Sujet Précédent Sujet Suivant

Infection par w32/xor-encoded.a

Résolu/Fermé
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 - 4 janv. 2009 à 02:37
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 - 13 janv. 2009 à 22:48
Bonjour,
Mon PC portable (HP pavillon dv6000) est infecté par w32/xor.encoded.a , les sympyômes sont : la barre d'outils/de tâches ne fonctionnent plus ainsi que le menu demarrer et le processeur tourne au minimum à 50% (chose inhabituelle). Mon systeme est vista premium et l'antivirus est norton 360. Pouvez-vous m'aider à nettoyer mon ordi ?
D'avance merci.
Je poste le dernier rapport fait en ligne avec panda security :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-03 20:44:35
PROTECTIONS: 3
MALWARE: 10
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4205.0 No Yes
Norton 360 8.2.0.81 No No
Norton Antivirus Internet Security 2008 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@doubleclick[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@247realmedia[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\panda@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\panda@xiti[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\panda@apmebf[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\panda@statse.webtrendslive[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@statse.webtrendslive[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\panda@bluestreak[1].txt
03009106 W32/Xor-encoded.A Virus No 0 No No C:\Users\PANDA\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0cec6dcf\Report.cab[ecwaosw.exe.xor]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\PANDA\Downloads\ComboFix.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\PANDA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M6EE7PVF\ComboFix[1].exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location ���{�� C5
;===================================================================================================================================================================================
No C:\Program Files\Image-Line\FLStudio5\Fl.exe ���{�� C5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ���{�� C5
;===================================================================================================================================================================================
184379 MEDIUM MS08-001 ���{�� C5
182048 HIGH MS07-069 ���{�� C5
182043 HIGH MS07-064 ���{�� C5
176382 HIGH MS07-057 ���{�� C5
170906 HIGH MS07-045 ���{�� C5
164913 HIGH MS07-033 ���{�� C5
160623 HIGH MS07-027 ���{�� C5
;===================================================================================================================================================================================

44 réponses

Réponse 1 / 44
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
5 janv. 2009 à 16:47
Existe-t-il vraiment un moyen de me débarasser de ce putain de w32/xor.encoded.a?
1
Réponse 2 / 44
Utilisateur anonyme
4 janv. 2009 à 03:04
bon soire telecharge ca http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner et instale clic sur le raccourci et clic sur nettoyeur et analise une foi analise terminé fait lancer le nettoyage une foi fini, clic sur registre et analise clic sur chercher des erreurs, dit moi si ca resolu tes probléme,oki
0
Réponse 3 / 44
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
4 janv. 2009 à 05:10
Bonsoir ezekielo,

J'ai essayé ccleaner puis redémarré le PC mais rien n'y change...
0
Réponse 4 / 44
Utilisateur anonyme
4 janv. 2009 à 12:30
telecharge ca et fait un scan et mes moi le rapore http://www.commentcamarche.net/telecharger/telechargement 122 spybot
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 44
Utilisateur anonyme
4 janv. 2009 à 12:33
tu a deux troyen aussi aplé trojen
0
Réponse 6 / 44
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
4 janv. 2009 à 17:45
Merci pour le lien.
En telechargeant spybot windows m'a notifié que je devais l'installer en tant qu'administrateur...bon,le programme s'est quand meme executer et j'ai pû faire le scan. Je t'envoi le rapport que j'ai trouvé dans le mode détaillé de spybot :

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


Félicitations!: Aucun mouchard n'a été trouvé. ()



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2009-01-04 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-12-29 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-29 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2008-12-16 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-12-29 Includes\Trojans.sbi (*)
2008-12-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6000) (6.0.6000)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 51048
MD5: B01902E9451B3D39DC5CAFDC9B9B398C

Located: HK_LM:Run, CognizanceTS
command: rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
file: c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll
size: 17920
MD5: 09B9F07E4D91B4EC48D7271110136881

Located: HK_LM:Run, DJ Console Mk2
command: C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
file: C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
size: 218664
MD5: FEF91C7E13AF76CB1EE2EB61AE77C2CD

Located: HK_LM:Run, Hercules DJ Series
command: C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
file: C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
size: 484648
MD5: FC33E89D61BCA700AEC36A3D977135E9

Located: HK_LM:Run, HP Health Check Scheduler
command: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
file: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
size: 50696
MD5: 06B28C3CFD5C995B82F5EF1E5A0A576C

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22

Located: HK_LM:Run, hpWirelessAssistant
command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 472776
MD5: AF849798ECA383184C88ED436CF3EFB2

Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 174872
MD5: C7C70AE1DE8F0FCC8F2431C5D15632DF

Located: HK_LM:Run, MSConfig
command: "C:\Windows\System32\msconfig.exe" /auto
file: C:\Windows\System32\msconfig.exe
size: 222208
MD5: 1BB128A09911A936E8EFC30C3F6C597C

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 13556256
MD5: FEDDAB61F1C79D1A2AD7E7A9690B5B24

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 92704
MD5: AB9391E6DF6DADCD5A237216F3CAC2B7

Located: HK_LM:Run, osCheck
command: "C:\Program Files\Norton 360\osCheck.exe"
file: C:\Program Files\Norton 360\osCheck.exe
size: 988512
MD5: 956740878FF68E493C1D9923C65C9A20

Located: HK_LM:Run, QlbCtrl
command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 159744
MD5: A04BE1DBBA0E554B2F33555CCBA5F969

Located: HK_LM:Run, QPService
command: "C:\Program Files\HP\QuickPlay\QPService.exe"
file: C:\Program Files\HP\QuickPlay\QPService.exe
size: 176128
MD5: 041AF1711BF3D6BFF12FD9D28F0AC303

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4390912
MD5: 6F77B5BA086729378197CAA18DBDCB29

Located: HK_LM:Run, SMSERIAL
command: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
file: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
size: 729088
MD5: 04870A30820F902AAB828317C3B5E897

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1045800
MD5: 62B3C9786081ECAAB272A118408D2817

Located: HK_LM:Run, WAWifiMessage
command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 317128
MD5: F533507FE318B46629E84DF630A316F8

Located: HK_LM:Run, Windows Mobile-based device management
command: %windir%\WindowsMobile\wmdSync.exe
file: C:\Windows\WindowsMobile\wmdSync.exe
size: 215552
MD5: 4AB05041D5C922B9A7A5D9059F5538CD

Located: HK_LM:RunOnce, Launcher
command: %WINDIR%\SMINST\launcher.exe
file: C:\Windows\SMINST\launcher.exe
size: 44128
MD5: 50ECAA360582260ACC5E1495CC34A22E

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-733741292-2615198191-2379931871-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A

Located: HK_CU:Run, Sidebar
where: S-1-5-21-733741292-2615198191-2379931871-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-733741292-2615198191-2379931871-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2156368
MD5: 08FC1FAD357F053043016597B6559BDC

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-733741292-2615198191-2379931871-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B

Located: Démarrage (tous utilisateurs), BTTray.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 719664
MD5: 13C4E87CF239C73F6DDF64D14FF2480D

Located: Démarrage (tous utilisateurs), Service Manager.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
file: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 74308
MD5: A6455ADF66EE2FDD53B81AAE74F40C4C

Located: Démarrage (tous utilisateurs), WinZip Quick Pick.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2FE253973433442C2CB234FB2BC4BF29



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Aide pour le lien d'Adobe PDF Reader
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: https://get2.adobe.com/reader/otherversions/
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 22/10/2006 23:08:42
Date (last access): 19/11/2008 22:49:40
Date (last write): 22/10/2006 23:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 04/01/2009 11:33:02
Date (last access): 04/01/2009 11:33:02
Date (last write): 07/07/2008 09:41:58
Filesize: 1562448
Attributes: archive
MD5: 32981ADE44D01EC2A9EBC2E311291707
CRC32: C2F522E6
Version: 1.6.0.12

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (NCO 2.0 IE BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: NCO 2.0 IE BHO
CLSID name:
Path: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\
Long name: CoIEPlg.dll
Short name:
Date (created): 25/09/2008 15:24:04
Date (last access): 25/09/2008 15:24:04
Date (last write): 30/06/2008 07:44:04
Filesize: 349552
Attributes: archive
MD5: 3063C05D9CA51D9BB47830BD04A19766
CRC32: CBCA0ED1
Version: 2008.2.7.7

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Symantec Intrusion Prevention
CLSID name: Symantec Intrusion Prevention
Path: C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\
Long name: IPSBHO.dll
Short name:
Date (created): 20/09/2008 09:35:54
Date (last access): 20/09/2008 09:35:54
Date (last write): 20/09/2008 09:35:54
Filesize: 116088
Attributes: archive
MD5: 317FC88BDD45DD92A4A8A6C1F7963EF3
CRC32: 00F465C4
Version: 8.2.0.81

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Search Helper
CLSID name: Search Helper
Path: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\
Long name: SearchHelper.dll
Short name: SEARCH~1.DLL
Date (created): 04/12/2008 15:59:06
Date (last access): 17/12/2008 14:54:26
Date (last write): 04/12/2008 15:59:06
Filesize: 92504
Attributes: archive
MD5: C5700CD3293E88BE85C73ECCCE772E9E
CRC32: 4005D5F1
Version: 1.2.118.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 17/12/2008 01:33:46
Date (last access): 17/12/2008 01:33:46
Date (last write): 17/12/2008 01:33:46
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Programme d'aide de l'Assistant de connexion Windows Live
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 18/11/2008 13:47:06
Date (last access): 17/12/2008 14:47:26
Date (last write): 18/11/2008 13:47:06
Filesize: 408952
Attributes: archive
MD5: 4B9CBC54FA3A846649F59BC185DF63DF
CRC32: 0402898F
Version: 5.0.817.1

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://www.google.com/intl/fr/toolbar/ie/index.html
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 09/10/2008 08:41:02
Date (last access): 09/10/2008 08:41:02
Date (last write): 09/10/2008 08:41:02
Filesize: 2436160
Attributes: readonly archive
MD5: 6D44E0C3B43D27484FBB355E470C4188
CRC32: 2DE875CD
Version: 4.0.1601.4978

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 17/12/2008 01:33:44
Date (last access): 17/12/2008 01:33:44
Date (last write): 17/12/2008 01:33:44
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3

{DF21F1DB-80C6-11D3-9483-B03D0EC10000} (VeriSoft Access Manager)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: VeriSoft Access Manager
CLSID name: VeriSoft Access Manager
Path: c:\Program Files\Bioscrypt\VeriSoft\Bin\
Long name: ItIEAddIn.dll
Short name: ITIEAD~1.DLL
Date (created): 21/11/2006 15:59:00
Date (last access): 20/10/2007 10:26:04
Date (last write): 21/11/2006 15:59:00
Filesize: 71192
Attributes: readonly archive
MD5: CF8735D4E3E58C9C609074BEC00FD260
CRC32: 93D11BD8
Version: 2.1.0.78

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live\Toolbar\
Long name: wltcore.dll
Short name:
Date (created): 08/12/2008 17:01:58
Date (last access): 17/12/2008 14:55:02
Date (last write): 08/12/2008 17:01:58
Filesize: 1067352
Attributes: archive
MD5: 4DC993F947CA0E46DAF3260D78BC9A60
CRC32: E16D1FE7
Version: 14.0.8052.1208



--- ActiveX list ---
{0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control)
DPF name:
CLSID name: Facebook Photo Uploader 5 Control
Installer: C:\Windows\Downloaded Program Files\PhotoUploader5.inf
Codebase: http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
Path: C:\Windows\Downloaded Program Files\
Long name: PhotoUploader5.ocx
Short name: PHOTOU~1.OCX
Date (created): 10/10/2008 15:44:58
Date (last access): 10/10/2008 15:44:58
Date (last write): 10/10/2008 15:44:58
Filesize: 3536384
Attributes: archive
MD5: 3F703EC5DB5638C08008132A78430136
CRC32: AB0E6745
Version: 5.5.8.0

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\Windows\Downloaded Program Files\kavwebscan.inf
Codebase: https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Path: C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 13/08/2008 15:03:26
Date (last access): 13/08/2008 15:03:26
Date (last write): 13/08/2008 15:03:26
Filesize: 798720
Attributes: archive
MD5: 7719560C8F3D21518B683C186140EEB3
CRC32: 0BB88B7D
Version: 5.0.84.2

{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class)
DPF name:
CLSID name: ActiveScan 2.0 Installer Class
Installer: C:\Windows\Downloaded Program Files\as2stubie.inf
Codebase: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
Path: C:\Windows\Downloaded Program Files\
Long name: as2stubie.dll
Short name: AS2STU~1.DLL
Date (created): 30/06/2008 10:39:58
Date (last access): 30/06/2008 10:39:58
Date (last write): 30/06/2008 10:39:58
Filesize: 128256
Attributes: archive
MD5: BB482DD127289F0FAD474610F5A4C3E3
CRC32: 1CF0CB03
Version: 1.0.0.10

{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
Codebase: https://www.eset.com/
Path: C:\Windows\system32\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 11/02/2008 09:40:08
Date (last access): 11/02/2008 09:40:08
Date (last write): 11/02/2008 09:40:08
Filesize: 2715648
Attributes: archive
MD5: 8A41731096C2ECD10568DDB8F0F90498
CRC32: 5CE9D28A
Version: 1.0.0.635

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\Windows\Downloaded Program Files\oscan8.inf
Codebase: http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
Path: C:\Windows\DOWNLO~1\
Long name: oscan8.ocx
Short name:
Date (created): 25/10/2007 16:54:18
Date (last access): 25/10/2007 16:54:18
Date (last write): 25/10/2007 16:54:18
Filesize: 471040
Attributes: archive
MD5: BC4E154A06C9208EF36669B1B9E5FDAD
CRC32: DF08A08D
Version: 1.0.0.1

{6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object)
DPF name:
CLSID name: CSEQueryObject Object
Installer:
Codebase: http://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
Path: C:\Windows\Downloaded Program Files\
Long name: SearchEngineQuery.dll
Short name: SEARCH~1.DLL
Date (created): 27/10/2008 20:17:32
Date (last access): 27/10/2008 20:17:32
Date (last write): 27/10/2008 20:17:16
Filesize: 316944
Attributes: archive
MD5: A854DE9EEEC572C31C9A6D948E21A76D
CRC32: B2B8E92A
Version: 1.0.2.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer: C:\Windows\Downloaded Program Files\jinstall-6u11.inf
Codebase: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229491750579&h=cc186c807fb4150fc5ccb6c5908406f5/&filename=jinstall-6u11-windows-i586-jc.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 17/12/2008 01:33:44
Date (last access): 17/12/2008 01:33:44
Date (last write): 17/12/2008 01:33:44
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

{C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component)
DPF name:
CLSID name: Lycos File Upload Component
Installer: C:\Windows\Downloaded Program Files\FileUploader.inf
Codebase: http://f008.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
Path: C:\Windows\Downloaded Program Files\
Long name: FileUploader.dll
Short name: FILEUP~1.DLL
Date (created): 06/02/2008 16:33:10
Date (last access): 06/02/2008 16:33:10
Date (last write): 06/02/2008 16:33:10
Filesize: 155648
Attributes: archive
MD5: 521EF304FF44D62781D9B9707372989E
CRC32: BE279149
Version: 2.0.0.4

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 17/12/2008 01:33:44
Date (last access): 17/12/2008 01:33:44
Date (last write): 17/12/2008 01:33:44
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 17/12/2008 01:33:44
Date (last access): 17/12/2008 01:33:44
Date (last write): 17/12/2008 01:33:44
Filesize: 94208
Attributes: archive
MD5: 3DA696FCE470365F830726A5DB33733F
CRC32: F0FC81C2
Version: 6.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 17/12/2008 01:33:46
Date (last access): 17/12/2008 01:33:46
Date (last write): 17/12/2008 01:33:46
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3



--- Process list ---
PID: 2760 (1080) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 2772 ( 868) c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
size: 65536
MD5: 3F91D1056D2CEBEF374BE0E55428190A
PID: 2820 (2732) C:\Windows\Explorer.EXE
size: 2923520
MD5: 37440D09DEAE0B672A04DCCF7ABF06BE
PID: 2884 (1104) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 3804 (2820) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
size: 729088
MD5: 04870A30820F902AAB828317C3B5E897
PID: 892 (2820) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1045800
MD5: 62B3C9786081ECAAB272A118408D2817
PID: 3144 (2820) C:\Windows\RtHDVCpl.exe
size: 4390912
MD5: 6F77B5BA086729378197CAA18DBDCB29
PID: 2248 (2820) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
size: 174872
MD5: C7C70AE1DE8F0FCC8F2431C5D15632DF
PID: 3684 (2820) C:\Program Files\HP\QuickPlay\QPService.exe
size: 176128
MD5: 041AF1711BF3D6BFF12FD9D28F0AC303
PID: 3944 (2820) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
size: 159744
MD5: A04BE1DBBA0E554B2F33555CCBA5F969
PID: 2532 (2820) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 472776
MD5: AF849798ECA383184C88ED436CF3EFB2
PID: 2976 (2820) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 317128
MD5: F533507FE318B46629E84DF630A316F8
PID: 3692 (2820) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
PID: 1524 (1324) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
size: 149352
MD5: 2F237AAB91497AAA03AF48EAE68758FC
PID: 1332 (2820) C:\Windows\WindowsMobile\wmdSync.exe
size: 215552
MD5: 4AB05041D5C922B9A7A5D9059F5538CD
PID: 2320 (2820) C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
size: 484648
MD5: FC33E89D61BCA700AEC36A3D977135E9
PID: 2680 (2820) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
PID: 3764 (2820) C:\Program Files\Hercules\Audio\DJ Console Series\Mk2\HDJ2CPL.exe
size: 218664
MD5: FEF91C7E13AF76CB1EE2EB61AE77C2CD
PID: 2208 (2820) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 668 (2820) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679
PID: 1640 (2820) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1232896
MD5: 582F3A0BA61D8F0D50C66B592808B6D6
PID: 1616 (2820) C:\Windows\ehome\ehtray.exe
size: 125440
MD5: 2E0953919779A44BF9DFB7B07C58535A
PID: 1244 (2820) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B
PID: 2216 (2820) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 719664
MD5: 13C4E87CF239C73F6DDF64D14FF2480D
PID: 2176 (2820) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 74308
MD5: A6455ADF66EE2FDD53B81AAE74F40C4C
PID: 2568 (2820) C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2FE253973433442C2CB234FB2BC4BF29
PID: 2668 ( 868) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 693E4C15CEE5D6487D7913A2701B5E40
PID: 4104 ( 868) C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
size: 677576
MD5: 241B74792CC295DFDCB7940BBF52B226
PID: 5916 ( 868) C:\Windows\System32\mobsync.exe
size: 95232
MD5: 9C632DC0F1B6D79B05F46A4A5349CEF4
PID: 6052 ( 868) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
size: 1600304
MD5: 36EF7773F00E940A6E1FE753DA619080
PID: 5392 (1348) C:\Program Files\Internet Explorer\IEUser.exe
size: 301568
MD5: CC3BC04443E65FEB28B5A043420610BA
PID: 2844 ( 868) C:\Program Files\Windows Live\Toolbar\wltuser.exe
size: 224600
MD5: A29E6A21171B933348EB1FEAB2FF1D73
PID: 2836 (5048) C:\Program Files\Internet Explorer\iexplore.exe
size: 634024
MD5: D762642A109433EEDCD332B0A9511137
PID: 5100 (1168) C:\Windows\system32\Taskmgr.exe
size: 163840
MD5: D826545F1051D3675E7FC8AA27858C97
PID: 4528 (5756) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 3928 (5756) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2156368
MD5: 08FC1FAD357F053043016597B6559BDC
PID: 2172 (3128) C:\Windows\system32\conime.exe
size: 68608
MD5: 05CB3DA78A4BBD9B799A5957F9D101CC
PID: 1580 (4528) C:\Windows\hh.exe
size: 14848
MD5: 7C06CED2F7B9272A126D53A2A9F52AC0
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 480 ( 4) smss.exe
size: 62976
PID: 604 ( 592) csrss.exe
size: 7680
PID: 652 ( 592) wininit.exe
size: 95744
PID: 664 ( 644) csrss.exe
size: 7680
PID: 696 ( 652) services.exe
size: 279552
PID: 708 ( 652) lsass.exe
size: 7680
PID: 716 ( 652) lsm.exe
size: 210944
PID: 868 ( 696) svchost.exe
size: 22016
PID: 908 ( 696) svchost.exe
size: 22016
PID: 936 ( 696) nvvsvc.exe
size: 203296
PID: 964 ( 696) svchost.exe
size: 22016
PID: 1000 ( 696) svchost.exe
size: 22016
PID: 1048 ( 696) svchost.exe
size: 22016
PID: 1080 ( 696) svchost.exe
size: 22016
PID: 1104 ( 696) svchost.exe
size: 22016
PID: 1168 ( 644) winlogon.exe
size: 308224
PID: 1228 (1048) audiodg.exe
size: 88064
PID: 1248 ( 696) svchost.exe
size: 22016
PID: 1264 ( 696) SLsvc.exe
size: 2605568
PID: 1292 ( 696) svchost.exe
size: 22016
PID: 1428 ( 696) svchost.exe
size: 22016
PID: 1684 ( 936) rundll32.exe
size: 44544
PID: 1724 ( 696) spoolsv.exe
size: 124928
PID: 1768 ( 696) CCSVCHST.EXE
PID: 2012 ( 696) sched.exe
PID: 492 ( 696) svchost.exe
size: 22016
PID: 3200 ( 696) avguard.exe
PID: 3212 ( 696) svchost.exe
size: 22016
PID: 3224 ( 696) CLCapSvc.exe
PID: 3428 ( 696) HerculesDJControlMP3.EXE
PID: 3544 ( 696) IAANTmon.exe
PID: 3604 ( 696) LSSrvc.exe
PID: 3632 ( 696) sqlservr.exe
PID: 3844 ( 696) svchost.exe
size: 22016
PID: 3856 ( 696) SeaPort.exe
PID: 3900 ( 696) svchost.exe
size: 22016
PID: 3936 ( 696) svchost.exe
size: 22016
PID: 3972 ( 696) SearchIndexer.exe
size: 287744
PID: 4036 ( 696) hpqwmiex.exe
PID: 2452 ( 696) AluSchedulerSvc.exe
PID: 2716 (1104) taskeng.exe
size: 166400
PID: 2728 (1104) taskeng.exe
size: 166400
PID: 948 ( 868) WmiPrvSE.exe
PID: 2828 ( 696) wmpnetwk.exe
PID: 4400 ( 696) symlcsvc.exe
PID: 5424 ( 696) svchost.exe
size: 22016
PID: 5800 ( 892) SynTPHelper.exe
PID: 4356 ( 696) HPHC_Service.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 04/01/2009 12:37:16

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: Fournisseur de services RSVP TCPv6
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: Fournisseur de services RSVP TCP
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: Fournisseur de services RSVP UDPv6
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: Fournisseur de services RSVP UDP
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Protocol 11: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{708E1A90-9F0D-4160-846B-C059798263FB}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{708E1A90-9F0D-4160-846B-C059798263FB}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2879C839-F6A2-4F07-BE34-EF9C51453D1B}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2879C839-F6A2-4F07-BE34-EF9C51453D1B}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5A062821-6072-4DFB-B979-369CBABAB818}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5A062821-6072-4DFB-B979-369CBABAB818}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{708E1A90-9F0D-4160-846B-C059798263FB}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{708E1A90-9F0D-4160-846B-C059798263FB}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2879C839-F6A2-4F07-BE34-EF9C51453D1B}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2879C839-F6A2-4F07-BE34-EF9C51453D1B}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5A062821-6072-4DFB-B979-369CBABAB818}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5A062821-6072-4DFB-B979-369CBABAB818}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Espace de noms NLAv1 (Network Location Awareness Legacy)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: Fournisseur Shim d'affectation de noms de messagerie
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: Fournisseur d'espace de noms du nuage PNRP
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: Fournisseur d'espace de noms du nom PNRP
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 6: Espace de noms Bluetooth
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace



--- Uninstall list ---


--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote ACPI Microsoft
Image path: system32\drivers\acpi.sys
Image size: 258232
Image MD5: 84FC6DF81212D16BE5C4F441682FECCC
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu160m.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\djsvs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 58880
Image MD5: E69FB0E3112C40FDC0EF7D21A52DC951
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\drivers\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): AmdK7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K7 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AntiVirScheduler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Planificateur Avira AntiVir Personal - Free Antivirus
Description: Service de commande des tâches de contrôle et mises à jour Avira AntiVir Personal - Free Antivirus.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
Image size: 68865
Image MD5: D6C8942BEA3698A2E7559BD423BFA5D7
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Personal - Free Antivirus Guard
Description: Offre une protection permanente contre les virus et les logiciels malveillants grâce au moteur de recherche AntiVir.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Image size: 151297
Image MD5: 335A142923FE7F97E8C8388ACD067568
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ASAPIW2K
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ASAPIW2K
Image path: System32\Drivers\ASAPIW2K.sys
Image size: 11264
Image MD5: 4F9CBBF95E8F7A0D4C0EDCFE3B78102E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ASBroker
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Courtier de session de connexion
Description: Service d'intégration du client VeriSoft.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k Cognizance
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): ASChannel
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Canal de communication local
Description: Fournit des fonctionnalités de serveur de bureau VeriSoft local.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k Cognizance
Image size: 22016
Image MD5: 10DA15933D582D2FEDCF705EFE394B09
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service
0
Réponse 7 / 44
Utilisateur anonyme
4 janv. 2009 à 18:01
dsl j ai du male a trouvé l infection telecharge malwarbyte et fai un scan et mes moi le rapore voici le lienhttp://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
0
Réponse 8 / 44
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
4 janv. 2009 à 18:38
Ok pas de souci, je t'envoi le rapport de mbam :

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1597
Windows 6.0.6000

04/01/2009 13:33:53
mbam-log-2009-01-04 (13-33-33).txt

Type de recherche: Examen rapide
Eléments examinés: 55070
Temps écoulé: 3 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\~.tmp (Trojan.Agent) -> No action taken.
C:\Users\PANDA\AppData\Roaming\REX Shared Library.dll (Trojan.Lop.H) -> No action taken.
0
Réponse 9 / 44
Utilisateur anonyme
4 janv. 2009 à 19:01
il les a trouv fait suprimé et dit moi si ca change
0
Réponse 10 / 44
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
4 janv. 2009 à 19:06
ok meci je vais essayer mais je ne les vois pas dans le menu quarantaine de mbam.
0
Réponse 11 / 44
Utilisateur anonyme
4 janv. 2009 à 19:09
si tu les suprime il ni seron pas dans la mise an quarantaine
0
Réponse 12 / 44
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
4 janv. 2009 à 19:57
J'ai refais une analyse avec mbam qui m'a redonné les 2 fichiers infectés puis je les ais supprimé. J'ai redemarré l'ordi.
Enfin j'ai refais une dernière analyse avec mbam qui ne trouve plus de problèmes.
Par contre, la barre d'outils et de taches ainsi que le menu demarrer restent bloqués (ils refonctionnent un instant si je relance explorer.exe dans les processus du planificateur de taches). Et le processeur turbine toujours trop.
Quand est-il du w32/xor detecté par panda security?
Enfin, j'ai fait en parallèle une analyse avec avira qui me place des fichiers infectés en quarantaine. Est-ce que je dois aussi les supprimer?
Merci de ta patience.
0
Réponse 13 / 44
Utilisateur anonyme
4 janv. 2009 à 20:51
oui il fau suprimé tout ce qui et en quarentaine
0
Réponse 14 / 44
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
5 janv. 2009 à 02:11
ok merci, j'ai effacé tout ce que avira et mbma me trouvais. J'ai refais tous les scan avec norton, avira, spybot et mbam qui n'ont rien trouvé puis j'ai executé ccleaner et enfin j'ai redemarré. Pour l'instant ma barre windows remarche mais le processeur reste tjrs à 50% mnimum. J'ai verifié dans le planificateur de taches et c'est explorer.exe de windows explorer qui pompe les 50%. Pense-tu que je peux corriger çà?
En attendant je refais le scan avec activescan2.0 de panda security pour cette nuit, car c'est le seul qui me trouve ce maudit w32/xor
Je te donne les resultats de ce scan demain. buona notte
0
Réponse 15 / 44
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
5 janv. 2009 à 16:43
Dernières nouvelles : windows explorer plante toujours,tout est désinfecté à part activescan qui trouve toujours ce putain de w32/xor.encoded.a et m'annonce qu'il ne peut pas le desinfecter. Existe-t-il un moyen de m'en débarrasser? Voici le scan :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-05 02:11:17
PROTECTIONS: 3
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4205.0 No Yes
Norton 360 8.2.0.81 No No
Norton Antivirus Internet Security 2008 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@doubleclick[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@ad.yieldmanager[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\PANDA\AppData\Roaming\Microsoft\Windows\Cookies\Low\panda@bluestreak[1].txt
03009106 W32/Xor-encoded.A Virus No 0 No No C:\Users\PANDA\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0cec6dcf\Report.cab[ecwaosw.exe.xor]
;===================================================================================================================================================================================
SUSPECTS
Sent Location }�mh�� C5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description }�mh�� C5
;===================================================================================================================================================================================
184379 MEDIUM MS08-001 }�mh�� C5
182048 HIGH MS07-069 }�mh�� C5
182043 HIGH MS07-064 }�mh�� C5
176382 HIGH MS07-057 }�mh�� C5
170906 HIGH MS07-045 }�mh�� C5
164913 HIGH MS07-033 }�mh�� C5
160623 HIGH MS07-027 }�mh�� C5
;===================================================================================================================================================================================
0
Réponse 16 / 44
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
5 janv. 2009 à 16:50
Bonjour,

- Télécharge TrendMicro™ HijackThis™ de Merijn(prog de diagnostic) sur ton bureau.
- Cette version est sans installateur! ( Zip à décompresser )
- Enregistre le sur ton bureau.

-A l'installation,
****Place le dans son répertoire par défaut, c'est à dire : C:\program files***

installer hijackthis correctement:
https://forums.cnetfrance.fr

*** Ferme toute les fenêtres ouvertes , et déconnecte toi du web***

- Double-clique dessus
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur "Do a scan and save log file".
- Le rapport s'ouvre sur le Bloc-Note.
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
- ** ne pas fixer de lignes sans notre avis **
Aide : N'hésite pas à consulter l'aide HiJackThis de Malekal_morte
En image
0
Réponse 17 / 44
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
5 janv. 2009 à 17:29
Merci chimay8,
Voici le rapport de HIJACK :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:26, on 05/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hercules\Audio\DJ Console Series\Mk2\HDJ2CPL.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\Explorer.exe
C:\Users\PANDA\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229491750579&h=cc186c807fb4150fc5ccb6c5908406f5/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
0
Réponse 18 / 44
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
5 janv. 2009 à 17:47
bon,le log ne montre pas d'infections

par contre MBAM montre un truc(lop)

Télécharge LOP S&D de Eric71.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation.
Double-clique sur le raccourci Lop S&D présent sur ton bureau.
Séléctionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré ( Il se trouve ici: C:\lopR.txt )

Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , choisis l' onglet Fichier , puis clique sur Nouvelle tâche; tape alors explorer.exe et valide.

0
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
6 janv. 2009 à 01:26
J'ai fait le scan que tu m'as indiqué. Il faut que tu saches qu'entre temps j'ai éliminé les 2 troyens montrés par mbam avc avira. Voici le scan :


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : PANDA ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
Firewall : Norton 360 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:225 Go (Free:42 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 05/01/2009|20:18 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[19/11/2008|22:11] C:\Users\PANDA\AppData\Local\Adobe
[20/10/2007|10:16] C:\Users\PANDA\AppData\Local\Application Data
[17/12/2008|14:55] C:\Users\PANDA\AppData\Local\ApplicationHistory
[20/10/2007|10:28] C:\Users\PANDA\AppData\Local\AtStart.txt
[29/12/2008|13:01] C:\Users\PANDA\AppData\Local\d3d9caps.dat
[03/01/2009|22:36] C:\Users\PANDA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[20/10/2007|10:28] C:\Users\PANDA\AppData\Local\DSwitch.txt
[22/02/2008|08:39] C:\Users\PANDA\AppData\Local\fusioncache.dat
[25/12/2008|15:28] C:\Users\PANDA\AppData\Local\GDIPFONTCACHEV1.DAT
[20/10/2007|10:32] C:\Users\PANDA\AppData\Local\Google
[20/10/2007|10:16] C:\Users\PANDA\AppData\Local\Historique
[20/10/2007|12:31] C:\Users\PANDA\AppData\Local\HP
[05/01/2009|19:34] C:\Users\PANDA\AppData\Local\IconCache.db
[12/11/2008|08:07] C:\Users\PANDA\AppData\Local\keyfile3.drm
[01/01/2009|12:30] C:\Users\PANDA\AppData\Local\Microsoft
[10/02/2008|11:28] C:\Users\PANDA\AppData\Local\Microsoft Games
[23/11/2008|18:06] C:\Users\PANDA\AppData\Local\Microsoft Help
[20/11/2008|12:23] C:\Users\PANDA\AppData\Local\MicroVision Applications
[12/12/2008|14:05] C:\Users\PANDA\AppData\Local\Netlog
[02/01/2009|21:11] C:\Users\PANDA\AppData\Local\qaiomgi.bat
[20/10/2007|10:28] C:\Users\PANDA\AppData\Local\QSwitch.txt
[01/01/2009|15:03] C:\Users\PANDA\AppData\Local\QuickPlay
[21/02/2008|14:06] C:\Users\PANDA\AppData\Local\rx_image.Cache
[05/01/2009|20:16] C:\Users\PANDA\AppData\Local\Temp
[20/10/2007|10:16] C:\Users\PANDA\AppData\Local\Temporary Internet Files
[20/10/2007|12:32] C:\Users\PANDA\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[05/01/2009 01:14][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{20513758-25DC-41FB-8D90-34BD3C841772}.job
[05/01/2009 19:44][--ah-----] C:\Windows\tasks\SA.DAT
[05/01/2009 19:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[09/10/2008|08:55] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[16/05/2007|23:02] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[19/11/2008|22:49] C:\ProgramData\Adobe
[20/10/2007|10:13] C:\ProgramData\Application Data
[04/01/2009|00:23] C:\ProgramData\Avira
[12/11/2008|20:22] C:\ProgramData\AVS4YOU
[20/10/2007|10:13] C:\ProgramData\Bureau
[25/12/2008|15:02] C:\ProgramData\CanonCP
[21/10/2007|11:25] C:\ProgramData\CyberLink
[20/10/2007|10:13] C:\ProgramData\Documents
[14/12/2008|16:33] C:\ProgramData\DVD Shrink
[31/10/2008|12:31] C:\ProgramData\eMule
[09/06/2008|08:05] C:\ProgramData\EPSON
[20/10/2007|10:13] C:\ProgramData\Favoris
[16/05/2007|23:14] C:\ProgramData\Google
[16/05/2007|23:38] C:\ProgramData\Hewlett-Packard
[21/10/2007|11:21] C:\ProgramData\HP
[04/11/2008|11:35] C:\ProgramData\hpzinstall.log
[20/09/2008|09:31] C:\ProgramData\LUUnInstall.LiveUpdate
[02/01/2009|20:45] C:\ProgramData\Malwarebytes
[20/10/2007|10:13] C:\ProgramData\Menu D‚marrer
[17/12/2008|14:54] C:\ProgramData\Microsoft
[11/12/2008|15:33] C:\ProgramData\Microsoft Help
[20/10/2007|10:13] C:\ProgramData\ModŠles
[03/01/2009|13:01] C:\ProgramData\ntuser.pol
[01/01/2009|16:28] C:\ProgramData\NVIDIA
[05/01/2009|19:44] C:\ProgramData\nvModes.001
[05/01/2009|19:40] C:\ProgramData\nvModes.dat
[26/11/2007|17:19] C:\ProgramData\Pinnacle
[26/11/2007|12:34] C:\ProgramData\Propellerhead Software
[05/01/2009|13:37] C:\ProgramData\Roxio
[20/10/2007|12:29] C:\ProgramData\Skype
[26/10/2008|16:57] C:\ProgramData\Sonic
[05/01/2009|19:14] C:\ProgramData\Spybot - Search & Destroy
[28/12/2008|00:46] C:\ProgramData\Symantec
[01/01/2009|18:54] C:\ProgramData\TEMP
[01/01/2009|12:11] C:\ProgramData\Ulead Systems
[23/10/2008|10:40] C:\ProgramData\WLInstaller
[26/12/2008|20:49] C:\ProgramData\ZoomBrowser

--------------------\\ Listing des dossiers dans C:\Program Files

[26/11/2007|12:41] C:\Program Files\Ableton
[16/05/2007|23:02] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[19/11/2008|22:49] C:\Program Files\Adobe
[01/11/2008|23:07] C:\Program Files\adslTV
[15/11/2008|19:58] C:\Program Files\Ahead
[05/09/2008|10:08] C:\Program Files\Algorithmix
[26/11/2007|18:01] C:\Program Files\ASIO4ALL v2
[04/01/2009|00:23] C:\Program Files\Avira
[20/11/2008|20:42] C:\Program Files\AVS4YOU
[20/10/2007|10:25] C:\Program Files\Bioscrypt
[31/10/2008|10:34] C:\Program Files\BoontyGames
[25/12/2008|15:45] C:\Program Files\Canon
[01/01/2009|18:57] C:\Program Files\CCleaner
[02/01/2009|21:44] C:\Program Files\Common Files
[03/12/2007|07:02] C:\Program Files\coolpro2
[05/11/2008|16:30] C:\Program Files\Disc2Phone
[18/11/2008|20:44] C:\Program Files\DsNET Corp
[26/11/2008|10:55] C:\Program Files\DVD Decrypter
[26/11/2008|12:40] C:\Program Files\DVD Shrink
[14/04/2008|14:05] C:\Program Files\easetech
[16/05/2007|23:14] C:\Program Files\EasyBits
[09/06/2008|08:29] C:\Program Files\EPSON
[20/10/2007|10:13] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20/10/2007|10:25] C:\Program Files\Fingerprint Sensor
[05/11/2008|16:30] C:\Program Files\Google
[17/10/2008|16:36] C:\Program Files\Guillemot
[03/04/2008|18:47] C:\Program Files\Guitar Pro 5
[17/10/2008|16:36] C:\Program Files\Hercules
[01/11/2008|21:49] C:\Program Files\Hewlett-Packard
[31/10/2008|20:53] C:\Program Files\HP
[16/05/2007|23:21] C:\Program Files\HPQ
[28/11/2007|18:40] C:\Program Files\IK Multimedia
[23/10/2008|01:35] C:\Program Files\Illustrate
[20/10/2007|12:56] C:\Program Files\Image-Line
[25/12/2008|15:12] C:\Program Files\InstallShield Installation Information
[16/05/2007|22:22] C:\Program Files\Intel
[11/12/2008|15:35] C:\Program Files\Internet Explorer
[17/12/2008|01:33] C:\Program Files\Java
[04/01/2009|14:10] C:\Program Files\Malwarebytes' Anti-Malware
[17/12/2008|14:56] C:\Program Files\Microsoft
[02/11/2006|08:37] C:\Program Files\Microsoft Games
[25/02/2008|13:50] C:\Program Files\Microsoft Office
[17/12/2008|14:55] C:\Program Files\Microsoft Office Outlook Connector
[17/12/2008|14:56] C:\Program Files\Microsoft Silverlight
[21/10/2007|16:14] C:\Program Files\Microsoft SQL Server
[23/10/2008|11:12] C:\Program Files\Microsoft SQL Server Compact Edition
[17/12/2008|14:54] C:\Program Files\Microsoft Sync Framework
[05/11/2008|16:30] C:\Program Files\Microsoft Works
[16/05/2007|23:00] C:\Program Files\Microsoft.NET
[16/05/2007|22:00] C:\Program Files\Motorola
[02/11/2006|08:42] C:\Program Files\Movie Maker
[02/11/2006|08:37] C:\Program Files\MSBuild
[02/11/2006|08:37] C:\Program Files\MSN
[18/12/2008|00:13] C:\Program Files\MSN Messenger
[10/10/2008|08:24] C:\Program Files\MSXML 4.0
[15/10/2008|10:01] C:\Program Files\Native Instruments
[04/11/2008|21:13] C:\Program Files\Norton 360
[01/01/2009|21:31] C:\Program Files\Panda Security
[10/12/2007|13:46] C:\Program Files\Propellerhead
[16/05/2007|23:19] C:\Program Files\Realtek
[02/11/2006|08:37] C:\Program Files\Reference Assemblies
[16/05/2007|22:42] C:\Program Files\Roxio
[08/10/2008|18:12] C:\Program Files\ScanSoft
[16/05/2007|23:15] C:\Program Files\Services en ligne
[20/10/2007|12:29] C:\Program Files\Skype
[26/01/2008|20:47] C:\Program Files\Sony
[21/10/2007|16:11] C:\Program Files\Sony Setup
[04/01/2009|11:33] C:\Program Files\Spybot - Search & Destroy
[10/12/2008|22:42] C:\Program Files\Steinberg
[25/09/2008|15:28] C:\Program Files\Symantec
[16/05/2007|22:06] C:\Program Files\Synaptics
[26/11/2007|14:48] C:\Program Files\Syncrosoft
[02/01/2009|22:02] C:\Program Files\Trend Micro
[25/12/2008|15:14] C:\Program Files\Ulead Photo Express LE
[21/10/2007|16:15] C:\Program Files\Uninstall Information
[05/11/2008|14:50] C:\Program Files\Vidal
[24/10/2007|16:32] C:\Program Files\VideoLAN
[09/11/2008|16:43] C:\Program Files\VirtualDJ
[10/12/2008|21:24] C:\Program Files\VstPlugins
[20/10/2007|10:26] C:\Program Files\WIDCOMM
[26/09/2008|14:07] C:\Program Files\Windows Calendar
[02/11/2006|08:42] C:\Program Files\Windows Collaboration
[10/10/2008|08:44] C:\Program Files\Windows Defender
[02/11/2006|08:42] C:\Program Files\Windows Journal
[17/12/2008|14:55] C:\Program Files\Windows Live
[23/10/2008|11:15] C:\Program Files\Windows Live Favorites
[17/12/2008|14:47] C:\Program Files\Windows Live SkyDrive
[17/12/2008|14:54] C:\Program Files\Windows Live Toolbar
[11/12/2008|15:35] C:\Program Files\Windows Mail
[12/12/2008|14:05] C:\Program Files\Windows Media Player
[20/10/2007|10:13] C:\Program Files\Windows NT
[02/11/2006|08:42] C:\Program Files\Windows Photo Gallery
[17/10/2008|10:24] C:\Program Files\Windows Sidebar
[19/11/2008|12:49] C:\Program Files\WinRAR
[03/04/2008|19:40] C:\Program Files\WinZip
[02/04/2008|16:41] C:\Program Files\Worms World Party

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[19/11/2008|22:49] C:\Program Files\Common Files\Adobe
[20/11/2008|20:42] C:\Program Files\Common Files\AVSMedia
[25/12/2008|14:59] C:\Program Files\Common Files\Canon
[16/05/2007|23:00] C:\Program Files\Common Files\DESIGNER
[28/11/2007|18:40] C:\Program Files\Common Files\DigiDesign
[16/05/2007|23:12] C:\Program Files\Common Files\HP
[16/05/2007|23:20] C:\Program Files\Common Files\InstallShield
[16/05/2007|23:38] C:\Program Files\Common Files\Java
[16/05/2007|23:21] C:\Program Files\Common Files\LightScribe
[17/12/2008|14:47] C:\Program Files\Common Files\microsoft shared
[16/05/2007|22:41] C:\Program Files\Common Files\Roxio Shared
[08/10/2008|18:28] C:\Program Files\Common Files\ScanSoft Shared
[02/11/2006|07:18] C:\Program Files\Common Files\Services
[16/05/2007|22:40] C:\Program Files\Common Files\Sonic Shared
[26/01/2008|20:47] C:\Program Files\Common Files\Sony Shared
[02/11/2006|07:18] C:\Program Files\Common Files\SpeechEngines
[05/11/2008|16:31] C:\Program Files\Common Files\SureThing Shared
[31/10/2008|09:38] C:\Program Files\Common Files\Symantec Shared
[17/12/2008|14:55] C:\Program Files\Common Files\System
[25/12/2008|15:14] C:\Program Files\Common Files\Ulead Systems
[17/12/2008|14:03] C:\Program Files\Common Files\Windows Live
[23/10/2008|10:44] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 85 Processes )

iexplore.exe ~ [PID:4144]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\PANDA\AppData\Local\Temp\stadistic.log

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 20:18:33
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 143

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\PANDA\Documents\SON\Programmes son\cool edit pro 20 +crack.zip
C:\Users\PANDA\Documents\SON\Programmes son\Fl Studio 6.0.8 Crack Aka Fruity Loops All Plugins Unlocked!(Xxl Edition).rar
C:\Users\PANDA\Documents\SON\Programmes son\Fruity Loops Studio 5 + Crack (full program).rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects
C:\Users\PANDA\Documents\SON\Programmes son\Ableton\Presets\Audio Effects\Vinyl Distortion\Crack.adv
C:\Users\PANDA\Documents\SON\Programmes son\Guitare\Guitar Pro Tabs\F\Faith No More\Faith No More - Crack Hitler.gp3
C:\Users\PANDA\Documents\SON\Programmes son\Guitare\Guitar Pro Tabs\L\Limp Bizkit\Limp Bizkit - Crack Addict.gp4
C:\Users\PANDA\Documents\SON\Programmes son\Guitare\Guitar Pro Tabs\P\Pixies\Pixies - Crackity Jones.gp3
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Keygen1.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dbPowerAMP Auxiliary Input Release 3.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dbPowerAMP File Selector Add-on Release 4b.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dbPowerAMP Power Pack Release 3.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dbPowerAMP Skin Designer 4.0.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dBpowerAMP-codec-Arrange-Music.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dBpowerAMP-codec-Rename-Extension.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Add-Ons\dBpowerAMP-codec-Tag-From-Filename.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-VCD.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-VOC.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-VQF.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-VTX.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-WAVpack.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-Winamp-Input.exe
C:\Users\PANDA\Documents\SON\Programmes son\MIDI CONVERTER\Dbpoweramp Music Converter 10.1 All Add-Ons All Codecs Crack-m3Zz\Codecs\dBpowerAMP-codec-WMA-9-Release-1.3b .exe
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\+100VirtualDJSamples-mosconet.com.rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\+35VirtualDJSkins-mosconet.com.rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\crack to 3.1
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\setup 2.6.exe
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\update_virtualdj_v3.0.exe
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\VirtualDJ-Video-Effects-mosconet.com.rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\VirtualDJ2.06ACT-mosconet.com.rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\virtualdj301act-mosconet.com.rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\crack to 3.1\virtualdj.exe
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Cubase Sx 3.1.1.944 Spanish (2006) & Key H2o Rula Ok.rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Steinberg - Cubase VST PlugIn - Voicemachine v1.0 (DigitalForce).zip
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Steinberg - Groove Agent 1.0 (Virtual Drummer).rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Steinberg Cubase VST PlugIn - AKAI ACID LOOPS & SAMPLES - Essential Sounds II [Bass, Drums & Percussion].rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Steinberg Cubase Vst Plugin - Akai Virtual Sampler Pro 2.7 - Test Ok - V Usa.zip
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\Steinberg.Cubase.SX.v3.0.2.623-H2O.rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual DJ 3.01 + Crack, Skins, Effects\Steinberg\[SOUNDBANKS] VST-Drums-Samples - Native Instruments Battery Kits TAMA Rock Star-EXCELLENT!.rar
C:\Users\PANDA\Documents\SON\Programmes son\Virtual Dj v2.01 Full + Effects + Skins + Samples + CD VDJTimeCode + ID3-TAG Plug-In [ by DJ Francky ]\Virtual Dj v2.01 Full + Effects + Skins [ by DJ Francky ]\VirtualDJ v2.01 - Crack.exe
C:\Users\PANDA\Documents\SON\Sound Bank\9000 Drum.MIDI.FILES.loops.and.songs.drum.mid.by LAG\MIDI FILES ( Over 3000 midi files )\RetroFunk\RF Disc B\104_Crackin.mid
C:\Users\PANDA\Music\HC\mix declic\b2-bryan_fury-crack_the_jewel.mp3
C:\Users\PANDA\Music\HC\mix declic\Unexist - Crack Whore.mp3
C:\Users\PANDA\Music\TRIBE\WORLD TRAVELLER ADVENTURES\10-Keshno, Probe 1 & Crackhead Worm -Urban decay.mp3


[F:33][D:8]-> C:\Users\PANDA\AppData\Local\Temp
[F:44][D:1]-> C:\Users\PANDA\AppData\Roaming\MICROS~1\Windows\Cookies
[F:32][D:4]-> C:\Users\PANDA\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:17][D:6]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 05/01/2009|20:20 - Option : [1]

--------------------\\ Fin du rapport a 20:20:30
[ UAC => 1 ]
0
Réponse 19 / 44
Utilisateur anonyme
5 janv. 2009 à 18:42
ouvre le programme spy bot, et dans longlé mode choisi avacé, en suit clic sur outi , et démarage systéme, tu ora une liste de programme qui s ative au démarage clic sur les deux fleche qui son a droit sela t afiche des information sur l element clic sur la barre de droite et fait glissé jusquan bas il t afiche si c est un virus si c est le cas fau que tu décoche le petit carré a droit
0
pandax27 Messages postés 38 Date d'inscription dimanche 4 janvier 2009 Statut Membre Dernière intervention 13 janvier 2009 1
6 janv. 2009 à 01:12
Bonsoir ezekielo,

J'ai fait ce que tu m'as dit sur spybot dans le démarrage systeme. J'ai trouvé un seul élement (le seul surligné en rouge) dont les informations sont :
Nom du fichier: %WINDIR%/SMINST/launcher
Description : Spyware component related to DownloadWare and found in Program Files KFH
Etat base de donnée : Inutile - virus, spyware Malaware ou autres dévoreurs de ressources

Je l'ai décoché puis redémarer l'ordinateur mais pas d'amelioration visible. Ai-je bien fait de le décocher?
D'autre part, Spybot m'indiquait d'autres éléments surlignés en jaune qui avait le meme état de base de donnée mais pas une description suspecte.Est- ce que j'aurai dû tous les décocher?
0
Réponse 20 / 44
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
6 janv. 2009 à 10:43
Relance LOP S&D

Choisis cette fois ci l'Option 2 ( Suppression )

! Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

Nouvelle tâche, tape explorer.exe et valide )
0

Discussions similaires

win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
a XOR b XOR c
capa57 -
capa57 -

2 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Commande internet correspondance taille US pour jean homme.
Larkos -
Zabou -

5 réponses
Taille française/taille US (jeans). HELP plz!
STL75 -
superthevip -

3 réponses