Votre question

Trojan:Win32/Vundo.gen!M

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Juin 2008 13:20:20

salut
telecharge malwarebytes
http://www.malwarebytes.org/mbam.php
poste ton rapport des que que l'analyse est fini

Autres pages sur : trojan win32 vundo gen

22 Juin 2008 13:22:09

Voila, depuis ce matin , je suis infecté par un virus : Trojan:Win32/Vundo.gen!M

J'ai fait une analyse avec mon anti virus, mais impossible de le supprimeer ou de le mettre en quarantaine.
Voila le petit rapport qu'il m'a fait :

Erreur rencontrée :
Code 0x80508021. Un problème inattendu s’est produit. Installez toutes les mises à jour disponibles, puis essayez de redémarrer le programme. Pour plus d’informations sur l’installation des mises à jour, voir Aide et support.

Catégorie :
Cheval de Troie

Description :
Ce programme affiche des publicités et peut être difficile à supprimer.

Conseil :
Supprimer immédiatement ce logiciel.

Ressources :
clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{F86B11F3-0CE1-475F-9541-5329BF7B3597}

regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\MSServer

regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{F86B11F3-0CE1-475F-9541-5329BF7B3597}

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{F86B11F3-0CE1-475F-9541-5329BF7B3597}

regkey:
HKCU@S-1-5-21-1671650471-1359556007-2912313553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\MSServer

shellexechook:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\\{F86B11F3-0CE1-475F-9541-5329BF7B3597}

runkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\MSServer

runkey:
HKCU@S-1-5-21-1671650471-1359556007-2912313553-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\MSServer

file:
C:\Windows\system32\pmnkLEwu.dll

file:
C:\Windows\system32\lJAtqNDt.dll

file:
C:\Windows\system32\efCULEtQ.dll

file:
C:\Users\Thomas\AppData\Local\Temp\opnnlKaB.dll


Voila, mereci de m'aider :) 
a b 8 Sécurité
22 Juin 2008 20:09:09

Bonjour,

Poste pour suivre.
Contenus similaires
23 Juin 2008 08:14:37

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 621

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 203541
Temps écoulé: 39 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d761645b-6b20-4698-aee8-729981152a82} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\Thomas\AppData\Local\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\Thomas\AppData\Local\Temp\NI.UGA6PV_0001_N122M1202\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Thomas\AppData\Local\Temp\NI.UGA6PV_0001_N122M1202\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
23 Juin 2008 10:45:26

ok fais moi un autre log hijackthis. stp
a b 8 Sécurité
23 Juin 2008 12:33:05

Tu veux un autre log alors qui n'en a pas fait encore ?
Si tu continues comme ça sarrazin, tu vas vite jarter :) 

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
23 Juin 2008 19:01:49

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:45, on 23/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AntivirusOrdi] C:\Program Files\AntivirusOrdi\pgs.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\ljJAPGWo.dll,c
O4 - HKCU\..\Run: [BMe90bb51e] Rundll32.exe "C:\Users\Thomas\AppData\Local\Temp\qceoqjsp.dll",s
O4 - HKCU\..\Run: [ea388682] rundll32.exe "C:\Users\Thomas\AppData\Local\Temp\beuriysb.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SkillPowered.lnk = C:\Program Files\SkillPowered\SkillPowered.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12639 bytes

Voila le rapport
a b 8 Sécurité
23 Juin 2008 19:47:59

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    25 Juin 2008 12:17:45

    ComboFix 08-06-20.4 - Famille Bertran 2008-06-25 12:15:11.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1785 [GMT 2:00]
    Endroit: C:\Users\Famille Bertran\Downloads\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\AntiSpywareExpert
    C:\Program Files\ShoppingReport
    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiSpywareExpert
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiSpywareExpert\AntiSpywareExpert.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiSpywareExpert\Uninstall AntiSpywareExpert.lnk
    C:\Users\Famille Bertran\Desktop\AntiSpywareExpert.lnk
    C:\Users\Thomas\Desktop\AntiSpywareExpert.lnk
    C:\Windows\Downloaded Program Files\setup.inf
    C:\Windows\system32\jusched.exe

    ----- BITS: Possible sites infectés -----

    hxxp://h30155.www3.hp.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-24 06:42 . 2008-06-24 06:43 <REP> d-------- C:\WINDOWS\LastGood.Tmp
    2008-06-24 06:40 . 2008-06-24 06:40 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-06-23 19:05 . 2008-06-23 19:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-23 18:01 . 2008-06-23 18:01 <REP> d----c--- C:\WINDOWS\System32\DRVSTORE
    2008-06-23 18:01 . 2007-11-27 22:45 91,200 --a------ C:\WINDOWS\System32\drivers\msfwdrv.sys
    2008-06-23 18:01 . 2007-07-06 15:09 70,928 --a------ C:\WINDOWS\System32\drivers\MpFilter.sys
    2008-06-23 18:01 . 2007-11-27 22:44 37,440 --a------ C:\WINDOWS\System32\drivers\msfwhlpr.sys
    2008-06-23 17:58 . 2008-06-25 11:51 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live
    2008-06-22 21:40 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\System32\drivers\mbamcatchme.sys
    2008-06-22 21:40 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\System32\drivers\mbam.sys
    2008-06-22 19:40 . 2008-05-16 01:18 50,768 --a------ C:\WINDOWS\System32\drivers\aswMonFlt.sys
    2008-06-22 14:14 . 2008-06-24 19:11 <REP> d-------- C:\Users\Thomas\AppData\Roaming\SPORE Creature Creator
    2008-06-21 19:25 . 2008-06-21 19:25 <REP> d-------- C:\Users\Famille Bertran\AppData\Roaming\DAEMON Tools
    2008-06-21 18:16 . 2008-06-21 18:16 <REP> dr-h----- C:\Users\Thomas\AppData\Roaming\SecuROM
    2008-06-21 11:43 . 2008-06-21 11:43 <REP> d-------- C:\Users\All Users\Electronic Arts
    2008-06-21 11:43 . 2008-06-21 11:43 <REP> d-------- C:\ProgramData\Electronic Arts
    2008-06-21 11:41 . 2008-06-22 13:54 1,108 --a------ C:\WINDOWS\System32\ealregsnapshot1.reg
    2008-06-21 11:39 . 2008-06-22 13:52 <REP> d-------- C:\Program Files\Electronic Arts
    2008-06-18 17:50 . 2008-06-18 17:50 <REP> d-------- C:\UbiSoft
    2008-06-15 19:19 . 2008-06-15 19:19 <REP> d-------- C:\Users\Famille Bertran\AppData\Roaming\vlc
    2008-06-14 16:42 . 2008-04-23 06:42 428,544 --a------ C:\WINDOWS\System32\EncDec.dll
    2008-06-14 16:42 . 2008-04-23 06:42 293,376 --a------ C:\WINDOWS\System32\psisdecd.dll
    2008-06-14 16:42 . 2008-04-23 06:41 218,624 --a------ C:\WINDOWS\System32\psisrndr.ax
    2008-06-14 16:42 . 2008-04-23 06:41 57,856 --a------ C:\WINDOWS\System32\MSDvbNP.ax
    2008-06-11 12:16 . 2008-04-25 04:12 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb
    2008-06-11 12:16 . 2008-04-26 10:08 1,314,816 --a------ C:\WINDOWS\System32\quartz.dll
    2008-06-11 12:16 . 2008-04-25 06:35 826,880 --a------ C:\WINDOWS\System32\wininet.dll
    2008-06-11 12:16 . 2008-05-10 03:33 113,664 --a------ C:\WINDOWS\System32\drivers\rmcast.sys
    2008-06-08 19:49 . 2008-06-08 19:49 <REP> d-------- C:\Program Files\TVAntsX
    2008-06-08 10:31 . 2008-06-19 18:01 <REP> d-------- C:\Users\Thomas\Fuck le tri
    2008-06-07 19:33 . 2008-06-07 19:33 <REP> d-------- C:\Program Files\SteamKeyFr
    2008-05-31 21:03 . 2008-05-31 21:03 <REP> d-------- C:\Program Files\Vstplugins
    2008-05-28 18:32 . 2008-03-08 04:08 4,240,384 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
    2008-05-28 18:32 . 2008-03-08 06:21 1,695,744 --a------ C:\WINDOWS\System32\gameux.dll
    2008-05-26 21:28 . 2008-05-26 21:28 <REP> d-------- C:\Users\Famille Bertran\TaoUSign
    2008-05-25 17:59 . 2008-05-25 17:59 <REP> d-------- C:\Users\Thomas\Mes Fichier

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-25 10:11 --------- d-----w C:\Program Files\Steam
    2008-06-23 16:01 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-06-22 19:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-22 15:14 --------- d-----w C:\Users\Thomas\AppData\Roaming\teamspeak2
    2008-06-22 12:23 --------- d-----w C:\Users\Thomas\AppData\Roaming\uTorrent
    2008-06-22 11:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-15 17:13 --------- d-----w C:\Users\Thomas\AppData\Roaming\Skype
    2008-06-15 12:41 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
    2008-06-15 12:41 20 ---h--w C:\Users\All Users\PKP_DLds.DAT
    2008-06-15 12:41 20 ---h--w C:\ProgramData\PKP_DLec.DAT
    2008-06-15 12:41 20 ---h--w C:\ProgramData\PKP_DLds.DAT
    2008-06-12 18:19 --------- d-----w C:\Program Files\Windows Mail
    2008-06-11 11:01 --------- d-----w C:\Program Files\Common Files\Steam
    2008-06-08 11:25 --------- d---a-w C:\ProgramData\TEMP
    2008-05-31 19:03 --------- d-----w C:\ProgramData\Sony
    2008-05-31 19:03 --------- d-----w C:\Program Files\Sony
    2008-05-25 08:41 --------- d-----w C:\Users\Famille Bertran\AppData\Roaming\Canon
    2008-05-24 17:41 --------- d-----w C:\Users\Thomas\AppData\Roaming\Canon
    2008-05-22 15:51 --------- d-----w C:\Program Files\FileZilla Client
    2008-05-21 14:21 --------- d-----w C:\Program Files\Panel-stunt
    2008-05-21 14:13 --------- d-----w C:\Program Files\GTASACenter
    2008-05-21 08:23 --------- d-----w C:\Users\Thomas\AppData\Roaming\FileZilla
    2008-05-20 19:26 --------- d-----w C:\Program Files\Pane_Stunter_v2
    2008-05-19 18:53 --------- d-----w C:\Program Files\Safari
    2008-05-19 18:52 --------- d-----w C:\Program Files\Apple Software Update
    2008-05-19 16:40 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-19 16:18 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-05-18 10:45 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-05-18 10:45 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-05-18 10:45 22,328 ----a-w C:\Users\Thomas\AppData\Roaming\PnkBstrK.sys
    2008-05-18 10:45 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-05-18 10:30 --------- d-----w C:\Program Files\Activision
    2008-05-17 15:48 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-05-17 15:47 --------- d-----w C:\Users\Thomas\AppData\Roaming\DAEMON Tools
    2008-05-17 09:38 --------- d-----w C:\Users\Thomas\AppData\Roaming\DivX
    2008-05-16 15:25 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-12 11:12 --------- d-----w C:\Program Files\Rockstar Games
    2008-05-11 08:50 --------- d-----w C:\ProgramData\Roxio
    2008-05-10 09:35 --------- d-----w C:\Program Files\WinAVI MP4 Converter
    2008-05-09 15:37 --------- d-----w C:\Program Files\Opera
    2008-05-09 13:00 --------- d-----w C:\Program Files\Norton Security Scan
    2008-05-07 16:13 --------- d-----w C:\Users\Thomas\AppData\Roaming\Nikon
    2008-05-04 16:21 --------- d-----w C:\Program Files\uTorrent
    2008-05-03 16:39 --------- d-----w C:\Program Files\PacSteamT
    2008-05-03 16:37 --------- d-----w C:\Program Files\Common Files\Thraex Software
    2008-05-03 10:02 --------- d-----w C:\Users\Thomas\AppData\Roaming\Nero
    2008-05-03 10:02 --------- d-----w C:\ProgramData\LightScribe
    2008-05-03 10:01 --------- d-----w C:\ProgramData\Nero
    2008-05-03 10:01 --------- d-----w C:\Program Files\Nero
    2008-05-03 10:01 --------- d-----w C:\Program Files\Common Files\Nero
    2008-04-30 18:46 --------- d-----w C:\Program Files\DivX
    2008-04-27 08:49 --------- d-----w C:\Program Files\Take Covers
    2008-04-26 17:05 --------- d-----w C:\Program Files\AskTBar
    2008-04-15 22:41 1,227,264 ----a-w C:\Windows\System32\dx8vb.dll
    2008-04-13 17:59 1,596,094 ----a-w C:\Users\Thomas\mbam-setup.exe
    2008-04-13 13:10 623,055 ----a-w C:\Users\Thomas\SpywareSecure_trial_setup.exe
    2008-04-13 09:50 158,601 ----a-w C:\Users\Thomas\885662@141_Terrorist v2.0.zip
    2008-04-02 10:25 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
    2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-03-29 10:12 92,160 ----a-w C:\Windows\System32\ezUninst.exe
    2008-03-29 10:12 85,504 ----a-w C:\Windows\System32\ezShellStart.exe
    2008-03-29 10:12 49,152 ----a-w C:\Windows\System32\ezUPBHook.dll
    2008-03-29 10:12 33,792 ----a-w C:\Windows\System32\ezntsvc.exe
    2008-03-29 10:12 241,664 ----a-w C:\Windows\System32\ezSetup.exe
    2008-03-29 10:12 15,360 ----a-w C:\Windows\System32\ezMAPIHelper.exe
    2008-03-29 09:39 174 --sha-w C:\Program Files\desktop.ini
    2008-03-29 08:53 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-03-29 08:53 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 13:40 1783400]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\WINDOWS\System32\oobefldr.dll]
    "Steam"="c:\program files\steam\steam.exe" [2008-04-23 20:51 1271032]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
    "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-05-16 18:16 2732032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\WINDOWS\RtHDVCpl.exe]
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
    "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 02:56 54936]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-05-28 12:35 67112]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-28 01:59 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-28 01:59 8473120]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-28 01:59 81920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 15:37 44168]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-03-22 15:33:50 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableVirtualization"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableLockWorkstation"= 0 (0x0)
    "DisableChangePassword"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogoff"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{E54729E8-BB3D-4270-9D49-7389EA579090}"= C:\Windows\system32\EZUPBH~1.DLL [2008-03-29 12:12 49152]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "AntivirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{83BCDC0E-0E1E-48FE-B89C-06341343FA45}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{AD4DF904-F206-4CCB-8B49-A580CB409102}C:\\program files\\steam\\steamapps\\krashkiller\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\krashkiller\counter-strike source\hl2.exe:hl2
    "UDP Query User{C426582B-9D8C-4F48-A8D2-A5FCFB5AA7ED}C:\\program files\\steam\\steamapps\\krashkiller\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\krashkiller\counter-strike source\hl2.exe:hl2
    "{1341D295-C0A4-42B5-A697-E40506A0DB5B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C140A864-E37F-4C71-A4EF-2E2913889403}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{36BDA2BD-22CB-49CE-A3E6-6654BEF8C2DA}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{B515D7D1-82BE-4878-A44C-5B5CD56969F0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{C43D15F4-D3B2-4140-A3B0-AD6710201B6A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{57169ED2-9497-40BE-B4D7-13CB7335B8B1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{27365AA9-3249-444B-9510-E4BA6F736BB9}C:\\users\\thomas\\desktop\\nk176-standalone\\nk176-standalone\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= UDP:C:\users\thomas\desktop\nk176-standalone\nk176-standalone\mnt\usr\local\mysql\bin\mysqld.exe:mysqld.exe
    "UDP Query User{D65B989C-1497-4901-AFEC-73EF0C44B7D5}C:\\users\\thomas\\desktop\\nk176-standalone\\nk176-standalone\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= TCP:C:\users\thomas\desktop\nk176-standalone\nk176-standalone\mnt\usr\local\mysql\bin\mysqld.exe:mysqld.exe
    "TCP Query User{B7BFE8DE-2096-4530-8051-C4DD396456C5}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{1AA19F68-7879-4264-8BA3-650DBD22A3B3}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{83D25E11-C5FB-4D46-9E34-7F594292687F}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "UDP Query User{DD36A09A-1E68-418E-86A0-11D914721129}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "TCP Query User{4F4D30D4-79E5-4E0C-B206-C1F6499499D4}C:\\program files\\steam\\steamapps\\krashkiller\\source dedicated server\\srcds.exe"= UDP:C:\program files\steam\steamapps\krashkiller\source dedicated server\srcds.exe:srcds
    "UDP Query User{6DA0DB1F-A2CF-4760-9EF7-CEA435FEA8F2}C:\\program files\\steam\\steamapps\\krashkiller\\source dedicated server\\srcds.exe"= TCP:C:\program files\steam\steamapps\krashkiller\source dedicated server\srcds.exe:srcds
    "TCP Query User{E1EA60E9-4229-406B-B616-44387FF288E0}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{D3E8800B-AAA2-4744-B6D4-2C115E31E61D}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "{A3590DF9-C478-4602-924C-B5649911691A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{EA2AB234-819C-4FA8-AEAE-7A41E9C0AC58}"= UDP:C:\WINDOWS\System32\PnkBstrA.exe:p nkBstrA
    "{249A0B04-EF55-49A3-B7C1-C917863B2F37}"= TCP:C:\WINDOWS\System32\PnkBstrA.exe:p nkBstrA
    "{EF82C6FD-4BCE-4C63-94F3-30547DCCC4B2}"= UDP:C:\WINDOWS\System32\PnkBstrB.exe:p nkBstrB
    "{3EDDAF3D-A215-451F-87DE-D9B5A6E4D300}"= TCP:C:\WINDOWS\System32\PnkBstrB.exe:p nkBstrB
    "{F50DFC1F-B980-4F3A-A3B1-5928706EBDC5}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{2F80D398-8F77-4704-99EE-9450C7CF28F9}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "TCP Query User{5035D13C-219D-4159-A4DD-F4BE87A800FA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{29C50335-BCFC-4AC9-8601-F19C7206B1D2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{5E90F7AB-72D4-4B57-87A1-24752DC10B38}C:\\program files\\steam\\steamapps\\timothe_dehaene\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\timothe_dehaene\counter-strike source\hl2.exe:hl2
    "UDP Query User{FE0A54BB-7BFD-42B2-87D1-9D0E80AD5EAF}C:\\program files\\steam\\steamapps\\timothe_dehaene\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\timothe_dehaene\counter-strike source\hl2.exe:hl2
    "TCP Query User{0DAA9C3F-CA6C-4483-A9D3-FBE83BFFFD27}C:\\program files\\steam\\steamapps\\draze38\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\draze38\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{F13FA0CC-2A27-4D52-A2FC-59B28BC0D405}C:\\program files\\steam\\steamapps\\draze38\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\draze38\counter-strike\hl.exe:Half-Life Launcher
    "{40AD059B-01F2-41BB-9E1B-03C5D567AD51}"= UDP:63331:Windows Live OneCare
    "{86EA425F-472E-4B28-B7C0-CD9B82E153D9}"= UDP:63331:Windows Live OneCare

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;C:\Windows\system32\ezNTSvc.exe [2008-03-29 12:12]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-11 12:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ad2795e-ed0c-11dc-a820-806e6f6e6963}]
    \shell\AutoRun\command - E:\AUTORUN.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4485f1-2428-11dd-959b-001bb9d68e98}]
    \shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
    \shell\dinstall\command - J:\Directx\dxsetup.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-09 13:01:14 C:\Windows\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-03-08 13:30:12 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-25 12:19:18
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-25 12:20:56
    ComboFix-quarantined-files.txt 2008-06-25 10:20:39

    Pre-Run: 279,011,708,928 octets libres
    Post-Run: 279,044,284,416 octets libres

    271 --- E O F --- 2008-06-24 04:43:36
    a b 8 Sécurité
    25 Juin 2008 13:00:37

    Reposte un rapport Hijackthis.
    25 Juin 2008 21:13:30

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:17:40, on 25/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\hp\support\hpsysdrv.exe
    C:\hp\KBD\KbdStub.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Windows\ehome\ehmsas.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/tvants/tvants1/win32/cab...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 11073 bytes
    a b 8 Sécurité
    25 Juin 2008 21:52:40

    Tu as combien d'antivirus ?
    3 Juillet 2008 09:58:56

    Ouai pouvez vous m'aider j'ai moi aussi le meme problème et le meme rapport. S'il vous plaît aidez nous je n'aimes pas du tout les virus
    3 Juillet 2008 09:59:28

    Ouai pouvez vous m'aider j'ai moi aussi le meme problème et le meme rapport. S'il vous plaît aidez nous je n'aimes pas du tout les virus
    3 Juillet 2008 09:59:47

    Ouai pouvez vous m'aider j'ai moi aussi le meme problème et le meme rapport. S'il vous plaît aidez nous je n'aimes pas du tout les virus
    a b 8 Sécurité
    3 Juillet 2008 13:48:31

    Merci de créer ton propre sujet.
    3 Juillet 2008 14:17:38

    J'ai enfin trouvé comment faire après 2H de réflexion mais vous ne voulez pas savoir comment faire alors bye.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS