1A1A7}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{61618743-A2C2-4862-B831-A54FA1B9E4A8}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{80F227A8-66E4-4876-A5E9-87F64AD63952}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{D0CA0176-10EC-40F7-A965-741F8C182714}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{B198B204-884D-4CEB-B5C9-11A35B9C6C69}c:\\program files\\steam\\steamapps\\samylemarseil\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samylemarseil\counter-strike source\hl2.exe:hl2
"UDP Query User{A2F9F2FC-9870-4D65-AEA8-A7055F64A1C7}c:\\program files\\steam\\steamapps\\samylemarseil\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samylemarseil\counter-strike source\hl2.exe:hl2
"TCP Query User{6A062278-F2CC-492D-A713-9398DD5F1680}c:\\program files\\steam\\steamapps\\romaindu64\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\romaindu64\counter-strike source\hl2.exe:hl2
"UDP Query User{D43871D1-DD35-472A-BB39-F0C5F98A39AF}c:\\program files\\steam\\steamapps\\romaindu64\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\romaindu64\counter-strike source\hl2.exe:hl2
"{C8AC5CEE-B6F1-4CCC-9790-C567F69D7B64}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3B8BE268-E55A-44F6-8F45-CCE656AFC15A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R1 sK9Ou0s;sK9Ou0s;c:\windows\system32\drivers\srosa2.sys [2008-11-10 7168]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-04-12 10880]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc [ ]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\Drivers\camdrv30.sys [2001-08-17 171264]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\Drivers\CyUsb.sys [2005-03-03 31104]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-11-08 99576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{131fe1b5-5df8-11dc-952d-001a4d441f43}]
\shell\AutoRun\command - Z:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aea7746-769d-11dc-a0eb-001a4d441f43}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e10861e0-74cc-11dd-9127-001a4d441f43}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\NoLimit.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Steam - c:\program files\steam\steam.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Barnaba\AppData\Roaming\Mozilla\Firefox\Profiles\46wxdtws.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 19:00:16
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\RazerMse\DeathAdder\razertra.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\RazerMse\DeathAdder\razerofa.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\msfeedssync.exe
.
**************************************************************************
.
Heure de fin: 2008-11-10 19:10:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-10 18:09:47

Avant-CF: 66 335 862 784 octets libres
Après-CF: 66,342,031,360 octets libres

324 --- E O F --- 2008-11-05 09:47:58












EDIT: il faudra que je purge mes points de restauration aussi ...
10 Novembre 2008 22:30:03

Petit up ? :S


Edit : malgré combo fix je peux toujours pas démarrer Malsware bite en mode sans echec ...
Contenus similaires
11 Novembre 2008 12:57:00

UP :/ 
11 Novembre 2008 15:30:34

Angeldark a dit :
Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2



LOL §

Tu sais que bagle touche à Win32 ? Quand j'ai su que j'ai été infecté mon premier reflex a été de lancer hijackthis mais il dit que ce n'est pas une application win32 valide ! C'est pareil si je veux passer un CCleaner ... ou autre.
Le problème est que bagle empêche la réinstallation de ces logiciels comme Antivir !
Donc je fais comment ?
Même si j'ai pas essayé de reinstall Hijackthis !

Edit: j'ai vu sur malekal qu'on pouvait utiliser FindyKill !


EDIT : Comme je suis assez exceptionnel comme mec(JE DECONNE :D ), j'ai re dl Hijackthis et j'ai renommé le setup ainsi que le dossier d'install et l'executable.
DONC J'AI UN LOG ! :) 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:00, on 11/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RazerMse\DeathAdder\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RazerMse\DeathAdder\razertra.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RazerMse\DeathAdder\razerofa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TM\Hthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\RazerMse\DeathAdder\razerhid.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5732 bytes
a b 8 Sécurité
11 Novembre 2008 18:29:33

Tu as le rapport FindyKill ?
11 Novembre 2008 18:39:11

GO j'espère que tu vas pouvoir m'aider à virer ce malware :/ 



----------------- FindyKill V4.105 ------------------

* User : Barnaba - PC-DE-MAXOU
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 10/11/08 par Chiquitine29
* Recherche effectuée à 18:38:15 le 11/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RazerMse\DeathAdder\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RazerMse\DeathAdder\razertra.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\RazerMse\DeathAdder\razerofa.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:

Présent ! [11/11/2008 13:14] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch


»»»» Presence des fichiers dans C:\Windows\system32


»»»» Presence des fichiers dans C:\Windows\system32\drivers

Présent ! [10/11/2008 16:27] - C:\Windows\system32\drivers\srosa2.sys

»»»» Presence des fichiers dans C:\Users\Barnaba\AppData\Roaming


»»»» Presence des fichiers dans C:\Users\Barnaba\AppData\Local\Temp


»»»» Presence des fichiers dans C:\Users\Barnaba\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
DeathAdder REG_SZ C:\Program Files\RazerMse\DeathAdder\razerhid.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe


--------------- [ Registre / Clés infectieuses ] ----------------


Présent ! - HKEY_USERS\S-1-5-21-1772316304-2762622859-974373420-1000\Software\Local AppWizard-Generated Applications\serial
Présent ! - HKEY_USERS\S-1-5-21-1772316304-2762622859-974373420-1000\Software\Local AppWizard-Generated Applications\winfilse
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

/!\ WinDefend - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe
Z: - Lecteur de CD-ROM

+- Contenu de l'autorun : Z:\autorun.inf

[autorun]
open=RunGame.exe
Icon=NFSU_icon.ico
Name=Need for Speed Underground 2

[Special]
Disk=2



+- presence des fichiers :

Présent ! [23/10/2004 06:57][-r-------] - Z:\autorun.inf


--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


------------------- ! Fin du rapport ! --------------------

a b 8 Sécurité
12 Novembre 2008 14:54:13

Passe l'option 2 :) 
12 Novembre 2008 17:03:20

Le fix a été testé, néanmoins utiliser l'option 2 peut supprimer des dossiers légitimes pris comme infectieux par le fix (faux positif), l'utilisation du fix sans vérification du rapport de recherche par une personne compétente est à vos risques et périls.


Source : http://www.malekal.com//tutorial_FindyKill.php

Je fais quand même ?
a b 8 Sécurité
13 Novembre 2008 19:00:56

Oui ;) 
13 Novembre 2008 19:15:58

----------------- FindyKill V4.105 ------------------

* User : Barnaba - PC-DE-MAXOU
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 10/11/08 par Chiquitine29
* Suppression effectuée à 19:08:30 le 13/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000


((((((((((((((( *** Suppression *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Suppression des fichiers dans C:

Supprimé ! - C:\InfoSat.txt

»»»» Suppression des fichiers dans C:\Windows


»»»» Suppression des fichiers dans C:\Windows\Prefetch


»»»» Suppression des fichiers dans C:\Windows\system32


»»»» Suppression des fichiers dans C:\Windows\system32\drivers

Supprimé ! - C:\Windows\system32\drivers\srosa2.sys

»»»» Suppression des fichiers dans C:\Users\Barnaba\AppData\Roaming


»»»» Suppression des fichiers dans C:\Users\Barnaba\AppData\Local\Temp


»»»» Suppression des fichiers dans C:\Users\Barnaba\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Clés infectieuses ] ----------------

Supprimé ! - HKEY_USERS\S-1-5-21-1772316304-2762622859-974373420-1000\Software\Local AppWizard-Generated Applications\serial
Supprimé ! - HKEY_USERS\S-1-5-21-1772316304-2762622859-974373420-1000\Software\Local AppWizard-Generated Applications\winfilse
Supprimé ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Supprimé ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse

--------------- [ Etat / Redémarage des services ] ----------------


+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Wlansvc - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

WinDefend - Type de démarrage = 2


--------------- [ Nettoyage des supports amovibles ] ----------------

+- Informations :

C: - Lecteur fixe
Z: - Lecteur de CD-ROM

+- Suppression des fichiers :

Echec de la supression !! - Z:\autorun.inf

--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


--------------- [ Recherche Cracks / Keygen ] ----------------

C:\Users\Barnaba\Desktop\usb key back up\Imtoo Psp Video Converter v2.1.55.1008B Winall Incl Keygen-Brd.zip
C:\Users\Barnaba\Documents\Jeux\Age Of Empires III\aoeIII\Crack
C:\Users\Barnaba\Documents\Jeux\Age Of Empires III\aoeIII\Crack\gagnez de l'argent sans effort, garantie!!!.doc
C:\Users\Barnaba\Documents\Jeux\Age Of Empires III\aoeIII\Crack\Serial.nfo
C:\Users\Barnaba\Documents\Jeux\AoE2\crack.zip
C:\Users\Barnaba\Documents\Jeux\Colin_mcrae_DiRT\Crack
C:\Users\Barnaba\Documents\Jeux\Colin_mcrae_DiRT\Crack\DiRT.exe
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\cstrike\materials\concrete\prodwllecracked.vmt
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\cstrike\materials\concrete\prodwllecracked.vtf
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\hl2\materials\Glass\glasswindow018a_cracked.vmt
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\hl2\materials\Glass\glasswindow018a_cracked.vtf
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\Steam\games\icon_Safecracker.tga
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\Steam\games\Safecracker.ico
C:\Users\Barnaba\Documents\Mes fichiers re‡us\Age Of Empires 2 Crack.zip
C:\Users\Barnaba\Documents\Mes fichiers re‡us\crack.zip
C:\Users\Barnaba\Documents\Sony Vegas\Sony Vegas 8 Pro\Crack
C:\Users\Barnaba\Documents\Sony Vegas\Sony Vegas 8 Pro\Crack\sfs4rw.dll
C:\Users\Barnaba\Documents\Sony Vegas\Sony Vegas 8 Pro\Crack\vegas80.exe
C:\Users\Barnaba\Downloads\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY.rar
C:\Users\Barnaba\Downloads\eMule\Incoming\Call Of Duty 4 Crack e Keygen by Razor1911 [ cod4 cod 4].rar
C:\Users\Barnaba\Downloads\eMule\Incoming\Lavalys.EVEREST.Ultimate.Edition.v4.50.1330.Multilangages.Incl-Keygen.rar


---------------- ! Fin du rapport ! ------------------


Z: c un lecteur virtuel fait avec deamon tools, un moment j'ai eu le message "le ficher est introuvable" ca devait etre ça, sinon merci findykill de montrer tous mes cracks ! :D  mais CSS LAN c'est la version donné par les orga de la lan j'ai rien fait moi :D 

Je fais quoi now ? Malware's bite ? Repasse Elibagla ? Combofix ?

merci angeldark

Je purge restauration ?

Quand je veux relancer Antivir, win32 pas valide :/  Sinon je crois qu'il faut reinstallé tous les logiciels qu'il a touché ... en l'occurence Antivir, steam etc nn ?
a b 8 Sécurité
13 Novembre 2008 19:20:06

Ces cracks sont un peu des infections...
13 Novembre 2008 19:20:53

Bref, avant j'avais rien donc je pense pas ! Je fais quoi maintenant ? Mon problème n'est toujours pas résolu !

Edit: Si tout va bien, Bagle devrait être supprimé de votre ordinateur.
Si vous obtenez des erreurs win32 sur certains fichiers, ces derniers ont été endommagés par Bagle, vous devez les retélécharger.


Je crois qu'il est encore là ... Je fais quoi ? :/ 
13 Novembre 2008 20:55:19

Ca y'est j'ai trouvé la solution...
Les nettoyages Elibagla, combofix findykill ne peuvent se faire correctement à cause des UAC ... même si je fais clik droit executer en tant qu'admin ...
Quand je desactive les UAC via Panneau de cfg rien ne se passe, il me demande pas de reboot ! J'ai donc essayé par le registre, la clé s'appelle "EnableLUA" je l'ai mis à 0 et reboot mais rien y fait ...
J'ai réaliser que pendant le combofix il y'a marqué en boucle : "EnableLUA" c'est sur que c'est ça !

AngelDark aide moi !
J'en peux plus !
a b 8 Sécurité
14 Novembre 2008 18:07:55

Vire les cracks...
14 Novembre 2008 18:12:08

Ok, je vire tout les cracks et si ça va marché ?


<edit> : c'est bon, j'ai tout delete
a b 8 Sécurité
14 Novembre 2008 18:15:30

Pour éviter la réinfection oui.
14 Novembre 2008 18:19:11

done

déjà il faudrai desinfecter, bref j'ai tout delete
15 Novembre 2008 20:19:07

UP :/ 

Bagle détruit la clé de registre "EnableLUA" (UAC) je l'ai donc recrée et ça marche ! J'ai réussi à desactiver UAC.
a b 8 Sécurité
16 Novembre 2008 16:45:02

Refais un scan FindyKill option 1 pour voir s'il reste des fichiers.
16 Novembre 2008 19:27:16

Hélas, oui :/ 
Sinon à chaque reboot il me renlève la clé EnableLUA donc ça m'a réactivé les UAC ...
Donc oui il est toujours présent, je pense qu'il faut essayé Gmer ...
Mais c'est toi l'helper et moi le novice :D 

merci ;) 





----------------- FindyKill V4.105 ------------------

* User : Barnaba - PC-DE-MAXOU
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 10/11/08 par Chiquitine29
* Recherche effectuée à 19:25:13 le 16/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RazerMse\DeathAdder\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RazerMse\DeathAdder\razertra.exe
C:\Program Files\RazerMse\DeathAdder\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch


»»»» Presence des fichiers dans C:\Windows\system32


»»»» Presence des fichiers dans C:\Windows\system32\drivers


»»»» Presence des fichiers dans C:\Users\Barnaba\AppData\Roaming


»»»» Presence des fichiers dans C:\Users\Barnaba\AppData\Local\Temp


»»»» Presence des fichiers dans C:\Users\Barnaba\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
DeathAdder REG_SZ C:\Program Files\RazerMse\DeathAdder\razerhid.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe


--------------- [ Registre / Clés infectieuses ] ----------------



--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Wlansvc - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

WinDefend - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe
Z: - Lecteur de CD-ROM

+- Contenu de l'autorun : Z:\autorun.inf

[autorun]
open=RunGame.exe
Icon=NFSU_icon.ico
Name=Need for Speed Underground 2

[Special]
Disk=2



+- presence des fichiers :

Présent ! [23/10/2004 06:57][-r-------] - Z:\autorun.inf


--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


------------------- ! Fin du rapport ! --------------------

a b 8 Sécurité
17 Novembre 2008 17:05:20

Bizarre. Refais un scan Combofix pour voir.
18 Novembre 2008 20:02:22

J'ai refais une suppression findykill et un combfix avec EnableLUA = 0 soit UAC désactivé :) 



----------------- FindyKill V4.105 ------------------

* User : Barnaba - PC-DE-MAXOU
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 10/11/08 par Chiquitine29
* Suppression effectuée à 19:23:14 le 18/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000


((((((((((((((( *** Suppression *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Suppression des fichiers dans C:


»»»» Suppression des fichiers dans C:\Windows


»»»» Suppression des fichiers dans C:\Windows\Prefetch


»»»» Suppression des fichiers dans C:\Windows\system32


»»»» Suppression des fichiers dans C:\Windows\system32\drivers


»»»» Suppression des fichiers dans C:\Users\Barnaba\AppData\Roaming


»»»» Suppression des fichiers dans C:\Users\Barnaba\AppData\Local\Temp


»»»» Suppression des fichiers dans C:\Users\Barnaba\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Clés infectieuses ] ----------------


--------------- [ Etat / Redémarage des services ] ----------------


+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Wlansvc - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

WinDefend - Type de démarrage = 2


--------------- [ Nettoyage des supports amovibles ] ----------------

+- Informations :

C: - Lecteur fixe
Z: - Lecteur de CD-ROM

+- Suppression des fichiers :

Echec de la supression !! - Z:\autorun.inf

--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


--------------- [ Recherche Cracks / Keygen ] ----------------

C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\cstrike\materials\concrete\prodwllecracked.vmt
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\cstrike\materials\concrete\prodwllecracked.vtf
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\hl2\materials\Glass\glasswindow018a_cracked.vmt
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\hl2\materials\Glass\glasswindow018a_cracked.vtf
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\Steam\games\icon_Safecracker.tga
C:\Users\Barnaba\Documents\Jeux\CSS LAN\AP-CSS-LAN\Steam\games\Safecracker.ico
C:\Users\Barnaba\Downloads\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.Multilingual.Incl.Keygen-ViRiLiTY.rar


---------------- ! Fin du rapport ! ------------------






ComboFix 08-11-17.06 - Barnaba 2008-11-18 19:30:22.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1276 [GMT 1:00]
Lancé depuis: c:\users\Barnaba\Desktop\combo-fix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.

2008-11-17 16:58 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-17 16:58 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-17 16:58 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-17 16:58 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-17 16:58 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-17 16:58 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-17 16:58 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-17 16:58 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-17 16:58 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 19:42 . 2008-11-15 19:45 250 --a------ c:\windows\gmer.ini
2008-11-15 19:32 . 2008-11-18 19:20 98,611,264 --a------ c:\windows\MEMORY.DMP
2008-11-11 18:36 . 2008-11-18 19:27 <REP> d-------- c:\program files\FindyKill
2008-11-11 15:40 . 2008-11-11 15:40 <REP> d-------- c:\program files\TM
2008-11-10 18:00 . 2008-11-10 18:00 <REP> d-------- c:\users\Barnaba\AppData\Roaming\Malwarebytes
2008-11-10 18:00 . 2008-11-10 18:00 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-10 18:00 . 2008-11-10 18:00 <REP> d-------- c:\programdata\Malwarebytes
2008-11-10 18:00 . 2008-11-10 18:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 18:00 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-10 18:00 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-07 19:27 . 2006-10-07 17:43 502,784 --a------ c:\windows\x2.64.exe
2008-11-07 19:27 . 2005-02-28 13:16 240,128 --a------ c:\windows\System32\x.264.exe
2008-11-07 19:27 . 2006-04-12 09:47 217,073 --a------ c:\windows\meta4.exe
2008-11-07 19:27 . 2004-01-25 00:00 70,656 --a------ c:\windows\System32\i420vfw.dll
2008-11-07 19:27 . 2006-04-05 08:09 66,560 --a------ c:\windows\MOTA113.exe
2008-11-07 19:27 . 2005-07-14 12:31 27,648 --a------ c:\windows\System32\AVSredirect.dll
2008-11-07 19:26 . 2008-11-07 19:26 <REP> d-------- c:\program files\eRightSoft
2008-11-01 12:50 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-01 12:50 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-01 12:50 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-01 12:50 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-01 12:50 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 12:38 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 12:38 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 12:38 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 18:11 --------- d-----w c:\users\Barnaba\AppData\Roaming\uTorrent
2008-11-13 19:11 --------- d-----w c:\program files\CCleaner
2008-11-08 22:19 --------- d-----w c:\program files\MSN Messenger
2008-11-08 22:16 --------- d---a-w c:\programdata\TEMP
2008-11-08 13:44 --------- d-----w c:\program files\Common Files\Steam
2008-11-04 17:15 --------- d-----w c:\programdata\TrackMania
2008-11-04 15:35 --------- d-----w c:\users\Barnaba\AppData\Roaming\teamspeak2
2008-11-03 14:42 --------- d-----w c:\users\Barnaba\AppData\Roaming\HLSW
2008-11-02 19:51 --------- d-----w c:\users\Barnaba\AppData\Roaming\OpenOffice.org2
2008-11-02 14:01 183,120 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-02 14:01 137,480 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-01 16:16 --------- d-----w c:\users\Barnaba\AppData\Roaming\FileZilla
2008-10-29 02:02 --------- d-----w c:\users\Barnaba\AppData\Roaming\mIRC
2008-10-24 22:20 --------- d-----w c:\users\Barnaba\AppData\Roaming\Mumble
2008-10-23 16:06 --------- d-----w c:\programdata\Xfire
2008-10-22 19:22 --------- d-----w c:\users\Barnaba\AppData\Roaming\Xfire
2008-10-22 18:17 --------- d-----w c:\program files\Xfire
2008-10-18 08:12 --------- d-----w c:\program files\Windows Mail
2008-10-15 11:12 --------- d-----w c:\program files\Google
2008-10-11 09:04 --------- d-----w c:\program files\Java
2008-10-09 00:47 42,320 ----a-w c:\windows\System32\xfcodec.dll
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-19 19:21 --------- d-----w c:\users\Barnaba\AppData\Roaming\Ventrilo
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
2008-08-17 15:15 174 --sha-w c:\program files\desktop.ini
2007-12-25 16:51 22,328 ----a-w c:\users\Barnaba\AppData\Roaming\PnkBstrK.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-15_22.02.07,59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-15 20:51:17 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-18 18:34:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-15 20:51:17 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-18 18:34:23 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-15 20:53:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-18 18:44:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-18 18:44:25 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-15 20:53:05 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-18 18:44:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-18 18:44:20 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-18 20:08:20 72,256 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2008-10-16 13:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2008-11-13 18:51:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-17 15:59:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-13 18:51:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-17 15:59:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-13 18:51:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-17 15:59:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-10 16:45:00 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-18 18:30:14 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-11-15 20:58:19 104,742 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-18 18:41:55 104,742 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-15 20:58:19 127,798 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-18 18:41:55 127,798 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-15 20:58:19 595,308 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-18 18:41:55 595,308 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-15 20:58:19 678,718 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-18 18:41:55 678,718 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-12 12:40:52 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-11-17 17:52:23 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-11-15 20:53:11 12,700 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1772316304-2762622859-974373420-1000_UserData.bin
+ 2008-11-18 18:12:22 13,020 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1772316304-2762622859-974373420-1000_UserData.bin
- 2008-11-15 20:53:11 85,802 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-18 18:24:55 86,516 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-15 17:15:33 4,520 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-11-15 21:34:27 4,750 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-15 20:53:10 41,032 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-18 18:24:52 41,096 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-12 11:43:13 145,083,786 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-17 15:58:32 145,376,489 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll
+ 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll
+ 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wups.dll
+ 2008-10-16 12:56:04 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuapp.exe
+ 2008-10-16 13:08:00 162,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuwebv.dll
+ 2008-10-16 21:09:43 51,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe
+ 2008-10-16 21:13:38 1,809,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuaueng.dll
+ 2008-10-16 21:09:43 43,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wups2.dll
+ 2008-10-16 20:56:28 1,524,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.788_none_a8125d5406872725\wucltux.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2008-06-24 5674352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]
"DeathAdder"="c:\program files\RazerMse\DeathAdder\razerhid.exe" [2007-05-07 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1772316304-2762622859-974373420-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{9B6BC057-4C97-4EE5-BE02-8D8747BFFB20}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{C55A3EF8-AC09-4998-9F3B-322A46E584E5}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{06224626-92BF-4DC2-A1AF-ACC19BA34311}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{9B35DF4E-B482-4E8F-9B97-B79325AB93BC}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"TCP Query User{6980D05A-37C3-4914-A252-0361A7C49AF5}c:\\program files\\call of duty game of the year edition\\codmp.exe"= UDP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"UDP Query User{18ABF5D3-EA70-4139-B173-F21D9D892E14}c:\\program files\\call of duty game of the year edition\\codmp.exe"= TCP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"TCP Query User{C584C3B9-D308-4377-BC2F-442A87665D77}c:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:c:\program files\codemasters\dirt\dirt.exe:D iRT Executable
"UDP Query User{2DF64198-C6D0-4C48-90D7-7D0C4CB22DEC}c:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:c:\program files\codemasters\dirt\dirt.exe:D iRT Executable
"TCP Query User{BE335FA5-5156-4639-87F5-4D08825A182B}c:\\counter-strike source lan edition\\hl2.exe"= UDP:c:\counter-strike source lan edition\hl2.exe:hl2
"UDP Query User{52451095-827A-4B8A-9B94-619C98F15576}c:\\counter-strike source lan edition\\hl2.exe"= TCP:c:\counter-strike source lan edition\hl2.exe:hl2
"{880EEA45-EB03-4C64-9A33-D48947886E00}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{CAE21F18-51F0-40AB-B11F-9A0CBEBF4A7E}c:\\program files\\steam\\steamapps\\mathieu604\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mathieu604\counter-strike source\hl2.exe:hl2
"UDP Query User{82AB9CDB-AF8C-4AD5-99CA-6A086CE16B1E}c:\\program files\\steam\\steamapps\\mathieu604\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mathieu604\counter-strike source\hl2.exe:hl2
"TCP Query User{66F00A5C-9C5D-4732-8995-60123CCB64E6}c:\\program files\\call of duty game of the year edition\\codmp.exe"= UDP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"UDP Query User{267BF383-A8F2-427A-929F-9D1D26601E25}c:\\program files\\call of duty game of the year edition\\codmp.exe"= TCP:c:\program files\call of duty game of the year edition\codmp.exe:CoDMP
"TCP Query User{B4F7E90F-A578-4F35-A74B-3C19B390F1A1}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{AC66AF0B-5AB7-423A-87F4-4357B8FE8803}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{6EB7BCFB-DE49-4AF1-B6F2-B070BE41A010}c:\\program files\\steam\\steamapps\\mathieu604\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mathieu604\counter-strike source\hl2.exe:hl2
"UDP Query User{CC60BC46-0E7C-4B20-A5F1-BC10548BAF60}c:\\program files\\steam\\steamapps\\mathieu604\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mathieu604\counter-strike source\hl2.exe:hl2
"TCP Query User{BB2DBD6F-FEFC-4403-8FE8-5160B34C970B}c:\\counter-strike source lan edition\\hl2.exe"= UDP:c:\counter-strike source lan edition\hl2.exe:hl2
"UDP Query User{1285C4C8-C3C2-4956-88D0-7DD4EDE02CC5}c:\\counter-strike source lan edition\\hl2.exe"= TCP:c:\counter-strike source lan edition\hl2.exe:hl2
"TCP Query User{B155F585-9B21-4FAC-BA3D-1E5525CE3C60}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FA5380F3-D455-4AA2-9537-ADA0A3CB49C3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6FAE8BC0-CFF7-4215-AF25-403FBC6A2908}c:\\program files\\steam\\steamapps\\mathieu604\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mathieu604\day of defeat source\hl2.exe:hl2
"UDP Query User{E38EAA0A-4D52-4CEF-BAB3-D7628943B6AB}c:\\program files\\steam\\steamapps\\mathieu604\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mathieu604\day of defeat source\hl2.exe:hl2
"{98E3305B-F177-45B7-8854-74CE35C6DC92}"= UDP:c:\windows\System32\PnkBstrA.exe:p nkBstrA
"{22009243-C394-4672-B2B8-3D11E7B3513F}"= TCP:c:\windows\System32\PnkBstrA.exe:p nkBstrA
"{31F31461-F22B-48C8-957C-130BE35C2391}"= UDP:c:\windows\System32\PnkBstrB.exe:p nkBstrB
"{0C3A941E-383F-414A-9A31-557421DFCD7C}"= TCP:c:\windows\System32\PnkBstrB.exe:p nkBstrB
"{730A199E-9FD5-4B0E-9861-28A5B6DDD6AD}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{4042134C-E3F4-4500-9E4A-E5599CC7440A}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{42E0BD95-2DBF-418A-858C-4D83CFC98741}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E3B6E72F-4228-4565-B05B-44AA1E4E9406}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{F6801F77-A562-4158-B456-6B0C0E6F43C7}c:\\program files\\steam\\steamapps\\mathieu604\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\mathieu604\source dedicated server\srcds.exe:srcds
"UDP Query User{FCBFB9AA-AA71-4323-9085-9CA61C820403}c:\\program files\\steam\\steamapps\\mathieu604\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\mathieu604\source dedicated server\srcds.exe:srcds
"TCP Query User{34B2AAE5-B8A1-4EAD-9002-7D613E68DD71}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{46790EF7-5FCA-4598-8C77-64EBDA832ED3}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{D5F3AD43-B194-4E4A-8BC3-1A7C6B2C3DA2}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{856BC291-E037-4DC0-A5EB-3206F5504556}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{B00F6B4B-52C3-48A7-BBD2-C1E0BF089A00}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{6D9402DF-59FD-4D15-9D9C-845E260BAB4B}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{56C1E67E-9161-459C-94CD-8C91765B1299}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{4688660D-DA71-4E2A-8C76-CA257E1EFD57}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{9EE31FB2-EF68-4D40-B91C-D05A7C514EAF}c:\\program files\\steam\\steamapps\\alexoudu64\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\alexoudu64\counter-strike source\hl2.exe:hl2
"UDP Query User{C7FF323E-FB9C-4AA3-B2DB-BA1FAE5A5A5B}c:\\program files\\steam\\steamapps\\alexoudu64\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\alexoudu64\counter-strike source\hl2.exe:hl2
"TCP Query User{BE681F61-44C9-4935-BC0B-F6D94BAD0B04}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D64EBC0B-779E-4D7F-9FF4-F533A44ABCE9}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{D565FD9A-DFAC-4AC2-AA8C-2A288DC0A47B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A1500B7-ACA8-4D4A-81F7-E133B6441619}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6D8112AC-7230-4EB0-832A-F021EFB9F183}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{F8B0D32E-6E4D-41D9-A646-4677D6B8B6EE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{D61FD2F5-803B-4527-A4B5-0FBC7E24BFCA}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E5999CB3-658D-4DED-9AC9-67A3E0E4D8C9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{4D0E2F47-E984-4FCB-86A0-F6C43DEBE2F1}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{B7429E33-4E48-4C1F-BD99-428410E4F2C9}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{87F20635-59E3-41FB-BB64-651BAEED3437}c:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{75FBEB9E-9B54-405F-8820-FA274472AFA9}c:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{E8572338-8F7F-4EDD-BE33-3957F7F8E257}c:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{CDC19744-EE40-4CC8-B940-B55274D1CB47}c:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{F0974D33-E5A8-447D-897E-A540F74A1928}c:\\users\\barnaba\\documents\\jeux\\css lan\\ap-css-lan\\hl2.exe"= UDP:c:\users\barnaba\documents\jeux\css lan\ap-css-lan\hl2.exe:hl2.exe
"UDP Query User{C4AF3EA4-DAC6-45C0-A552-C35909152F4B}c:\\users\\barnaba\\documents\\jeux\\css lan\\ap-css-lan\\hl2.exe"= TCP:c:\users\barnaba\documents\jeux\css lan\ap-css-lan\hl2.exe:hl2.exe
"TCP Query User{C5B0B6FC-0A2E-40EF-AA4C-3DB4E7D7205D}c:\\users\\barnaba\\documents\\jeux\\cs 1.6 lan\\counter strike 1.6\\hl.exe"= UDP:c:\users\barnaba\documents\jeux\cs 1.6 lan\counter strike 1.6\hl.exe:hl.exe
"UDP Query User{22B90640-B833-4129-B523-A9DF9C87A3F3}c:\\users\\barnaba\\documents\\jeux\\cs 1.6 lan\\counter strike 1.6\\hl.exe"= TCP:c:\users\barnaba\documents\jeux\cs 1.6 lan\counter strike 1.6\hl.exe:hl.exe
"TCP Query User{12D00C04-1800-4795-88FA-8085617771A2}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.794\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.794\freezer.exe:freezer.exe
"UDP Query User{F02CBCF1-9A4C-454D-9662-EE4FCC06E9D5}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.794\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.794\freezer.exe:freezer.exe
"TCP Query User{8C5D5FEE-5284-4805-A365-EF7E2834B9D3}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.341\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.341\freezer.exe:freezer.exe
"UDP Query User{2D87BD32-7C27-43F8-A8D7-2C0A7562A96F}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.341\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.341\freezer.exe:freezer.exe
"TCP Query User{2E7BACA3-807A-40BC-82F3-0BB21DA99196}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.654\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.654\freezer.exe:freezer.exe
"UDP Query User{F704E346-6E04-4F40-85D5-7ECA85345FDE}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.654\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.654\freezer.exe:freezer.exe
"TCP Query User{B6018835-286D-47DC-A013-E810D638F54A}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.994\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.994\freezer.exe:freezer.exe
"UDP Query User{BCB88D26-CDF5-4EE3-8FA0-F9E2F04C0A6B}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.994\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.994\freezer.exe:freezer.exe
"{66582AFD-DD35-485D-87DB-ED6D6DEC99E6}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{073A8E79-1A98-4CFA-9D08-47AEA9CF75FA}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{7EF7F3D9-9B83-4561-97E5-1EC2946486A9}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{D651EABC-F962-4637-9C49-DF6B95B376B0}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{CACF024C-6007-448A-8F4C-6D8E655338C2}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.732\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.732\freezer.exe:freezer.exe
"UDP Query User{73DF1747-2C70-435E-AB85-F1A9C1A6C33B}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.732\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.732\freezer.exe:freezer.exe
"TCP Query User{568438C0-9726-4157-8761-9195960FD7F0}c:\\users\\barnaba\\documents\\jeux\\aoe2\\age2_x1.exe"= UDP:c:\users\barnaba\documents\jeux\aoe2\age2_x1.exe:age2_x1.exe
"UDP Query User{A8C61F9F-656A-4D70-9FA0-9B4D5F260274}c:\\users\\barnaba\\documents\\jeux\\aoe2\\age2_x1.exe"= TCP:c:\users\barnaba\documents\jeux\aoe2\age2_x1.exe:age2_x1.exe
"TCP Query User{6B9C0EFB-90ED-48D0-9C5B-38CF7A6982AA}c:\\users\\barnaba\\documents\\jeux\\aoe2\\empires2.exe"= UDP:c:\users\barnaba\documents\jeux\aoe2\empires2.exe:empires2.exe
"UDP Query User{53292909-D5DA-491C-94CF-2A8882930CDD}c:\\users\\barnaba\\documents\\jeux\\aoe2\\empires2.exe"= TCP:c:\users\barnaba\documents\jeux\aoe2\empires2.exe:empires2.exe
"TCP Query User{27C8FA8D-B09C-4C45-B41E-C09561E6EA28}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query User{BA7D28AF-8733-4781-9F38-9DAC44767A2B}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"TCP Query User{9464AF4E-1E81-4110-9F60-0F56F0B04DDD}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{48110697-82BC-4BE4-B82D-C64E03FAA7DE}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{2600EB43-DFE1-4413-872D-57A1E6350494}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{C399B3D7-07DC-4D05-B160-41F3B1FD0B7F}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{AA0D2391-F0DB-4A80-915A-ED3BB1FA0078}c:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:c:\program files\thq\titan quest\titan quest.exe:Titan Quest
"UDP Query User{6878F4D1-56B6-4872-AA69-693A3DC1FC7A}c:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:c:\program files\thq\titan quest\titan quest.exe:Titan Quest
"TCP Query User{ECF9E1B7-A102-4EB7-88B9-8277FA67B73F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{032A9FA3-1C09-48AD-B26A-1065A521C9EA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{5025C74A-4BC9-4BAE-824C-8E6B8069A4F8}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.529\\freezer.exe"= UDP:c:\users\barnaba\appdata\local\temp\rar$ex00.529\freezer.exe:freezer.exe
"UDP Query User{3E0D2881-E1A6-45B6-9413-6A9367EADFCD}c:\\users\\barnaba\\appdata\\local\\temp\\rar$ex00.529\\freezer.exe"= TCP:c:\users\barnaba\appdata\local\temp\rar$ex00.529\freezer.exe:freezer.exe
"TCP Query User{02AB4A2B-5AD1-4C9A-908D-B59F19F2DF8A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3BD298D3-D5DF-48C0-BA42-61B3C6264E74}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{A26F3C02-A750-4A58-A790-032316604B08}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{41C0DE3F-330E-42FF-A732-9F6FC0BD9CC4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{0B2B0DE6-4052-4135-B447-6C9A3B6E983A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{64952FED-8BD1-407E-9E42-CF78F7B090CB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{6EEAB100-B1A7-49E7-B00E-1F4FB1D3864F}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{B11477BB-C143-43D9-8344-D54E466B64C8}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{DF4EA1A1-509A-400A-BAB3-EC2B8DFAB13B}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:p MSRegisterFile
"{2420B601-BC63-496B-A657-81198F940ABF}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:p MSRegisterFile
"{0B8D862A-B165-435F-8E4B-70F35DED19E0}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{5E664BD9-8744-4D71-83D9-4D301C796C58}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{3A7377B0-FA40-4533-9EEE-90DE2D92C034}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:p innacle VideoSpin
"{8134F12D-0285-43A8-A759-70EA8A2F5227}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:p innacle VideoSpin
"{D3F5E9C9-3A70-43C6-8D30-A7EDCCC1A1A7}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{61618743-A2C2-4862-B831-A54FA1B9E4A8}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{80F227A8-66E4-4876-A5E9-87F64AD63952}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{D0CA0176-10EC-40F7-A965-741F8C182714}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{B198B204-884D-4CEB-B5C9-11A35B9C6C69}c:\\program files\\steam\\steamapps\\samylemarseil\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\samylemarseil\counter-strike source\hl2.exe:hl2
"UDP Query User{A2F9F2FC-9870-4D65-AEA8-A7055F64A1C7}c:\\program files\\steam\\steamapps\\samylemarseil\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\samylemarseil\counter-strike source\hl2.exe:hl2
"TCP Query User{6A062278-F2CC-492D-A713-9398DD5F1680}c:\\program files\\steam\\steamapps\\romaindu64\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\romaindu64\counter-strike source\hl2.exe:hl2
"UDP Query User{D43871D1-DD35-472A-BB39-F0C5F98A39AF}c:\\program files\\steam\\steamapps\\romaindu64\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\romaindu64\counter-strike source\hl2.exe:hl2
"{C8AC5CEE-B6F1-4CCC-9790-C567F69D7B64}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3B8BE268-E55A-44F6-8F45-CCE656AFC15A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-08-17 10880]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc []
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\Drivers\camdrv30.sys [2001-08-17 171264]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\Drivers\CyUsb.sys [2008-08-17 31104]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2007-11-08 99576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{131fe1b5-5df8-11dc-952d-001a4d441f43}]
\shell\AutoRun\command - Z:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aea7746-769d-11dc-a0eb-001a4d441f43}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e10861e0-74cc-11dd-9127-001a4d441f43}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\NoLimit.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 11:08]

2008-11-18 c:\windows\Tasks\User_Feed_Synchronization-{ADC8B4D3-BCA3-413E-A6C6-073F7A609447}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Barnaba\AppData\Roaming\Mozilla\Firefox\Profiles\46wxdtws.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 19:55:08
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\RazerMse\DeathAdder\razertra.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\RazerMse\DeathAdder\razerofa.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2008-11-18 19:59:08 - La machine a redémarré [Barnaba]
ComboFix-quarantined-files.txt 2008-11-18 18:59:04
ComboFix2.txt 2008-11-15 21:31:46
ComboFix3.txt 2008-11-15 21:03:33
ComboFix4.txt 2008-11-13 18:46:51
ComboFix5.txt 2008-11-18 18:28:37

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 75,287,773,184 octets libres

350 --- E O F --- 2008-11-05 09:47:58




merci :D 



EDIT: Le 17nov, nouvelle version d'elibagla : http://www.zonavirus.com/datos/descargas/95/elibagla.as...
Je l'ai dl, ça a porté ses fruits, par contre je scan en mse ou pas ?
sinon rapport:



Tue Nov 18 21:34:48 2008
EliBagle v11.97 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 17 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Tue Nov 18 21:34:49 2008
EliBagle v11.97 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 17 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Qoobox\Quarantine\C\Program Files\Steam\STEAM.EXE.VIR --> Eliminado Bagle.dldr
C:\Qoobox\Quarantine\C\Windows\System32\drivers\WINFILSE.EXE.VIR --> Eliminado Bagle.dldr

Nº Total de Directorios: 20126
Nº Total de Ficheros: 184660
Nº de Ficheros Analizados: 17456
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2
a b 8 Sécurité
19 Novembre 2008 15:20:11

Bon tu veux pas virer tes cracks, tu te démerdes :) 
19 Novembre 2008 16:23:24

Ok ok désolé, il restait l'autre de CSS et pour everest je l'avais pas vu ...

désolé je vire tout ces merdes sur le champ.

merci

edit : done
a b 8 Sécurité
20 Novembre 2008 17:41:11

Tu as le même problème ?
20 Novembre 2008 17:52:48

Comment savoir ? Scan en ligne ?
Je pense qu'il est encore là oui ...
a b 8 Sécurité
20 Novembre 2008 18:03:54

Pourquoi ? Quels sont tes symptômes ?
20 Novembre 2008 18:13:36

Ben le pc m'a l'air de ramer un peu plus qu'avant, tfaçon il faut que je vide mon DD, que je fasse du back up et que je nettoie tout.
Sinon je desinstalle MBAM ?
Quand je fais un scan kaspersky en ligne firefox a cesser de fonctionner ... vista le bloque ...
Sinon il ma refoutu en l'air ma clé de registre EnableLUA...
J'essaie de reinstallé MBAM et de faire un scan en mode sans echec ? J'installe Gmer ?

Merci de ton aide
a b 8 Sécurité
20 Novembre 2008 18:45:49

Garde MBAM.

Citation :
Quand je fais un scan kaspersky en ligne firefox a cesser de fonctionner ... vista le bloque ...

Bah surtout que le scan en ligne ne fonctionne qu'avec Internet Explorer.

Tu peux essayé mais ça semble être clean.
20 Novembre 2008 18:52:24

Ca te semble clean ? t'es sur ?
comment ça se fait que enablelua se barre ?
si j'installe Gmer tu vas m'aider ?
Sinon je reinstalle antivir ?


mdr pour kaspersky ! :D 
a b 8 Sécurité
20 Novembre 2008 19:45:40

Oui réinstalle AntiVir. Tu peux toujours lancer Gmer.
a b 8 Sécurité
21 Novembre 2008 19:41:45

Ce n'est rien de méchant pour Kaspersky.
22 Novembre 2008 10:57:46


Avira AntiVir Personal
Report file date: 2008-11-21 19:56

Scanning for 1045520 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-MAXOU

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 2008-10-30 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 18:55:58
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 18:55:59
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 2008-11-16 18:55:59
ANTIVIR3.VDF : 7.1.0.122 154112 Bytes 2008-11-21 18:56:00
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 2008-11-21 18:56:06
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-21 18:56:05
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-21 18:56:05
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-21 18:56:04
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-21 18:56:04
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-21 18:56:03
AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-21 18:56:02
AEGEN.DLL : 8.1.1.5 323956 Bytes 2008-11-21 18:56:01
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 11:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 2008-11-21 18:56:01
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-21 18:56:00
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-11-21 19:56

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'razerofa.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'razertra.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'razerhid.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
59 processes with 59 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '38' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\Windows\System32\drivers\downld\36351056.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\Windows\System32\drivers\downld\67454.exe.vir
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was deleted!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: 2008-11-21 21:01
Used time: 1:05:12 Hour(s)

The scan has been done completely.

19353 Scanning directories
529630 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
529625 Files not concerned
3117 Archives were scanned
3 Warnings
2 Notes


J'ai l'air de plus rien avoir, et ma clé enable lua est présente.
Je te remercie vivement pour ton aide précieuse, franchement je pensais pas qu'on allait y arriver!

En tout cas j'ai pris conscience que plus en plus de cracks sur eMule contiennent Bagle, et que je vais arrêté de télécharger des cracks sur eMule !
Bref je rédigerais peut être un topic sur bagle !

Merci encore

:) 



Juste une dernière question, je purge mes points de restauration ou pas ?
a b 8 Sécurité
22 Novembre 2008 13:32:16

Citation :
Juste une dernière question, je purge mes points de restauration ou pas ?

Yep.

Juste pour info, les fichiers détectaient par Kaspersky & AntiVir étaient dans la quarantaine de Combofix. Donc rien de méchant.
22 Novembre 2008 13:43:07

Eh hop ! 31Go en plus :) 

Ok, oui j'ai vu mais je préférai quand même les virer.
En fait tu avais raison pour mes autres cracks.
Bref c'est une bonne idée le dossier Bagle?

Encore merci, t'es génial
a b 8 Sécurité
22 Novembre 2008 20:19:17

Le dossier Bagle ?
22 Novembre 2008 20:30:21

Angeldark a dit :
Le dossier Bagle ?


Oui, faire un dossier car j'ai vu ces derniers temps plein de posts sur win32 bagle etc ..
enfin comme tu veux.
C'est une infection de plus en plus répandue comme Vundo.
a b 8 Sécurité
23 Novembre 2008 15:59:02

Nan si tu as un problème tu reviens. Si t'arrête de télécharger des cracks tu n'auras plus de prob...
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS