Packed.Win 32.Krap.hc

vanlinberghe Messages postés 22 Statut Membre -  
vlb421 Messages postés 76 Statut Membre -
Bonjour,

mon antivirus fsecure a détécté ce bidule que dois-je faire,merci de votre aide

Il me met : Code dangereux détecté dans le fichier C:\SYSTEM VOLUME
INFORMATION\_RESTORE{C14E324-B567-4F08-BC23-E1616COD2C7E}\RP239\A0069821.EXE.

Merci d'avance

6 réponses

  1. barnabe0057 Messages postés 14329 Date d'inscription   Statut Contributeur Dernière intervention   4 930
     
    Bonjour,
    Il faut purger ta restauration système, voila un tutoriel pour y parvenir :
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924

    Ne pas oublier de réactiver la restauration système.
    1
    1. vanlinberghe Messages postés 22 Statut Membre
       
      apparemment il n'est plus la merci
      0
  2. vanlinberghe Messages postés 22 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:08:13, on 3/06/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Stéphanie\Mes documents\Téléchargements\HiJackThis(3).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-21-1292428093-362288127-725345543-1015\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
    O4 - HKUS\S-1-5-21-1292428093-362288127-725345543-1015\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'postgres')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
    O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Stéphanie\Menu Démarrer\Programmes\UB\UB.lnk (HKCU)
    O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Stéphanie\Menu Démarrer\Programmes\UB\UB.lnk (HKCU)
    O9 - Extra button: Yukon Gold - {5E8B47C0-F430-43EF-842F-492688417A45} - C:\Microgaming\Casino\YukonGold\casinogame.exe (HKCU)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O24 - Desktop Component 0: (no name) - http://static.hugedomains.com/images/logo_huge_domains.gif
    0
  3. vanlinberghe Messages postés 22 Statut Membre
     
    Logfile of random's system information tool 1.07 (written by random/random)
    Run by Stéphanie at 2010-06-03 18:19:43
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 211 GB (89%) free of 238 GB
    Total RAM: 1015 MB (20% free)

    HijackThis download failed

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Scheduled scanning task.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {CCC7A320-B3CA-4199-B1A6-9F516DD69829}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2005-10-26 122929]
    "F-Secure TNB"=C:\Program Files\F-Secure\TNB\TNBUtil.exe [2004-05-27 684032]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-12-10 18789920]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
    "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-10-12 135168]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-10-12 163840]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-10-12 131072]
    "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
    "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2010-04-23 1668920]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2007-10-12 204800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=128
    "NoDriveAutoRun"=128
    "HonorAutoRunSetting"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe"="C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Tournament Indicator\Indicator.exe"="C:\Program Files\Tournament Indicator\Indicator.exe:*:Enabled:Tournament Indicator"
    "C:\Program Files\Holdem Indicator\HoldemIndicator.exe"="C:\Program Files\Holdem Indicator\HoldemIndicator.exe:*:Enabled:Holdem Indicator"
    "C:\Program Files\Calculateur de Cotes Poker770\HoldemIndicator.exe"="C:\Program Files\Calculateur de Cotes Poker770\HoldemIndicator.exe:*:Enabled:Holdem Indicator"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe"="C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    shell\AutoRun\command - F:\LaunchU3.exe -a

    ======List of files/folders created in the last 1 months======

    2010-06-02 02:13:31 ----D---- C:\output
    2010-06-02 02:12:32 ----D---- C:\Program Files\qvPDF
    2010-06-02 01:24:38 ----D---- C:\Config.Msi
    2010-06-01 19:20:51 ----D---- C:\Program Files\B2BPOKER
    2010-06-01 18:44:21 ----D---- C:\rsit
    2010-06-01 18:44:21 ----D---- C:\Program Files\trend micro
    2010-05-29 16:09:00 ----D---- C:\RedKings
    2010-05-29 15:59:14 ----D---- C:\Program Files\Bodog Poker
    2010-05-29 15:45:51 ----D---- C:\Documents and Settings\Stéphanie\Application Data\Betfair
    2010-05-29 15:45:49 ----D---- C:\Program Files\Betfair
    2010-05-26 17:10:24 ----D---- C:\Documents and Settings\Stéphanie\Application Data\LuckyAcePoker.com
    2010-05-26 17:10:17 ----D---- C:\Program Files\LuckyAcePoker.com
    2010-05-26 17:05:52 ----D---- C:\Program Files\ParadisePoker
    2010-05-26 16:42:47 ----D---- C:\bwinPoker
    2010-05-26 12:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
    2010-05-25 00:46:02 ----A---- C:\Documents and Settings\Stéphanie\Application Data\tigersetting.dll
    2010-05-25 00:40:47 ----A---- C:\Documents and Settings\Stéphanie\Application Data\SYSTEM32.dll
    2010-05-25 00:40:47 ----A---- C:\Documents and Settings\Stéphanie\Application Data\init.dll
    2010-05-25 00:40:40 ----A---- C:\Documents and Settings\Stéphanie\Application Data\sound.dll
    2010-05-25 00:32:31 ----A---- C:\WINDOWS\system32\HPDOMON.DLL
    2010-05-25 00:32:30 ----A---- C:\WINDOWS\system32\HPBMMON.DLL
    2010-05-25 00:32:30 ----A---- C:\WINDOWS\system32\HPBHEALR.DLL
    2010-05-22 14:14:28 ----D---- C:\Program Files\UB
    2010-05-20 17:51:25 ----D---- C:\Documents and Settings\All Users\Application Data\microgaming
    2010-05-19 01:15:29 ----D---- C:\Program Files\PacificPoker
    2010-05-19 01:15:04 ----D---- C:\Program Files\PACIFI~1
    2010-05-19 00:57:09 ----D---- C:\Casino770
    2010-05-18 23:47:31 ----D---- C:\Poker
    2010-05-16 13:23:15 ----D---- C:\HollywoodPoker
    2010-05-12 11:54:44 ----D---- C:\bda1d06fadcb885159e7a20b1579
    2010-05-12 11:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
    2010-05-05 13:25:52 ----D---- C:\Betsson

    ======List of files/folders modified in the last 1 months======

    2010-06-03 18:20:04 ----D---- C:\WINDOWS\Temp
    2010-06-03 18:19:29 ----D---- C:\WINDOWS\Prefetch
    2010-06-03 13:24:53 ----D---- C:\WINDOWS
    2010-06-03 02:12:57 ----N---- C:\WINDOWS\SchedLgU.Txt
    2010-06-03 00:31:38 ----RSD---- C:\WINDOWS\Fonts
    2010-06-03 00:31:38 ----D---- C:\WINDOWS\system32\drivers
    2010-06-02 02:23:53 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-06-02 02:19:05 ----D---- C:\WINDOWS\system32\CatRoot
    2010-06-02 02:15:20 ----D---- C:\WINDOWS\system32\config
    2010-06-02 02:15:04 ----D---- C:\WINDOWS\system32\wbem
    2010-06-02 02:15:04 ----D---- C:\WINDOWS\Registration
    2010-06-02 02:14:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-06-02 02:14:05 ----D---- C:\Program Files\Poker Heaven
    2010-06-02 02:14:02 ----RD---- C:\Program Files
    2010-06-02 02:11:22 ----HD---- C:\WINDOWS\inf
    2010-06-02 02:09:51 ----SHD---- C:\WINDOWS\Installer
    2010-06-02 02:09:46 ----D---- C:\Program Files\Absolute Poker
    2010-06-02 02:09:05 ----D---- C:\WINDOWS\WinSxS
    2010-06-02 02:08:08 ----D---- C:\WINDOWS\system32
    2010-06-02 02:07:32 ----D---- C:\Program Files\PokerTracker 3
    2010-06-02 02:07:20 ----D---- C:\Documents and Settings\Stéphanie\Application Data\UB
    2010-06-02 02:06:21 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2010-06-02 02:06:19 ----SD---- C:\Documents and Settings\Stéphanie\Application Data\Microsoft
    2010-06-01 10:51:46 ----D---- C:\WINDOWS\network diagnostic
    2010-05-30 12:42:50 ----A---- C:\mbam-error.txt
    2010-05-29 00:09:22 ----D---- C:\Program Files\PartyGaming
    2010-05-28 17:07:15 ----D---- C:\Documents and Settings\Stéphanie\Application Data\Microgaming
    2010-05-22 17:48:19 ----D---- C:\Program Files\Full Tilt Poker
    2010-05-20 10:58:43 ----D---- C:\Winamax
    2010-05-12 20:58:19 ----D---- C:\Europoker
    2010-05-12 12:02:39 ----D---- C:\WINDOWS\Debug
    2010-05-12 11:54:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2010-05-12 11:54:38 ----D---- C:\Program Files\Outlook Express
    2010-05-12 11:11:38 ----HD---- C:\WINDOWS\$hf_mig$
    2010-05-07 17:00:00 ----A---- C:\WINDOWS\system32\unzip32.dll
    2010-05-07 17:00:00 ----A---- C:\WINDOWS\system32\quick32.dll
    2010-05-06 18:44:29 ----D---- C:\MicroGaming

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-08-21 25520]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032]
    R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys []
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys []
    R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys []
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-12 5672032]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-10 6017568]
    R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-04-24 12288]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-10-03 102656]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
    S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
    S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
    S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
    S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
    S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-02-15 50960]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-03-21 16112]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-03-08 22512]
    S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys []
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
    S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-24 5888]
    S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
    S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update; C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2008-03-01 32807]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 fsbwsys;fsbwsys; C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe [2005-10-24 270428]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [2001-09-04 45056]
    R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2005-10-26 61490]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
    R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [2005-10-31 208959]
    R3 F-Secure Network Request Broker;F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2005-10-26 110642]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
    0
  4. vanlinberghe Messages postés 22 Statut Membre
     
    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Version de la base de données: 4162

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/06/2010 18:27:17
    mbam-log-2010-06-03 (18-27-17).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 242440
    Temps écoulé: 3 heure(s), 56 minute(s), 46 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. vlb421 Messages postés 76 Statut Membre
     
    et je dois faire koi pour éliminer cette bète?merci
    0
  7. conbava
     
    C'est tout simplement le trojan de HADOPI sur votre disue dur D:
    -2