Forum Clubic

WINTEMS : Bagle . Cas encore différent ; HELP !

Bonjour,

après avoir vfeuilleté une bonne vinghtaine de forum pouvant m’aider, je n’ai toujours pas ma solution.

Mon Cas : Vista Familial premium. infecté par un bagle.

J’ai exécuté ELIBAGLA en mode sans échec et apparement il a éffacé les fichiers concerné par mon virus.


Voila le rapport :
Tue Apr 08 21:41:38 2008
EliBagle v11.23 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.23
a “virus@satinfo.es”. Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle

  Tue Apr 08 21:41:54 2008

EliBagle v11.23 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Exploración):
Explorando Unidad C:
C:\Windows\System32\MDELK.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\1586592.EXE --> Eliminado Bagle
C:\Windows\System32\drivers\downld\182708.EXE --> Eliminado Bagle

Nº Total de Directorios: 23001
Nº Total de Ficheros: 157054
Nº de Ficheros Analizados: 19380
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 3


Le problème est que apparement WINTEMS agit toujours car je ne peut toujours pas faire tourner windows normalement.
Voila ce qui est désactivé automatiquement depuis ce problème de virus :

  • Windows defender désactivé au démarrage
    -Pare feu : idem
    -Controle des comptes d’utilisateurs : activé au démarrage ^^
    -Avast remarche depuis l’analise de ELIBAGLA , depuis j’ai mis F-Secure Internet Security 2008.

Meme si je met dans les outils système le pare feu activé au démarrage , il ne s’active pas , comme si les réglages ne changeais rien ( pareil si s’active defender ou encore si je désactive le Controle des comptes d’utilisateurs : tout cela revient comme si je n’avait rien fait avant lors de mon démarrage de windows)

Le pire c’est que depuis de virus, mon wifi (c’est un pc portable) ne marche plus alors que il est bien allumé , et il est marqué dans le gestionnaire de périférique que la carte wifi marche bien. Meme vista me dit qu’il n’arrive pas à l’activer :frowning:

Alors si il a un gars balaise pour m’aider ce serait cool :slight_smile:

P.S : Hijackthis ne marche plus non plus :frowning:

Voila ce que combofix m’a sorti hier soir :

ComboFix 08-04-08.7 - SYSTEM 2008-04-09 1:43:30.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1707 [GMT 2:00]
Endroit: C:\Windows\system32\config\systemprofile\Desktop\ComboFix.exe
.
TimedOut: Windir.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ShoppingReport

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 22:52 1,670,895 ----a-w C:\ComboFix.exe
2008-04-08 22:05 73,728 ----a-w C:\KillBox.exe
2008-04-08 21:32 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-04-08 21:11 --------- d-----w C:\PROGRA~2\F-Secure
2008-04-08 21:08 --------- d-----w C:\PROGRA~2\fssg
2008-04-08 20:14 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-04-08 19:34 52,235 ----a-w C:\ELIBAGLA.AH%D8DB%D8%D8H.EXE
2008-04-08 15:13 --------- d-----w C:\PROGRA~2\Xfire
2008-04-08 15:03 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-08 14:59 --------- d-s—w C:\Program Files\Xfire
2008-04-08 12:28 33 ----a-w C:\Program Files\ATKPF.ini
2008-04-03 23:02 --------- d-----w C:\PROGRA~2\FLEXnet
2008-04-03 23:01 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-03 23:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 20:45 0 —ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-31 18:03 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 15:25 0 —ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-03-31 11:23 174 --sha-w C:\Program Files\desktop.ini
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Mail
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Journal
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Defender
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Calendar
2008-03-30 15:52 --------- d-----w C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\Todae
2008-03-26 01:38 --------- d-----w C:\PROGRA~2\Ubisoft
2008-03-26 01:25 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-03-26 01:13 --------- d-----w C:\Program Files\Putty
2008-03-26 00:44 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-26 00:44 --------- d-----w C:\PROGRA~2\Autodesk
2008-03-19 16:56 --------- d-----w C:\Program Files\GTactix
2008-03-18 08:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-16 01:47 --------- d-----w C:\Program Files\PrintFolder
2008-03-13 01:29 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-11 00:04 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-10 23:45 --------- d-----w C:\Program Files\mp3-explorer
2008-03-10 23:25 --------- d-----w C:\Program Files\PDFCreator
2008-03-10 23:10 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_8675.exe
2008-03-10 23:10 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-03-10 07:54 --------- d-----w C:\Program Files\Microsoft Works
2008-03-10 07:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-06 20:20 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-03-02 02:38 --------- d-----w C:\Program Files\ZiPhone
2008-02-28 18:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-25 11:25 --------- d-----w C:\Program Files\iTunes
2008-02-25 11:25 --------- d-----w C:\Program Files\iPod
2008-02-20 13:24 --------- d-----w C:\Program Files\ACAD2000
2008-02-18 12:59 --------- d-----w C:\Program Files\QuickTime
2008-02-10 23:10 --------- d-----w C:\Program Files\DivX
2008-01-19 07:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-19 07:33 58,880 ----a-w C:\Windows\bfsvc.exe
2008-01-19 07:33 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-19 07:33 498,176 ----a-w C:\Windows\HelpPane.exe
2008-01-19 07:33 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-19 07:33 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
2008-01-19 07:33 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
2008-01-19 07:33 2,927,104 ----a-w C:\Windows\explorer.exe
2008-01-19 07:33 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-19 07:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-19 07:33 151,040 ----a-w C:\Windows\notepad.exe
2008-01-19 07:33 134,656 ----a-w C:\Windows\regedit.exe
2008-01-19 07:33 13,312 ----a-w C:\Windows\fveupdate.exe
2007-12-16 21:01 22,328 ----a-w C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\PnkBstrK.sys
2007-10-11 18:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-11 18:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-11 18:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-03-19 08:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007031920070320\index.dat
2007-05-12 14:16 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007051220070513\index.dat
2007-12-21 22:21 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007122120071222\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [2007-01-19 13:55 5674352]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 09:33 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“FlashPlayerUpdate”=“C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe” [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DirectMessenger”=“C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE” [2006-12-26 06:57 988160]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2008-01-19 09:38 1008184]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-09-14 22:09 157592]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-11-22 07:27 815104]
“RtHDVCpl”=“RtHDVCpl.exe” [2006-12-01 07:36 4186112 C:\Windows\RtHDVCpl.exe]
“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2006-12-19 07:38 90191]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2006-12-19 07:38 7766016]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2006-12-19 07:38 81920]
“F-Secure Manager”=“C:\Program Files\F-Secure Internet Security\Common\FSM32.exe” [2007-05-25 15:12 183208]
“F-Secure TNB”=“C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe” [2007-05-25 15:11 740208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“GrpConv”=“grpconv -o” []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [2007-01-19 13:55 5674352]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 09:33 202240]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“FlashPlayerUpdate”=“C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe” [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.I420”= vdrcodec.dll
“msacm.alf2cd”= alf2cd.acm
“VIDC.MJPG”= Pvmjpg30.dll
“SENTINEL”= snti386.dll
“VIDC.XFR1”= xfcodec.dll
“VIDC.FMVC”= fmcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UacDisableNotify”=dword:00000001
“InternetSettingsDisableNotify”=dword:00000001
“AutoUpdateDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-371399724-456911832-2854259609-1000]
“EnableNotificationsRef”=dword:00000008

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{7AC48204-13CD-4118-8357-05366CF35362}”= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
“{4DF5C883-1717-4685-90D8-816D632133EA}”= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
“{15612682-5317-4770-8FC2-C8863E6DAD4D}”= UDP:C:\Program Files\Ubisoft\Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
“{AC03CAC5-33F7-478B-9B3E-49374BB40B93}”= TCP:C:\Program Files\Ubisoft\Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
“{1E85AB93-35FF-46C1-A2A1-6E7132646233}”= UDP:C:\Program Files\Ubisoft\Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
“{E41E6725-105A-45C3-89B2-3F7F8DC4851B}”= TCP:C:\Program Files\Ubisoft\Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
“{EC117A40-D888-417A-98F3-749BEA7A2CDE}”= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
“TCP Query User{AB335F85-1560-4363-BF61-304D51ED3478}D:\programmes\echamblardnext\echanblard\emule.exe”= UDP:D:\programmes\echamblardnext\echanblard\emule.exe:eMule
“UDP Query User{7EF8A230-6155-4D75-B6C2-F4EFC0791F81}D:\programmes\echamblardnext\echanblard\emule.exe”= TCP:D:\programmes\echamblardnext\echanblard\emule.exe:eMule
“TCP Query User{FAAAAEA0-EE5F-4AD8-AE2D-516B5DECDB11}I:\logs\echanblard\emule.exe”= UDP:I:\logs\echanblard\emule.exe:eMule
“UDP Query User{CD8ADD75-2750-47A9-80B0-716909E6B6F4}I:\logs\echanblard\emule.exe”= TCP:I:\logs\echanblard\emule.exe:eMule
“{42392112-09AA-4461-903D-C2A3FDFDB45B}”= UDP:C:\Windows\Installer{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe:MsblIco
“{EF26223D-1A9C-4517-871F-2A670949A10C}”= TCP:C:\Windows\Installer{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe:MsblIco
“TCP Query User{CEE017B4-C9C1-4CA2-AA36-B0B499668CC9}C:\program files\ea games\battlefield 2\bf2.exe”= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2
“UDP Query User{3B84D0BE-3E5F-4056-872A-1FAC7105AAC3}C:\program files\ea games\battlefield 2\bf2.exe”= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2
“{2CFAF393-990B-4824-9EDD-ACAE341256E9}”= UDP:D:\PROGRAMMES\R-B-R\richardburnsrally.exe:Richard Burns Rally
“{EF3E288E-FFB5-48A0-9D66-F4E47341045A}”= TCP:D:\PROGRAMMES\R-B-R\richardburnsrally.exe:Richard Burns Rally
“{2C4BC1FF-1488-4623-8B32-885EA0A6514D}”= UDP:D:\PROGRAMMES\R-B-R\RSRBR4Live.exe:RSRBR4Live
“{7029448F-2940-4653-906D-7C3349ABE3AE}”= TCP:D:\PROGRAMMES\R-B-R\RSRBR4Live.exe:RSRBR4Live
“{097CE8B1-081B-40D1-9BBC-316FFB54104A}”= UDP:D:\PROGRAMMES\R-B-R\RSRBR4.exe:RSRBR4
“{CDD425DF-FF1D-4955-8292-B16F37A9EF84}”= TCP:D:\PROGRAMMES\R-B-R\RSRBR4.exe:RSRBR4
“TCP Query User{FF1C6C5A-85D9-4206-B417-EB881C6C70B7}I:\logs\echanblard\emule.exe”= UDP:I:\logs\echanblard\emule.exe:eMule
“UDP Query User{F69C8DBE-1C83-426E-BBD3-BD6897C1A91A}I:\logs\echanblard\emule.exe”= TCP:I:\logs\echanblard\emule.exe:eMule
“TCP Query User{5AB9CEE4-3342-4E2C-9F34-481331DBD5F6}D:\programmes\echamblardnext\echanblard\emule.exe”= UDP:D:\programmes\echamblardnext\echanblard\emule.exe:eMule
“UDP Query User{86EB5550-5D67-406A-9F84-DAE12D910680}D:\programmes\echamblardnext\echanblard\emule.exe”= TCP:D:\programmes\echamblardnext\echanblard\emule.exe:eMule
“TCP Query User{FB035A22-C5C8-4617-9F30-26E59AC09106}C:\program files\swat 4\contentexpansion\system\swat4x.exe”= UDP:C:\program files\swat 4\contentexpansion\system\swat4x.exe:SWAT 4 - The Stetchkov Syndicate
“UDP Query User{C7ADC1E0-8D3C-45F1-A453-9F902524A471}C:\program files\swat 4\contentexpansion\system\swat4x.exe”= TCP:C:\program files\swat 4\contentexpansion\system\swat4x.exe:SWAT 4 - The Stetchkov Syndicate
“{E81D5CD9-BF8D-4103-BB21-E857FD6328B7}”= UDP:0:LocalSubnet:LocalSubnet:Magix UPnP Media Server
“{5D9C9F74-7691-4473-AF33-CE2D7777201D}”= UDP:2869:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (TCP)
“{EBC6E513-27EB-4E27-88CB-4F94DC52054C}”= TCP:1900:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (UDP)
“{86B4BA2D-FB2D-4340-9E58-06FE60FB1CD6}”= UDP:C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service
“{8AC90423-D365-441C-9E44-9D0873EF6E1E}”= TCP:C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service
“TCP Query User{4540EAE4-E32C-42FF-9FFA-109F24F6AADF}C:\program files\xfire\xfire.exe”= UDP:C:\program files\xfire\xfire.exe:Xfire
“UDP Query User{BD2E1833-6089-4510-BDD5-48AC39DA61FE}C:\program files\xfire\xfire.exe”= TCP:C:\program files\xfire\xfire.exe:Xfire
“TCP Query User{2BC3A72E-86A2-402A-8635-D19F30AD4450}C:\program files\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= UDP:C:\program files\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“UDP Query User{0651E06A-0451-4803-AEEB-6DDB3B5B01CF}C:\program files\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= TCP:C:\program files\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“TCP Query User{21FB62F2-FD32-413C-95F2-460781D6F44B}C:\program files\swat 4\content\system\swat4dedicatedserver.exe”= UDP:C:\program files\swat 4\content\system\swat4dedicatedserver.exe:SWAT 4
“UDP Query User{D9955F77-E3AF-434A-9E97-39701F996C1B}C:\program files\swat 4\content\system\swat4dedicatedserver.exe”= TCP:C:\program files\swat 4\content\system\swat4dedicatedserver.exe:SWAT 4
“TCP Query User{0761B0A8-84DC-4BA8-A46E-DDFC0771DF0A}C:\program files\swat 4\content\system\swat4.exe”= UDP:C:\program files\swat 4\content\system\swat4.exe:SWAT 4
“UDP Query User{D90419EE-2BB0-46FE-8261-18028CAB6B52}C:\program files\swat 4\content\system\swat4.exe”= TCP:C:\program files\swat 4\content\system\swat4.exe:SWAT 4
“TCP Query User{D310568C-E68F-4673-9C65-B194C597D980}D:\programmes\half life 2\steam.exe”= UDP:D:\programmes\half life 2\steam.exe:Steam
“UDP Query User{79076DD0-CD6A-41F8-805C-83DCBA7C5B74}D:\programmes\half life 2\steam.exe”= TCP:D:\programmes\half life 2\steam.exe:Steam
“TCP Query User{00215005-DCE2-4131-9A5D-7C693E1B4DBA}C:\program files\xfire\xfire.exe”= UDP:C:\program files\xfire\xfire.exe:Xfire
“UDP Query User{986D0D08-DAEC-49DC-9367-A8160AB04D9B}C:\program files\xfire\xfire.exe”= TCP:C:\program files\xfire\xfire.exe:Xfire
“TCP Query User{B6B527FB-6DAD-4990-AAC0-E4F9E58560A2}D:\programmes\q3\quake3.exe”= UDP:D:\programmes\q3\quake3.exe:quake3
“UDP Query User{B87D5494-1363-486D-A97A-E18DCEBBD0CE}D:\programmes\q3\quake3.exe”= TCP:D:\programmes\q3\quake3.exe:quake3
“TCP Query User{DCBB779A-4C90-485F-9B03-721624DF7A49}D:\programmes\swat4\content\system\swat4.exe”= UDP:D:\programmes\swat4\content\system\swat4.exe:SWAT 4
“UDP Query User{2DEBFFF3-4DA6-4443-B357-7503F8ADDC03}D:\programmes\swat4\content\system\swat4.exe”= TCP:D:\programmes\swat4\content\system\swat4.exe:SWAT 4
“{3753D277-FBF5-45EF-9CEE-4266B4676846}”= UDP:D:\PROGRAMMES\SWAT4\ContentExpansion\System\Swat4X.exe:SWAT 4 - The Stetchkov Syndicate
“{2F7DA15C-6D9C-4F32-9F17-93CBE4EB50A2}”= TCP:D:\PROGRAMMES\SWAT4\ContentExpansion\System\Swat4X.exe:SWAT 4 - The Stetchkov Syndicate
“TCP Query User{40744DB5-A6FC-412D-B925-14E189E4F756}D:\programmes\swat 4\contentexpansion\system\swat4x.exe”= UDP:D:\programmes\swat 4\contentexpansion\system\swat4x.exe:SWAT 4 - The Stetchkov Syndicate
“UDP Query User{454705EB-E4F0-4C71-B382-0818944B4DDD}D:\programmes\swat 4\contentexpansion\system\swat4x.exe”= TCP:D:\programmes\swat 4\contentexpansion\system\swat4x.exe:SWAT 4 - The Stetchkov Syndicate
“TCP Query User{F517F2BA-FC79-4490-8446-3B1E51506256}D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= UDP:D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“UDP Query User{D377E073-A3AD-48BB-95A8-E0540EA6F8E6}D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= TCP:D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“{AF4717DF-982B-4D16-BD81-8B5A763CDA1D}”= UDP:10481:LocalSubnet:LocalSubnet:voila
“{D44E62A7-0814-4DD5-8295-7F42CFFB9712}”= TCP:10481:LocalSubnet:LocalSubnet:voila 2
“TCP Query User{2D9CDED7-132D-436B-ADA4-2891E7EEDB5D}D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= UDP:D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“UDP Query User{B9FD7DBB-35D0-4D89-8E5C-9445F6B08377}D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= TCP:D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“{102C8BC6-5323-4FDE-820D-01C8EA298251}”= UDP:D:\PROGRAMMES\SWAT4\ContentExpansion\System\Swat4XDedicatedServer.exe:SWAT 4 - The Stetchkov Syndicate Dedicated Server
“{86D1020D-B9E3-45B4-82AE-9AD8EBD7F289}”= TCP:D:\PROGRAMMES\SWAT4\ContentExpansion\System\Swat4XDedicatedServer.exe:SWAT 4 - The Stetchkov Syndicate Dedicated Server
“{EBD571D4-299C-4E4A-A3CF-802BB1AFFC4A}”= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{D86FB1F4-EAC3-42AE-8DC7-659F86F7D6F9}”= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{411F72AE-589A-479F-910E-F0F732ECE0F6}”= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{80720BCD-EA44-419F-8039-5211F32B5AE0}”= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“TCP Query User{6344B743-8821-4FB5-8B87-26C4DF82B873}D:\programmes\toca race driver 3\rd3.exe”= UDP:D:\programmes\toca race driver 3\rd3.exe:RaceDriver 3 Application
“UDP Query User{AC662756-9E68-4054-8DA6-41313928AB0A}D:\programmes\toca race driver 3\rd3.exe”= TCP:D:\programmes\toca race driver 3\rd3.exe:RaceDriver 3 Application
“TCP Query User{2430BCD6-BA1C-4C3E-86B8-50CBD5C03976}C:\program files\zapu\zapu\wdivi.exe”= UDP:C:\program files\zapu\zapu\wdivi.exe:Zapu Control
“UDP Query User{F8A065A7-7A82-47C8-A372-0CE5D9474F4E}C:\program files\zapu\zapu\wdivi.exe”= TCP:C:\program files\zapu\zapu\wdivi.exe:Zapu Control
“{6FFF5ADF-2024-4C11-97AE-087D39576251}”= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
“{7A80E036-DFAB-4600-B54C-CD649FE38A73}”= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
“{1232690F-0A72-4199-9154-4BE8944F55DE}”= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
“{2DF1FD4B-547B-47A7-A21E-6B16218C243B}”= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
“{829BB1FB-8D85-4F1B-A152-19F659D819D4}”= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
“{77A86AAE-BF1A-4D55-9D3E-AEFF02ECE607}”= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
“{25078451-E1EC-4A8F-A46B-A53D7C268F92}”= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
“{04604C47-BCCE-424A-B61B-89CCD29A80F3}”= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
“TCP Query User{5BCE3BC5-27AC-40BA-AB6F-86C8AA5E08B9}C:\program files\itunes\itunes.exe”= UDP:C:\program files\itunes\itunes.exe:iTunes
“UDP Query User{63AE99A5-0232-4F17-93FB-E3DA8F6A72C2}C:\program files\itunes\itunes.exe”= TCP:C:\program files\itunes\itunes.exe:iTunes
“{FE20C021-BD89-4CFB-BCC7-FA343BF94B06}”= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{477F855D-AF5A-48AE-A48D-416980C7F241}”= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“TCP Query User{6410FF77-8185-41D2-8499-0338C229439A}J:\logs\echanblard\emule.exe”= UDP:J:\logs\echanblard\emule.exe:eChanblard
“UDP Query User{2808584C-4484-4C10-B8D7-4754C73363F0}J:\logs\echanblard\emule.exe”= TCP:J:\logs\echanblard\emule.exe:eChanblard
“TCP Query User{E519DEAC-CC83-4A97-9D21-0DEACA0F8AF6}H:\logs\echanblard\emule.exe”= UDP:H:\logs\echanblard\emule.exe:eChanblard
“UDP Query User{9471732F-D0C2-483E-B3C2-79EFB10359E4}H:\logs\echanblard\emule.exe”= TCP:H:\logs\echanblard\emule.exe:eChanblard
“{9FD2E8A2-BBAE-441E-A534-A0A295BF10A6}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“{4AC63A0C-611C-48BB-8DF9-4071FA415FC6}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“TCP Query User{2EAC594C-61C0-4221-A8E0-FC44B1611BE5}C:\program files\activision\call of duty 4 - modern warfare\mp_tool.exe”= UDP:C:\program files\activision\call of duty 4 - modern warfare\mp_tool.exe:mp_tool
“UDP Query User{B132B9AC-522A-4975-A56D-4A07F7B45EFE}C:\program files\activision\call of duty 4 - modern warfare\mp_tool.exe”= TCP:C:\program files\activision\call of duty 4 - modern warfare\mp_tool.exe:mp_tool
“TCP Query User{B54C40D9-3E0C-4893-AC8A-2405A507FF81}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.5.exe”= UDP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.5.exe:ModernRcon_v0.5
“UDP Query User{83972F14-DA89-4F95-AB31-560A83457BE5}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.5.exe”= TCP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.5.exe:ModernRcon_v0.5
“{32A498F8-35E9-4DEC-8B9E-68F4F46301EE}”= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{FDDEA0B1-FEDE-4422-87C5-BF927E1C443A}”= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“TCP Query User{F21FE08C-1D2D-4836-8D29-B4CDFA084A50}C:\users\j-ch\appdata\local\emule\emule.exe”= UDP:C:\users\j-ch\appdata\local\emule\emule.exe:emule.exe
“UDP Query User{8AF344FB-B6D5-4FA0-A101-D3E5FFAAFD8A}C:\users\j-ch\appdata\local\emule\emule.exe”= TCP:C:\users\j-ch\appdata\local\emule\emule.exe:emule.exe
“{30B08388-D29F-41C4-85D1-C8FEE51C5AFB}”= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
“{83D1C534-C95A-42DC-A4CA-D008981AFF6B}”= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
“TCP Query User{BE74C08B-AF47-4258-B65F-3BCFE2B46A17}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe”= UDP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe:ModernRcon_v0.6
“UDP Query User{D9522141-1C7C-4A35-849E-D23599A0FC8D}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe”= TCP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe:ModernRcon_v0.6
“TCP Query User{D0A3DD32-DFE7-4BBC-8C53-485212043AC2}C:\program files\winscp\winscp.exe”= UDP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client
“UDP Query User{F7B5E6B0-39E2-4EC0-B006-FE71BDF21DCB}C:\program files\winscp\winscp.exe”= TCP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client
“TCP Query User{CE73D382-2F1A-47BA-A21A-4DD8F74C8EEC}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe”= UDP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe:ModernRcon_v0.6
“UDP Query User{2C25FD8A-B81A-4316-B6C0-A5DA37172283}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe”= TCP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe:ModernRcon_v0.6
“TCP Query User{01506A4E-84E6-40DD-8D79-73CB8ADAD759}C:\program files\gtactix\gtactix.exe”= UDP:C:\program files\gtactix\gtactix.exe:Gtactix
“UDP Query User{738A7DB0-12E6-44E5-BA3D-069D054F47AC}C:\program files\gtactix\gtactix.exe”= TCP:C:\program files\gtactix\gtactix.exe:Gtactix
“{20208743-BEF2-4651-943F-3D4BBCB0833D}”= UDP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Dx9.exe:Assassin’s Creed Dx9
“{B8DF3223-E58B-4962-A982-F908F8AFA868}”= TCP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Dx9.exe:Assassin’s Creed Dx9
“{B18F906B-64B9-4D28-A93E-717E91430F6D}”= UDP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Dx10.exe:Assassin’s Creed Dx10
“{1DE74186-A745-4F14-BB92-66AE5BEDBC5B}”= TCP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Dx10.exe:Assassin’s Creed Dx10
“{CB71C822-2B27-464E-B676-091EFF546EEB}”= UDP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Launcher.exe:Assassin’s Creed Update
“{B6000162-F8AC-428B-93A6-E8A5C1668D18}”= TCP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Launcher.exe:Assassin’s Creed Update
“{5C45CD4A-A1E1-405C-8763-255A5564AA7B}”= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
“{FC5AA310-8870-4705-93E2-D3A049E37E81}”= Disabled:UDP:C:\Program Files\Autodesk\backburner\manager.exe:backburner 2.3 manager
“{00EB872A-8C5B-4F6F-A834-29AD500BF90E}”= Disabled:TCP:C:\Program Files\Autodesk\backburner\manager.exe:backburner 2.3 manager
“{76D5436F-CAE6-4FC3-9B29-BCE9E0C3C5B0}”= Disabled:UDP:C:\Program Files\Autodesk\backburner\monitor.exe:backburner 2.3 monitor
“{F3521C83-A296-4AEB-A3CE-AEDD34D5EBBB}”= Disabled:TCP:C:\Program Files\Autodesk\backburner\monitor.exe:backburner 2.3 monitor
“{ACFE3CC0-6B97-4C28-8D08-E50C685233BC}”= Disabled:UDP:C:\Program Files\Autodesk\backburner\server.exe:backburner 2.3 server
“{B3A45BE2-3224-4E39-84F7-88D31A4B60D0}”= Disabled:TCP:C:\Program Files\Autodesk\backburner\server.exe:backburner 2.3 server
“TCP Query User{0EEC364A-0E7C-4838-B07C-3224E2E97ECF}D:\programmes\worms 4\worms 4 mayhem.exe”= Disabled:UDP:D:\programmes\worms 4\worms 4 mayhem.exe:Worms 4 Mayhem
“UDP Query User{53727C7A-9A70-499C-884E-5AC7612C9BE8}D:\programmes\worms 4\worms 4 mayhem.exe”= Disabled:TCP:D:\programmes\worms 4\worms 4 mayhem.exe:Worms 4 Mayhem

R1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557762;C:\Windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2007-10-29 19:22]
S1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
S1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-05-25 15:09]
S1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-05-25 15:10]
S1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2007-05-25 15:08]
S2 ACEDRV09;ACEDRV09;C:\Windows\system32\drivers\ACEDRV09.sys [2007-07-29 20:23]
S2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);“C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe” -sAUTODESKVAULT []
S2 SQLWriter;SQL Server VSS Writer;“C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe” [2007-02-10 06:29]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-11 01:31]
S3 Asushwio;Asushwio;C:\Windows\system32\drivers\Asushwio.sys [2006-10-10 13:33]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-10-16 16:30]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\DRIVERS\StkCMini.sys [2007-01-20 00:19]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 18:00]
S3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 01:37]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

Newly Created Service - CATCHME
Newly Created Service - ECACHE
.


catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-04-09 01:49:37
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés …

Balayage caché autostart entries …

Balayage des fichiers cachés …

Scan terminé avec succès
Les fichiers cachés: 0


.
Temps d’accomplissement: 2008-04-09 1:50:31
ComboFix-quarantined-files.txt 2008-04-08 23:50:29
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-08 20:14:33 — E O F —


Et ma situation dégénère, internet met 2min a démarrer !!! :frowning:

Personne pour m’aider …?

Je suis désespéré, surtout que apparemment cela me fait une erreur sur le disque C: car je ne peut pas restaurer. :op
Et si je demande une vérification du disque C: au démarrage, le pc me met :

" Vérification de C:
Impossible de vérifier C: en accès direct"

Wahou !!! violent !

Je peut faire quoi ? (a part formater)

salut,
supprime Elibagla,combofix,ainsi que les dossiers restants
C:[b]ComboFix.exe[/b]
C:[b]KillBox.exe[/b]
C:[b]ELIBAGLA.AH%D8DB%D8%D8H.EXE[/b]

retélécharge combofix et ElibaglA,renomme-les avant de les enregistrer sur le bureau
en taratonq1.exe et taratonq2.exe,passe en mode sans échec et exécute-les
l’un après l’autre.redémarre normalement et poste les nouveaux rapports.

ensuite fait un scan en ligne bitdefender et poste le rapport final.
www.bitdefender.fr…

Je viens de faire la première partie , j’ai meme installé Hijackthis et fait une analyse en mode sans échec.
Je suis en train de faire l’analyse par bit defender en ligne , + une analyse du rootkit par F-Secure.

Voila le rapport de ELIBAGLA :
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

  Wed Apr 09 18:46:50 2008

EliBagle v11.24 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Acción Directa):

  Wed Apr 09 18:46:59 2008

EliBagle v11.24 ©2008 S.G.H. / Satinfo S.L.

Lista de Acciones (por Exploración):
Explorando Unidad C:
C:\Muestras\HLDRRR.EXE.MUESTRA ELIBAGLE V11.23 --> Eliminado Bagle.dldr
C:\Users\J-Ch\AppData\Local\Temp\Rar$EX00.841\KHALMNPR.EXE --> Eliminado Bagle.dldr
C:\Users\J-Ch\AppData\Local\Temp\Rar$EX00.841\SCREENVIRTUOSO PROFESSIONAL 3.11.2108 (CRACKED).EXE --> Eliminado Bagle.dldr
C:\Users\J-Ch\AppData\Local\Temp\Rar$EX01.344\SCREENVIRTUOSO PROFESSIONAL 3.11.2108.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 23586
Nº Total de Ficheros: 158499
Nº de Ficheros Analizados: 19550
Nº de Ficheros Infectados: 4
Nº de Ficheros Limpiados: 4

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Oui je sais , c’est pas bien de DL des C****k :frowning:

Voila le rapport de Combofix :
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
ComboFix 08-04-08.10 - SYSTEM 2008-04-09 18:59:34.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1542 [GMT 2:00]
Endroit: C:\Windows\system32\config\systemprofile\Desktop\Tara2.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 10:51 --------- d-----w C:\Program Files\SIW
2008-04-09 06:31 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 06:31 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-04-08 21:32 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-04-08 21:11 --------- d-----w C:\PROGRA~2\F-Secure
2008-04-08 21:08 --------- d-----w C:\PROGRA~2\fssg
2008-04-08 15:13 --------- d-----w C:\PROGRA~2\Xfire
2008-04-08 15:03 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-08 14:59 --------- d-s—w C:\Program Files\Xfire
2008-04-08 12:28 33 ----a-w C:\Program Files\ATKPF.ini
2008-04-03 23:02 --------- d-----w C:\PROGRA~2\FLEXnet
2008-04-03 23:01 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-03 23:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 20:45 0 —ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-31 18:03 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 15:25 0 —ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-03-31 11:23 174 --sha-w C:\Program Files\desktop.ini
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Journal
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Defender
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-31 11:11 --------- d-----w C:\Program Files\Windows Calendar
2008-03-26 01:38 --------- d-----w C:\PROGRA~2\Ubisoft
2008-03-26 01:25 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-03-26 01:13 --------- d-----w C:\Program Files\Putty
2008-03-26 00:44 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-26 00:44 --------- d-----w C:\PROGRA~2\Autodesk
2008-03-19 16:56 --------- d-----w C:\Program Files\GTactix
2008-03-18 08:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-16 01:47 --------- d-----w C:\Program Files\PrintFolder
2008-03-13 01:29 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-11 00:04 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-10 23:45 --------- d-----w C:\Program Files\mp3-explorer
2008-03-10 23:25 --------- d-----w C:\Program Files\PDFCreator
2008-03-10 23:10 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_8675.exe
2008-03-10 23:10 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-03-10 07:54 --------- d-----w C:\Program Files\Microsoft Works
2008-03-10 07:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-06 20:20 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-03-02 02:38 --------- d-----w C:\Program Files\ZiPhone
2008-02-28 18:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-25 11:25 --------- d-----w C:\Program Files\iTunes
2008-02-25 11:25 --------- d-----w C:\Program Files\iPod
2008-02-20 13:24 --------- d-----w C:\Program Files\ACAD2000
2008-02-18 12:59 --------- d-----w C:\Program Files\QuickTime
2008-02-10 23:10 --------- d-----w C:\Program Files\DivX
2008-01-19 07:34 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-19 07:33 58,880 ----a-w C:\Windows\bfsvc.exe
2008-01-19 07:33 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-19 07:33 498,176 ----a-w C:\Windows\HelpPane.exe
2008-01-19 07:33 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-19 07:33 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
2008-01-19 07:33 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
2008-01-19 07:33 2,927,104 ----a-w C:\Windows\explorer.exe
2008-01-19 07:33 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-19 07:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-19 07:33 151,040 ----a-w C:\Windows\notepad.exe
2008-01-19 07:33 134,656 ----a-w C:\Windows\regedit.exe
2008-01-19 07:33 13,312 ----a-w C:\Windows\fveupdate.exe
2007-10-11 18:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-11 18:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-11 18:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-03-19 08:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007031920070320\index.dat
2007-05-12 14:16 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007051220070513\index.dat
2007-12-21 22:21 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007122120071222\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [2007-01-19 13:55 5674352]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 09:33 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“FlashPlayerUpdate”=“C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe” [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DirectMessenger”=“C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE” [2006-12-26 06:57 988160]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2008-01-19 09:38 1008184]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-09-14 22:09 157592]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-11-22 07:27 815104]
“RtHDVCpl”=“RtHDVCpl.exe” [2006-12-01 07:36 4186112 C:\Windows\RtHDVCpl.exe]
“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2006-12-19 07:38 90191]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2006-12-19 07:38 7766016]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2006-12-19 07:38 81920]
“F-Secure Manager”=“C:\Program Files\F-Secure Internet Security\Common\FSM32.exe” [2007-05-25 15:12 183208]
“F-Secure TNB”=“C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe” [2007-05-25 15:11 740208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“GrpConv”=“grpconv -o” []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [2007-01-19 13:55 5674352]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 09:33 202240]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“FlashPlayerUpdate”=“C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe” [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UacDisableNotify”=dword:00000001
“InternetSettingsDisableNotify”=dword:00000001
“AutoUpdateDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-371399724-456911832-2854259609-1000]
“EnableNotificationsRef”=dword:00000008

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{7AC48204-13CD-4118-8357-05366CF35362}”= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
“{4DF5C883-1717-4685-90D8-816D632133EA}”= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
“{15612682-5317-4770-8FC2-C8863E6DAD4D}”= UDP:C:\Program Files\Ubisoft\Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
“{AC03CAC5-33F7-478B-9B3E-49374BB40B93}”= TCP:C:\Program Files\Ubisoft\Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
“{1E85AB93-35FF-46C1-A2A1-6E7132646233}”= UDP:C:\Program Files\Ubisoft\Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
“{E41E6725-105A-45C3-89B2-3F7F8DC4851B}”= TCP:C:\Program Files\Ubisoft\Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
“{EC117A40-D888-417A-98F3-749BEA7A2CDE}”= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
“TCP Query User{AB335F85-1560-4363-BF61-304D51ED3478}D:\programmes\echamblardnext\echanblard\emule.exe”= UDP:D:\programmes\echamblardnext\echanblard\emule.exe:eMule
“UDP Query User{7EF8A230-6155-4D75-B6C2-F4EFC0791F81}D:\programmes\echamblardnext\echanblard\emule.exe”= TCP:D:\programmes\echamblardnext\echanblard\emule.exe:eMule
“TCP Query User{FAAAAEA0-EE5F-4AD8-AE2D-516B5DECDB11}I:\logs\echanblard\emule.exe”= UDP:I:\logs\echanblard\emule.exe:eMule
“UDP Query User{CD8ADD75-2750-47A9-80B0-716909E6B6F4}I:\logs\echanblard\emule.exe”= TCP:I:\logs\echanblard\emule.exe:eMule
“{42392112-09AA-4461-903D-C2A3FDFDB45B}”= UDP:C:\Windows\Installer{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe:MsblIco
“{EF26223D-1A9C-4517-871F-2A670949A10C}”= TCP:C:\Windows\Installer{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe:MsblIco
“TCP Query User{CEE017B4-C9C1-4CA2-AA36-B0B499668CC9}C:\program files\ea games\battlefield 2\bf2.exe”= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2
“UDP Query User{3B84D0BE-3E5F-4056-872A-1FAC7105AAC3}C:\program files\ea games\battlefield 2\bf2.exe”= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2
“{2CFAF393-990B-4824-9EDD-ACAE341256E9}”= UDP:D:\PROGRAMMES\R-B-R\richardburnsrally.exe:Richard Burns Rally
“{EF3E288E-FFB5-48A0-9D66-F4E47341045A}”= TCP:D:\PROGRAMMES\R-B-R\richardburnsrally.exe:Richard Burns Rally
“{2C4BC1FF-1488-4623-8B32-885EA0A6514D}”= UDP:D:\PROGRAMMES\R-B-R\RSRBR4Live.exe:RSRBR4Live
“{7029448F-2940-4653-906D-7C3349ABE3AE}”= TCP:D:\PROGRAMMES\R-B-R\RSRBR4Live.exe:RSRBR4Live
“{097CE8B1-081B-40D1-9BBC-316FFB54104A}”= UDP:D:\PROGRAMMES\R-B-R\RSRBR4.exe:RSRBR4
“{CDD425DF-FF1D-4955-8292-B16F37A9EF84}”= TCP:D:\PROGRAMMES\R-B-R\RSRBR4.exe:RSRBR4
“TCP Query User{FF1C6C5A-85D9-4206-B417-EB881C6C70B7}I:\logs\echanblard\emule.exe”= UDP:I:\logs\echanblard\emule.exe:eMule
“UDP Query User{F69C8DBE-1C83-426E-BBD3-BD6897C1A91A}I:\logs\echanblard\emule.exe”= TCP:I:\logs\echanblard\emule.exe:eMule
“TCP Query User{5AB9CEE4-3342-4E2C-9F34-481331DBD5F6}D:\programmes\echamblardnext\echanblard\emule.exe”= UDP:D:\programmes\echamblardnext\echanblard\emule.exe:eMule
“UDP Query User{86EB5550-5D67-406A-9F84-DAE12D910680}D:\programmes\echamblardnext\echanblard\emule.exe”= TCP:D:\programmes\echamblardnext\echanblard\emule.exe:eMule
“TCP Query User{FB035A22-C5C8-4617-9F30-26E59AC09106}C:\program files\swat 4\contentexpansion\system\swat4x.exe”= UDP:C:\program files\swat 4\contentexpansion\system\swat4x.exe:SWAT 4 - The Stetchkov Syndicate
“UDP Query User{C7ADC1E0-8D3C-45F1-A453-9F902524A471}C:\program files\swat 4\contentexpansion\system\swat4x.exe”= TCP:C:\program files\swat 4\contentexpansion\system\swat4x.exe:SWAT 4 - The Stetchkov Syndicate
“{E81D5CD9-BF8D-4103-BB21-E857FD6328B7}”= UDP:0:LocalSubnet:LocalSubnet:Magix UPnP Media Server
“{5D9C9F74-7691-4473-AF33-CE2D7777201D}”= UDP:2869:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (TCP)
“{EBC6E513-27EB-4E27-88CB-4F94DC52054C}”= TCP:1900:LocalSubnet:LocalSubnet:Microsoft UPnP-Port (UDP)
“{86B4BA2D-FB2D-4340-9E58-06FE60FB1CD6}”= UDP:C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service
“{8AC90423-D365-441C-9E44-9D0873EF6E1E}”= TCP:C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe:Magix UPnP Service
“TCP Query User{4540EAE4-E32C-42FF-9FFA-109F24F6AADF}C:\program files\xfire\xfire.exe”= UDP:C:\program files\xfire\xfire.exe:Xfire
“UDP Query User{BD2E1833-6089-4510-BDD5-48AC39DA61FE}C:\program files\xfire\xfire.exe”= TCP:C:\program files\xfire\xfire.exe:Xfire
“TCP Query User{2BC3A72E-86A2-402A-8635-D19F30AD4450}C:\program files\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= UDP:C:\program files\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“UDP Query User{0651E06A-0451-4803-AEEB-6DDB3B5B01CF}C:\program files\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= TCP:C:\program files\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“TCP Query User{21FB62F2-FD32-413C-95F2-460781D6F44B}C:\program files\swat 4\content\system\swat4dedicatedserver.exe”= UDP:C:\program files\swat 4\content\system\swat4dedicatedserver.exe:SWAT 4
“UDP Query User{D9955F77-E3AF-434A-9E97-39701F996C1B}C:\program files\swat 4\content\system\swat4dedicatedserver.exe”= TCP:C:\program files\swat 4\content\system\swat4dedicatedserver.exe:SWAT 4
“TCP Query User{0761B0A8-84DC-4BA8-A46E-DDFC0771DF0A}C:\program files\swat 4\content\system\swat4.exe”= UDP:C:\program files\swat 4\content\system\swat4.exe:SWAT 4
“UDP Query User{D90419EE-2BB0-46FE-8261-18028CAB6B52}C:\program files\swat 4\content\system\swat4.exe”= TCP:C:\program files\swat 4\content\system\swat4.exe:SWAT 4
“TCP Query User{D310568C-E68F-4673-9C65-B194C597D980}D:\programmes\half life 2\steam.exe”= UDP:D:\programmes\half life 2\steam.exe:Steam
“UDP Query User{79076DD0-CD6A-41F8-805C-83DCBA7C5B74}D:\programmes\half life 2\steam.exe”= TCP:D:\programmes\half life 2\steam.exe:Steam
“TCP Query User{00215005-DCE2-4131-9A5D-7C693E1B4DBA}C:\program files\xfire\xfire.exe”= UDP:C:\program files\xfire\xfire.exe:Xfire
“UDP Query User{986D0D08-DAEC-49DC-9367-A8160AB04D9B}C:\program files\xfire\xfire.exe”= TCP:C:\program files\xfire\xfire.exe:Xfire
“TCP Query User{B6B527FB-6DAD-4990-AAC0-E4F9E58560A2}D:\programmes\q3\quake3.exe”= UDP:D:\programmes\q3\quake3.exe:quake3
“UDP Query User{B87D5494-1363-486D-A97A-E18DCEBBD0CE}D:\programmes\q3\quake3.exe”= TCP:D:\programmes\q3\quake3.exe:quake3
“TCP Query User{DCBB779A-4C90-485F-9B03-721624DF7A49}D:\programmes\swat4\content\system\swat4.exe”= UDP:D:\programmes\swat4\content\system\swat4.exe:SWAT 4
“UDP Query User{2DEBFFF3-4DA6-4443-B357-7503F8ADDC03}D:\programmes\swat4\content\system\swat4.exe”= TCP:D:\programmes\swat4\content\system\swat4.exe:SWAT 4
“{3753D277-FBF5-45EF-9CEE-4266B4676846}”= UDP:D:\PROGRAMMES\SWAT4\ContentExpansion\System\Swat4X.exe:SWAT 4 - The Stetchkov Syndicate
“{2F7DA15C-6D9C-4F32-9F17-93CBE4EB50A2}”= TCP:D:\PROGRAMMES\SWAT4\ContentExpansion\System\Swat4X.exe:SWAT 4 - The Stetchkov Syndicate
“TCP Query User{40744DB5-A6FC-412D-B925-14E189E4F756}D:\programmes\swat 4\contentexpansion\system\swat4x.exe”= UDP:D:\programmes\swat 4\contentexpansion\system\swat4x.exe:SWAT 4 - The Stetchkov Syndicate
“UDP Query User{454705EB-E4F0-4C71-B382-0818944B4DDD}D:\programmes\swat 4\contentexpansion\system\swat4x.exe”= TCP:D:\programmes\swat 4\contentexpansion\system\swat4x.exe:SWAT 4 - The Stetchkov Syndicate
“TCP Query User{F517F2BA-FC79-4490-8446-3B1E51506256}D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= UDP:D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“UDP Query User{D377E073-A3AD-48BB-95A8-E0540EA6F8E6}D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= TCP:D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“{AF4717DF-982B-4D16-BD81-8B5A763CDA1D}”= UDP:10481:LocalSubnet:LocalSubnet:voila
“{D44E62A7-0814-4DD5-8295-7F42CFFB9712}”= TCP:10481:LocalSubnet:LocalSubnet:voila 2
“TCP Query User{2D9CDED7-132D-436B-ADA4-2891E7EEDB5D}D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= UDP:D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“UDP Query User{B9FD7DBB-35D0-4D89-8E5C-9445F6B08377}D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe”= TCP:D:\programmes\swat 4\contentexpansion\system\swat4xdedicatedserver.exe:SWAT 4 - The Stetchkov Syndicate
“{102C8BC6-5323-4FDE-820D-01C8EA298251}”= UDP:D:\PROGRAMMES\SWAT4\ContentExpansion\System\Swat4XDedicatedServer.exe:SWAT 4 - The Stetchkov Syndicate Dedicated Server
“{86D1020D-B9E3-45B4-82AE-9AD8EBD7F289}”= TCP:D:\PROGRAMMES\SWAT4\ContentExpansion\System\Swat4XDedicatedServer.exe:SWAT 4 - The Stetchkov Syndicate Dedicated Server
“{EBD571D4-299C-4E4A-A3CF-802BB1AFFC4A}”= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{D86FB1F4-EAC3-42AE-8DC7-659F86F7D6F9}”= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{411F72AE-589A-479F-910E-F0F732ECE0F6}”= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{80720BCD-EA44-419F-8039-5211F32B5AE0}”= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“TCP Query User{6344B743-8821-4FB5-8B87-26C4DF82B873}D:\programmes\toca race driver 3\rd3.exe”= UDP:D:\programmes\toca race driver 3\rd3.exe:RaceDriver 3 Application
“UDP Query User{AC662756-9E68-4054-8DA6-41313928AB0A}D:\programmes\toca race driver 3\rd3.exe”= TCP:D:\programmes\toca race driver 3\rd3.exe:RaceDriver 3 Application
“TCP Query User{2430BCD6-BA1C-4C3E-86B8-50CBD5C03976}C:\program files\zapu\zapu\wdivi.exe”= UDP:C:\program files\zapu\zapu\wdivi.exe:Zapu Control
“UDP Query User{F8A065A7-7A82-47C8-A372-0CE5D9474F4E}C:\program files\zapu\zapu\wdivi.exe”= TCP:C:\program files\zapu\zapu\wdivi.exe:Zapu Control
“{6FFF5ADF-2024-4C11-97AE-087D39576251}”= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
“{7A80E036-DFAB-4600-B54C-CD649FE38A73}”= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
“{1232690F-0A72-4199-9154-4BE8944F55DE}”= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
“{2DF1FD4B-547B-47A7-A21E-6B16218C243B}”= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
“{829BB1FB-8D85-4F1B-A152-19F659D819D4}”= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
“{77A86AAE-BF1A-4D55-9D3E-AEFF02ECE607}”= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
“{25078451-E1EC-4A8F-A46B-A53D7C268F92}”= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
“{04604C47-BCCE-424A-B61B-89CCD29A80F3}”= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
“TCP Query User{5BCE3BC5-27AC-40BA-AB6F-86C8AA5E08B9}C:\program files\itunes\itunes.exe”= UDP:C:\program files\itunes\itunes.exe:iTunes
“UDP Query User{63AE99A5-0232-4F17-93FB-E3DA8F6A72C2}C:\program files\itunes\itunes.exe”= TCP:C:\program files\itunes\itunes.exe:iTunes
“{FE20C021-BD89-4CFB-BCC7-FA343BF94B06}”= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{477F855D-AF5A-48AE-A48D-416980C7F241}”= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“TCP Query User{6410FF77-8185-41D2-8499-0338C229439A}J:\logs\echanblard\emule.exe”= UDP:J:\logs\echanblard\emule.exe:eChanblard
“UDP Query User{2808584C-4484-4C10-B8D7-4754C73363F0}J:\logs\echanblard\emule.exe”= TCP:J:\logs\echanblard\emule.exe:eChanblard
“TCP Query User{E519DEAC-CC83-4A97-9D21-0DEACA0F8AF6}H:\logs\echanblard\emule.exe”= UDP:H:\logs\echanblard\emule.exe:eChanblard
“UDP Query User{9471732F-D0C2-483E-B3C2-79EFB10359E4}H:\logs\echanblard\emule.exe”= TCP:H:\logs\echanblard\emule.exe:eChanblard
“{9FD2E8A2-BBAE-441E-A534-A0A295BF10A6}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“{4AC63A0C-611C-48BB-8DF9-4071FA415FC6}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
“TCP Query User{2EAC594C-61C0-4221-A8E0-FC44B1611BE5}C:\program files\activision\call of duty 4 - modern warfare\mp_tool.exe”= UDP:C:\program files\activision\call of duty 4 - modern warfare\mp_tool.exe:mp_tool
“UDP Query User{B132B9AC-522A-4975-A56D-4A07F7B45EFE}C:\program files\activision\call of duty 4 - modern warfare\mp_tool.exe”= TCP:C:\program files\activision\call of duty 4 - modern warfare\mp_tool.exe:mp_tool
“TCP Query User{B54C40D9-3E0C-4893-AC8A-2405A507FF81}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.5.exe”= UDP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.5.exe:ModernRcon_v0.5
“UDP Query User{83972F14-DA89-4F95-AB31-560A83457BE5}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.5.exe”= TCP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.5.exe:ModernRcon_v0.5
“{32A498F8-35E9-4DEC-8B9E-68F4F46301EE}”= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{FDDEA0B1-FEDE-4422-87C5-BF927E1C443A}”= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“TCP Query User{F21FE08C-1D2D-4836-8D29-B4CDFA084A50}C:\users\j-ch\appdata\local\emule\emule.exe”= UDP:C:\users\j-ch\appdata\local\emule\emule.exe:emule.exe
“UDP Query User{8AF344FB-B6D5-4FA0-A101-D3E5FFAAFD8A}C:\users\j-ch\appdata\local\emule\emule.exe”= TCP:C:\users\j-ch\appdata\local\emule\emule.exe:emule.exe
“{30B08388-D29F-41C4-85D1-C8FEE51C5AFB}”= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
“{83D1C534-C95A-42DC-A4CA-D008981AFF6B}”= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
“TCP Query User{BE74C08B-AF47-4258-B65F-3BCFE2B46A17}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe”= UDP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe:ModernRcon_v0.6
“UDP Query User{D9522141-1C7C-4A35-849E-D23599A0FC8D}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe”= TCP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe:ModernRcon_v0.6
“TCP Query User{D0A3DD32-DFE7-4BBC-8C53-485212043AC2}C:\program files\winscp\winscp.exe”= UDP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client
“UDP Query User{F7B5E6B0-39E2-4EC0-B006-FE71BDF21DCB}C:\program files\winscp\winscp.exe”= TCP:C:\program files\winscp\winscp.exe:Windows SFTP, FTP and SCP client
“TCP Query User{CE73D382-2F1A-47BA-A21A-4DD8F74C8EEC}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe”= UDP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe:ModernRcon_v0.6
“UDP Query User{2C25FD8A-B81A-4316-B6C0-A5DA37172283}C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe”= TCP:C:\program files\activision\call of duty 4 - modern warfare\modernrcon_v0.6.exe:ModernRcon_v0.6
“TCP Query User{01506A4E-84E6-40DD-8D79-73CB8ADAD759}C:\program files\gtactix\gtactix.exe”= UDP:C:\program files\gtactix\gtactix.exe:Gtactix
“UDP Query User{738A7DB0-12E6-44E5-BA3D-069D054F47AC}C:\program files\gtactix\gtactix.exe”= TCP:C:\program files\gtactix\gtactix.exe:Gtactix
“{20208743-BEF2-4651-943F-3D4BBCB0833D}”= UDP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Dx9.exe:Assassin’s Creed Dx9
“{B8DF3223-E58B-4962-A982-F908F8AFA868}”= TCP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Dx9.exe:Assassin’s Creed Dx9
“{B18F906B-64B9-4D28-A93E-717E91430F6D}”= UDP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Dx10.exe:Assassin’s Creed Dx10
“{1DE74186-A745-4F14-BB92-66AE5BEDBC5B}”= TCP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Dx10.exe:Assassin’s Creed Dx10
“{CB71C822-2B27-464E-B676-091EFF546EEB}”= UDP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Launcher.exe:Assassin’s Creed Update
“{B6000162-F8AC-428B-93A6-E8A5C1668D18}”= TCP:D:\PROGRAMMES\AssCreed\AssassinsCreed_Launcher.exe:Assassin’s Creed Update
“{5C45CD4A-A1E1-405C-8763-255A5564AA7B}”= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
“{FC5AA310-8870-4705-93E2-D3A049E37E81}”= Disabled:UDP:C:\Program Files\Autodesk\backburner\manager.exe:backburner 2.3 manager
“{00EB872A-8C5B-4F6F-A834-29AD500BF90E}”= Disabled:TCP:C:\Program Files\Autodesk\backburner\manager.exe:backburner 2.3 manager
“{76D5436F-CAE6-4FC3-9B29-BCE9E0C3C5B0}”= Disabled:UDP:C:\Program Files\Autodesk\backburner\monitor.exe:backburner 2.3 monitor
“{F3521C83-A296-4AEB-A3CE-AEDD34D5EBBB}”= Disabled:TCP:C:\Program Files\Autodesk\backburner\monitor.exe:backburner 2.3 monitor
“{ACFE3CC0-6B97-4C28-8D08-E50C685233BC}”= Disabled:UDP:C:\Program Files\Autodesk\backburner\server.exe:backburner 2.3 server
“{B3A45BE2-3224-4E39-84F7-88D31A4B60D0}”= Disabled:TCP:C:\Program Files\Autodesk\backburner\server.exe:backburner 2.3 server
“TCP Query User{0EEC364A-0E7C-4838-B07C-3224E2E97ECF}D:\programmes\worms 4\worms 4 mayhem.exe”= Disabled:UDP:D:\programmes\worms 4\worms 4 mayhem.exe:Worms 4 Mayhem
“UDP Query User{53727C7A-9A70-499C-884E-5AC7612C9BE8}D:\programmes\worms 4\worms 4 mayhem.exe”= Disabled:TCP:D:\programmes\worms 4\worms 4 mayhem.exe:Worms 4 Mayhem

R1 HMFAxCore8ca4fd17866cac11805503e882557762;HMFAxCore8ca4fd17866cac11805503e882557762;C:\Windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys [2007-10-29 19:22]
S1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2007-05-25 15:12]
S1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-05-25 15:09]
S1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-05-25 15:10]
S1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2007-05-25 15:08]
S2 ACEDRV09;ACEDRV09;C:\Windows\system32\drivers\ACEDRV09.sys [2007-07-29 20:23]
S2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);“C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe” -sAUTODESKVAULT []
S2 SQLWriter;SQL Server VSS Writer;“C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe” [2007-02-10 06:29]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-11 01:31]
S3 Asushwio;Asushwio;C:\Windows\system32\drivers\Asushwio.sys [2006-10-10 13:33]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-10-16 16:30]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\DRIVERS\StkCMini.sys [2007-01-20 00:19]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 18:00]
S3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 01:37]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

Newly Created Service - ECACHE
.


catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-04-09 19:00:48
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés …

Balayage caché autostart entries …

Balayage des fichiers cachés …

Scan terminé avec succès
Les fichiers cachés: 0


.
Temps d’accomplissement: 2008-04-09 19:01:13
ComboFix-quarantined-files.txt 2008-04-09 17:01:08
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-09 06:32:05 — E O F —

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////


Voila le rapport de Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:02, on 2008-04-09 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ustart.org…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM…\Run: [DirectMessenger] “C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE”
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [F-Secure Manager] “C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE” /splash
O4 - HKLM…\Run: [F-Secure TNB] “C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe” /CHECKALL /WAITFORSW
O4 - HKLM…\RunOnce: [GrpConv] grpconv -o
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU…\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18…\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background (User ‘Default user’)
O4 - HKUS.DEFAULT…\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe (User ‘Default user’)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Parental… - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra ‘Tools’ menuitem: Parental… - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - D:\PROGRAMMES\AIP 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - D:\PROGRAMMES\AIP 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - D:\PROGRAMMES\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


End of file - 8996 bytes


Tu en pense quoi ?:confused:

Et BitDefender m’a mis cela :
C:/windows/system32/drivers/doxnld/218666.exe infecté par Win32 Bagle.SLV@mm
Puis le meme fichier : Echec de la désinfection.
Puis le meme fichier : Supprimé.

J’ai vérifié avec la commande que le fichier avait bien disparu , et c’est bon , il a bien été supprimé.

Je fait quoi maintenant ?
Edité le 09/04/2008 à 20:33

Bon, la solution radicale c’est le formatage, telement plus simple ! :confused:
Cela fait 1 ans que je n’ai pas formaté donc c’est pas trop gènant (1pierre2coup) :paf:

Le problème est que j’ai une version de vista OEM et pas de partie “restaure” !!! autrement dit, j’ai pas ce qu’il faut pour réinstaller vista :frowning:

Est-ce que quelqu’un pourai me dire où télécharger un *.iso (ou autre format) du DVD de vista familial premium. :yeux1:

Comme cela, je formate, réinstalle vista et je met ma clé OEM , c’est possible au moin ?

Merci beaucoup de ton aide !!!

Mais j’ai enfin retrouvé mon DVD Recovery de mon pc.
Donc je formate a midi : icon_biggrin: :lol:
C’est vrai que mon pc a l’air de mieu aller aussi , mais je préfère formater.
Sa fait plaisir !!!

MERCI ENCORE !!! :super:
C’est cool d’avoir des gens qui prennent du temps à lire mes longs posts pour me répondre avec des solution…
MERCI !