[Infection] Popups CiD

Kyo -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour à tous, comme pas mal de personnes, je suis infecté par les popups CID, j'ai regardé quelques conversation et j'ai désinstallé CiD Help, Bit Download, certains codecs, cependant il y en a toujours, alors je sollicite votre aide, j'ai scanné mon pc avec Hijackthis, voici le rapport:



Logfile of HijackThis v1.99.1
Scan saved at 22:38:30, on 23/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\byrresiq.dll",setvm
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet/static/controls/root.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - https://www.photolitto.com/
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: rdihost - {5DC4AAAD-A716-4A24-B6E6-5B843B735022} - rdihost.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WUSB54GPv4SVC - Unknown owner - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GPv4.exe (file missing)

61 réponses

Précédent
Réponse 21 / 61
mistinguette13000 Messages postés 69 Statut Membre
 
Voila le rapport :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:51, on 31/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ExpertTool - {A54BD3E2-3ACF-7FB0-0C44-120D44F15697} - C:\Program Files\ExpertTool\ExpertTool-1.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O15 - Trusted Zone: http://by124w.bay124.mail.live.com
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.51.236.211//activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr/...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA88A5B-CDEE-48F9-9318-B33DDD385A9F}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
0
Réponse 22 / 61
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

tout est rentré dans l'ordre ou tu as encore des soucis ?
0
Réponse 23 / 61
mistinguette13000 Messages postés 69 Statut Membre
 
Bonjour

Oui moins souvent mais j'ai encore des popup , la c'est plutotcalme mais toujours présent comme au début il y à qqs jours c'était juste un puis ensuite d'autre et de plus en plus.

Ca ne viendrait pas d'un réglage de sécurité dans internet explorer?
0
Réponse 24 / 61
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

que disent ces pops up ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 61
mistinguette13000 Messages postés 69 Statut Membre
 
Bonjour voila :

https://www.seafight.com/?originalURL=fr.seafight.bigpoint.com&aid=653&aig=41

http://popunder.multi-pops.com

https://www.grandhotelcasino.com/en/

https://www.bigpoint.net/games/?originalURL=fr.thepimps.bigpoint.com&aid=653&aig=34

http://www.wwwamnc1.com
0
Réponse 26 / 61
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,


Clique sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
pour télécharger navilog1.exe.

Choisis Enregistrer

et enregistre-le sur ton bureau.

Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans ta réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
Réponse 27 / 61
mistinguette13000 Messages postés 69 Statut Membre
 
Coucou

Search Navipromo version 3.6.5 commencé le 31/08/2008 à 18:36:12,07

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Patrick"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Patrick\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\YUUPMN~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Patrick\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\YUUPMN~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Patrick\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\YUUPMN~1\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Patrick\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\YUUPMN~1\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Patrick\locals~1\applic~1" :


* Dans "C:\DOCUME~1\YUUPMN~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 31/08/2008 à 18:44:18,48 ***
0
Réponse 28 / 61
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

bon bon bon !!!

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 29 / 61
mistinguette13000 Messages postés 69 Statut Membre
 
Coucou

Donc voici le rapport :

ComboFix 08-08-30.03 - Patrick 2008-09-01 1:00:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.642 [GMT 2:00]
Endroit: C:\Documents and Settings\Patrick\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
.

2428-09-03 13:19 . 2428-09-03 13:19 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2428-09-03 13:19 . 2428-09-03 13:19 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-08-30 15:52 . 2008-08-30 15:52 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-30 15:47 . 2008-08-30 15:47 <REP> d-------- C:\Program Files\MSXML 4.0
2008-08-30 15:47 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-30 15:12 . 2008-08-30 15:13 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-30 15:07 . 2008-08-30 15:25 <REP> d-------- C:\SDFix
2008-08-30 12:13 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-30 12:13 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-30 01:28 . 2008-08-30 01:42 <REP> d-a------ C:\MSNFix
2008-08-28 14:30 . 2004-08-05 14:00 23,040 --a------ C:\WINDOWS\system32\lpdsvc.dll
2008-08-28 14:30 . 2004-08-05 14:00 23,040 --a--c--- C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-08-28 14:30 . 2004-08-05 14:00 19,456 --a------ C:\WINDOWS\system32\lprmon.dll
2008-08-28 14:30 . 2004-08-05 14:00 19,456 --a--c--- C:\WINDOWS\system32\dllcache\lprmon.dll
2008-08-28 13:10 . 2008-08-31 19:00 <REP> d-------- C:\Program Files\Navilog1
2008-08-27 18:37 . 2008-08-27 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-27 18:37 . 2008-08-27 18:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-27 13:03 . 2008-08-27 13:03 23,641,945 --a------ C:\WINDOWS\LPT$VPN.501
2008-08-27 13:02 . 2008-08-27 13:03 <REP> d-------- C:\WINDOWS\AU_Temp
2008-08-27 13:02 . 2008-08-27 13:03 23,641,945 --a------ C:\WINDOWS\VPTNFILE.501
2008-08-27 03:43 . 2008-08-30 15:51 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-27 03:41 . 2008-06-23 18:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-27 03:41 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-27 03:41 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-27 03:41 . 2008-06-23 18:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-27 03:41 . 2008-06-23 18:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-27 03:41 . 2008-06-23 18:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-27 03:41 . 2008-06-23 18:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-27 03:41 . 2008-06-23 18:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-27 03:41 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-27 03:40 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-27 03:40 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-27 01:05 . 2008-08-27 01:05 <REP> d-------- C:\Program Files\CCleaner
2008-08-26 23:36 . 2008-08-26 23:36 <REP> d-------- C:\Program Files\Sunbelt Software
2008-08-26 23:36 . 2008-07-16 09:57 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys
2008-08-26 23:36 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys
2008-08-26 20:26 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-26 18:24 . 2008-08-26 18:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 18:24 . 2008-08-26 18:24 <REP> d-------- C:\Documents and Settings\Patrick\Application Data\Malwarebytes
2008-08-26 18:24 . 2008-08-26 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 18:24 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 18:24 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 04:03 . 2008-08-26 04:03 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-08-26 04:03 . 2008-08-26 04:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-08-26 04:01 . 2008-08-26 15:06 <REP> d-------- C:\Program Files\BoontyGames
2008-08-26 04:01 . 2008-08-26 04:01 <REP> d-------- C:\Program Files\Boonty
2008-08-26 01:38 . 2008-08-26 01:38 <REP> d-------- C:\_OTMoveIt
2008-08-25 22:33 . 2008-08-25 22:33 <REP> dr-h----- C:\Documents and Settings\Patrick\Application Data\SecuROM
2008-08-25 22:27 . 2008-08-25 22:27 <REP> d-------- C:\Program Files\JoWooD Productions
2008-08-16 20:11 . 2008-08-29 13:38 <REP> d-------- C:\Program Files\torrent_search
2008-08-16 20:11 . 2008-08-29 13:38 <REP> d-------- C:\Program Files\Conduit
2008-08-16 20:11 . 2008-08-16 20:11 64,859 --a------ C:\WINDOWS\system32\eyunnonbcrt.exe
2008-08-16 20:10 . 2008-08-26 01:38 <REP> d-------- C:\Program Files\BitTorrent Fastest Tool
2008-08-16 20:06 . 2008-08-16 20:06 <REP> d-------- C:\Program Files\rule knob iso
2008-08-16 20:06 . 2008-08-22 15:35 <REP> d-------- C:\Documents and Settings\Patrick\Application Data\rule knob iso
2008-08-16 20:06 . 2008-08-26 22:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf
2008-08-16 20:01 . 2008-08-31 18:02 <REP> d-------- C:\Program Files\ExpertTool
2008-08-16 13:51 . 2008-08-16 13:51 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 11:03 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-08-27 11:03 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-08-27 02:21 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-27 02:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 23:17 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-08-26 23:13 --------- d-----w C:\Program Files\Logitech
2008-08-26 23:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-26 22:53 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-08-26 22:53 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-08-26 22:23 --------- d-----w C:\Documents and Settings\Patrick\Application Data\uTorrent
2008-08-25 20:37 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-25 20:33 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-25 17:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-25 15:35 --------- d-----w C:\Program Files\MSN Messenger
2008-08-25 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-16 19:00 --------- d-----w C:\Program Files\PokerStars
2008-08-16 11:51 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-16 11:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-16 11:51 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-11 19:22 --------- d-----w C:\Program Files\SplitCam
2008-08-11 19:22 --------- d-----w C:\Program Files\PartyGaming
2008-07-31 10:05 --------- d-----w C:\Program Files\WowCartographe
2008-07-21 15:15 --------- d-----w C:\Documents and Settings\Patrick\Application Data\skypePM
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-02 14:38 3,140 ----a-w C:\Documents and Settings\Patrick\Application Data\wklnhst.dat
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:37 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-16 09:48 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-01 23:30 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-12-29 13:02 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-03 00:29 190024]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 20:59 67128]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 02:51 172032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 16:41 438359]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-01 09:22 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-16 13:51 185896]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 15:07 90112 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-06 20:59:52 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LE COMPAGNON CLUB.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LE COMPAGNON CLUB.lnk
backup=C:\WINDOWS\pss\LE COMPAGNON CLUB.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Patrick^Menu Démarrer^Programmes^Démarrage^CamTrack.lnk]
path=C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\CamTrack.lnk
backup=C:\WINDOWS\pss\CamTrack.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Patrick^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
path=C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
backup=C:\WINDOWS\pss\Club Internet.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Patrick^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Patrick^Menu Démarrer^Programmes^Démarrage^Screen Saver Control.lnk]
path=C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk
backup=C:\WINDOWS\pss\Screen Saver Control.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Patrick^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Defender]
C:\WINDOWS\system32\WW)W [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 08:33 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-16 13:24 167368 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-10-03 00:29 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2005-08-31 21:27 1658592 C:\Program Files\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-04-01 09:22 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"SENS"=2 (0x2)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"EventSystem"=3 (0x3)
"NOD32krn"=2 (0x2)
"iPodService"=3 (0x3)
"PnkBstrA"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Jeux\\WoW\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Jeux\\WoW\\World of Warcraft\\Launcher.exe"=
"C:\Program Files\uTorrent\utorrent.exe"= C:\Program Files\uTorrent\utorrent.exe:192.168.1.0/255.255.255.0:Enabled:µTorrent
"C:\Program Files\eMule\emule.exe"= C:\Program Files\eMule\emule.exe:192.168.1.0/255.255.255.0:Enabled:eMule
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Jeux\\Diablo II\\Game.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"15707:TCP"= 15707:TCP:bf2
"15707:UDP"= 15707:UDP:bf2
"4662:TCP"= 4662:TCP:192.168.1.0/255.255.255.0:Enabled:emule
"4672:UDP"= 4672:UDP:192.168.1.0/255.255.255.0:Enabled:emule
"13739:TCP"= 13739:TCP:192.168.1.0/255.255.255.0:Enabled:torrent
"13739:UDP"= 13739:UDP:192.168.1.0/255.255.255.0:Enabled:torrent
"21328:TCP"= 21328:TCP:utorent

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 12:43]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 09:57]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 10:36]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 10:36]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 05:41]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-08-26 04:03]
S4 SrvVaz;SrvVaz;\\?\C:\Program Files\Fichiers communs\Microsoft Shared\com3.exe [2004-08-05 14:00]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-IncrediMail - C:\PROGRA~1\INCRED~1\bin\IncMail.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-LogitechQuickCamRibbon - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MSConfigStartUp-nod32kui - C:\Program Files\Eset\nod32kui.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.iesearch.com/
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com/fsc/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
O8 -: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{DBA88A5B-CDEE-48F9-9318-B33DDD385A9F}: NameServer = 194.117.200.10,194.117.200.15
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
C:\WINDOWS\Downloaded Program Files\MDM.inf

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://82.51.236.211//activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf

O16 -: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxps://motive.club-internet.fr:8080/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
C:\WINDOWS\Downloaded Program Files\WebflowActiveXInstaller.inf
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 01:05:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-01 1:07:40
ComboFix-quarantined-files.txt 2008-08-31 23:07:34

Pre-Run: 161,167,667,200 octets libres
Post-Run: 161,252,429,824 octets libres

283 --- E O F --- 2008-08-30 13:52:27
0
Réponse 30 / 61
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Program Files\Fichiers communs\Microsoft Shared\com3.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant
0
Réponse 31 / 61
mistinguette13000 Messages postés 69 Statut Membre
 
Coucou

Je suis aller sur le site j'ai chercher le fichier et fait send et quasiment aprés ca m'as afficher une autre page avec écrit ca dedans :

0 bytes size received / Se ha recibido un archivo vacio
0
Réponse 32 / 61
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

as tu une carte TerraTec Cinergy T2 (c'est une carte tuner TV) ?

en attendant, fais ceci :


Télécharge Lop S&D ici :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation

Puis double-clique [b]sur le raccourci Lop S&D/b présent sur ton bureau

Séléctionne la langue souhaitée , puis choisis [b]l'Option 1/b ( Recherche )

Patiente jusqu'à la fin du scan

Poste le rapport généré ( C:lopR.txt )
0
Réponse 33 / 61
mistinguette13000 Messages postés 69 Statut Membre
 
Coucou

Non je n'ai pas de TerraTec Cinergy T2

Voici le scan de LoPSd :


--------------------\\ Lop S&D 4.2.3-8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Patrick ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)
Firewall : Sunbelt Personal Firewall 4.6.1845 T (Activated)

"C:\Lop SD" ( MAJ : 31-08-2008|15:45 )
Option : [1] ( 01/09/2008|22:16 )

--------------------\\ Listing des dossiers dans APPLIC~1

[11/03/2008|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/08/2007|14:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
[31/01/2006|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[01/04/2006|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/04/2008|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[26/08/2008|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[31/01/2006|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[29/12/2007|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
[12/04/2006|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[26/09/2007|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[26/08/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[06/07/2006|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[02/07/2008|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/03/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[23/05/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[02/08/2006|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[31/01/2006|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[29/12/2007|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[27/08/2008|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[26/08/2008|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
[04/08/2007|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[25/08/2008|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[29/09/2007|13:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[31/01/2006|16:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[31/01/2006|16:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[31/01/2006|16:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[31/01/2006|15:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[31/01/2006|16:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[31/01/2006|15:43] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[31/01/2006|15:43] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[29/05/2008|15:02] C:\DOCUME~1\Patrick\APPLIC~1\Adobe
[18/10/2006|03:17] C:\DOCUME~1\Patrick\APPLIC~1\AdobeUM
[01/04/2006|09:34] C:\DOCUME~1\Patrick\APPLIC~1\Apple Computer
[31/01/2006|16:34] C:\DOCUME~1\Patrick\APPLIC~1\ATI
[31/01/2006|16:35] C:\DOCUME~1\Patrick\APPLIC~1\desktop.ini
[02/04/2008|22:44] C:\DOCUME~1\Patrick\APPLIC~1\Hamachi
[01/05/2007|03:12] C:\DOCUME~1\Patrick\APPLIC~1\Help
[31/01/2006|15:43] C:\DOCUME~1\Patrick\APPLIC~1\Identities
[12/04/2006|09:14] C:\DOCUME~1\Patrick\APPLIC~1\Jasc Software Inc
[11/03/2006|01:19] C:\DOCUME~1\Patrick\APPLIC~1\Macromedia
[26/08/2008|18:24] C:\DOCUME~1\Patrick\APPLIC~1\Malwarebytes
[05/09/2007|14:55] C:\DOCUME~1\Patrick\APPLIC~1\Media Player Classic
[17/03/2008|21:10] C:\DOCUME~1\Patrick\APPLIC~1\Microsoft
[21/03/2007|22:25] C:\DOCUME~1\Patrick\APPLIC~1\Motive
[11/03/2006|01:59] C:\DOCUME~1\Patrick\APPLIC~1\Mozilla
[01/09/2007|21:52] C:\DOCUME~1\Patrick\APPLIC~1\MSNInstaller
[13/08/2008|13:40] C:\DOCUME~1\Patrick\APPLIC~1\Real
[22/08/2008|15:35] C:\DOCUME~1\Patrick\APPLIC~1\rule knob iso
[25/08/2008|22:33] C:\DOCUME~1\Patrick\APPLIC~1\SecuROM
[21/07/2008|17:15] C:\DOCUME~1\Patrick\APPLIC~1\skypePM
[07/11/2006|01:37] C:\DOCUME~1\Patrick\APPLIC~1\Sun
[27/12/2007|00:06] C:\DOCUME~1\Patrick\APPLIC~1\teamspeak2
[28/03/2006|08:55] C:\DOCUME~1\Patrick\APPLIC~1\Template
[27/08/2008|00:23] C:\DOCUME~1\Patrick\APPLIC~1\uTorrent
[03/11/2006|16:14] C:\DOCUME~1\Patrick\APPLIC~1\vlc
[02/07/2008|16:38] C:\DOCUME~1\Patrick\APPLIC~1\wklnhst.dat

[31/01/2006|16:35] C:\DOCUME~1\YUUPMN~1\APPLIC~1\Adobe
[31/01/2006|16:34] C:\DOCUME~1\YUUPMN~1\APPLIC~1\ATI
[31/01/2006|16:35] C:\DOCUME~1\YUUPMN~1\APPLIC~1\desktop.ini
[31/01/2006|15:43] C:\DOCUME~1\YUUPMN~1\APPLIC~1\Identities
[31/01/2006|16:37] C:\DOCUME~1\YUUPMN~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[16/08/2008 20:06][--ah-----] C:\WINDOWS\tasks\A64BFD4090DC7378.job
[01/09/2008 19:01][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A64BFD4090DC7378.job )=( c:\docume~1\patrick\applic~1\rulekn~1\FILMUPLOADSHOW.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[02/06/2008|03:32] C:\Program Files\7-Zip
[01/07/2008|10:21] C:\Program Files\Adobe
[28/03/2006|20:07] C:\Program Files\Ahead
[20/11/2007|15:08] C:\Program Files\Alwil Software
[31/01/2006|16:32] C:\Program Files\ATI Technologies
[26/04/2008|16:27] C:\Program Files\Avira
[26/08/2006|17:01] C:\Program Files\Axis Communications
[01/09/2007|11:38] C:\Program Files\BF2G15Mod
[26/08/2008|01:38] C:\Program Files\BitTorrent Fastest Tool
[26/08/2008|04:01] C:\Program Files\Boonty
[26/08/2008|15:06] C:\Program Files\BoontyGames
[24/05/2006|18:52] C:\Program Files\BroadJump
[27/08/2008|01:05] C:\Program Files\CCleaner
[16/03/2007|17:05] C:\Program Files\Club-Internet
[03/04/2008|11:43] C:\Program Files\Common Files
[29/08/2008|13:38] C:\Program Files\Conduit
[14/10/2006|18:55] C:\Program Files\Custom-Strike
[25/08/2008|22:37] C:\Program Files\DAEMON Tools
[20/03/2007|06:01] C:\Program Files\EA GAMES
[09/05/2006|19:28] C:\Program Files\Elaborate Bytes
[23/09/2007|22:15] C:\Program Files\eMule
[26/04/2008|16:27] C:\Program Files\Eset
[31/08/2008|18:02] C:\Program Files\ExpertTool
[01/09/2008|01:03] C:\Program Files\Fichiers communs
[29/11/2006|16:57] C:\Program Files\Freelancer Mod Manager
[27/08/2008|04:21] C:\Program Files\GameSpy Arcade
[26/08/2007|16:42] C:\Program Files\Hamachi
[10/09/2007|13:00] C:\Program Files\Horloge
[19/07/2006|14:50] C:\Program Files\Image-Line
[31/01/2007|19:25] C:\Program Files\IncrediMail
[27/08/2008|04:20] C:\Program Files\InstallShield Installation Information
[10/03/2006|03:08] C:\Program Files\Intel
[30/08/2008|15:48] C:\Program Files\Internet Explorer
[31/01/2006|16:25] C:\Program Files\InterVideo
[12/04/2006|09:14] C:\Program Files\Jasc Software Inc
[19/07/2007|23:17] C:\Program Files\Java
[25/08/2008|22:27] C:\Program Files\JoWooD Productions
[11/03/2006|01:31] C:\Program Files\K-Lite Codec Pack
[11/03/2006|01:59] C:\Program Files\K-Meleon
[29/10/2006|05:28] C:\Program Files\Lavalys
[26/09/2007|01:40] C:\Program Files\Lavasoft
[19/03/2007|04:13] C:\Program Files\LDC++
[26/09/2007|17:00] C:\Program Files\Lexmark 5400 Series
[27/08/2008|01:13] C:\Program Files\Logitech
[26/08/2008|18:24] C:\Program Files\Malwarebytes' Anti-Malware
[29/08/2007|12:55] C:\Program Files\MaxSoftware
[29/08/2007|12:56] C:\Program Files\MaxTV
[29/08/2007|12:55] C:\Program Files\MaxTV Online
[26/04/2008|20:12] C:\Program Files\Messenger
[03/10/2006|00:29] C:\Program Files\MessengerPlus! 3
[30/08/2008|15:52] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[31/01/2006|15:41] C:\Program Files\microsoft frontpage
[26/08/2007|13:48] C:\Program Files\Microsoft Games
[15/03/2006|19:59] C:\Program Files\Microsoft IntelliType Pro
[15/03/2006|19:58] C:\Program Files\Microsoft IntelliType Pro 5.2
[31/01/2006|16:23] C:\Program Files\Microsoft Office
[31/01/2006|16:23] C:\Program Files\Microsoft Visual Studio
[31/01/2006|16:21] C:\Program Files\Microsoft Works
[31/01/2006|16:23] C:\Program Files\Microsoft.NET
[21/03/2007|21:49] C:\Program Files\Motive
[31/01/2006|15:39] C:\Program Files\Movie Maker
[26/04/2008|20:09] C:\Program Files\MSN
[31/01/2006|15:38] C:\Program Files\MSN Gaming Zone
[25/08/2008|17:35] C:\Program Files\MSN Messenger
[31/10/2007|03:53] C:\Program Files\MSN Toolbar
[30/08/2008|15:47] C:\Program Files\MSXML 4.0
[31/08/2008|19:00] C:\Program Files\Navilog1
[03/11/2006|14:46] C:\Program Files\NeoTrace Express
[31/01/2006|15:40] C:\Program Files\NetMeeting
[07/01/2008|22:08] C:\Program Files\Neuf
[26/04/2008|16:27] C:\Program Files\nod32
[16/03/2007|16:36] C:\Program Files\No-IP
[31/01/2006|16:07] C:\Program Files\Outlook Express
[11/08/2008|21:22] C:\Program Files\PartyGaming
[16/08/2008|21:00] C:\Program Files\PokerStars
[01/06/2006|16:49] C:\Program Files\QuickTime
[08/03/2006|22:03] C:\Program Files\Raccourcis de programmes
[19/03/2006|20:01] C:\Program Files\Real
[16/08/2008|20:06] C:\Program Files\rule knob iso
[01/09/2007|11:39] C:\Program Files\Schmads Inc
[31/01/2006|15:40] C:\Program Files\Services en ligne
[11/08/2008|21:22] C:\Program Files\SplitCam
[25/08/2008|19:28] C:\Program Files\Spybot - Search & Destroy
[26/08/2008|23:36] C:\Program Files\Sunbelt Software
[05/08/2006|01:01] C:\Program Files\Teamspeak2_RC2
[01/09/2007|11:40] C:\Program Files\The Sir. Community
[29/08/2008|13:38] C:\Program Files\torrent_search
[20/11/2007|23:33] C:\Program Files\Trend Micro
[04/08/2007|21:41] C:\Program Files\Uninstall Information
[22/04/2007|05:13] C:\Program Files\Unlocker
[19/03/2007|04:19] C:\Program Files\uTorrent
[16/04/2007|13:00] C:\Program Files\Valve Hammer Editor
[18/03/2008|20:06] C:\Program Files\VideoLAN
[21/07/2006|17:12] C:\Program Files\vp4eDemo
[11/03/2006|01:33] C:\Program Files\Winamp
[26/04/2008|20:34] C:\Program Files\Windows Live
[30/08/2008|15:47] C:\Program Files\Windows Media Player
[30/08/2008|23:11] C:\Program Files\Windows NT
[11/03/2006|01:48] C:\Program Files\WinRAR
[31/07/2008|12:05] C:\Program Files\WowCartographe
[31/01/2006|15:41] C:\Program Files\xerox
[29/09/2007|14:29] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[11/03/2008|12:23] C:\Program Files\Fichiers communs\Adobe
[28/03/2006|20:07] C:\Program Files\Fichiers communs\Ahead
[19/04/2007|15:15] C:\Program Files\Fichiers communs\Blizzard Entertainment
[26/08/2008|04:03] C:\Program Files\Fichiers communs\BOONTY Shared
[31/01/2006|16:23] C:\Program Files\Fichiers communs\DESIGNER
[15/07/2006|22:39] C:\Program Files\Fichiers communs\FotoWire
[02/12/2006|01:07] C:\Program Files\Fichiers communs\InstallShield
[12/04/2006|09:15] C:\Program Files\Fichiers communs\Jasc Software Inc
[07/11/2006|01:36] C:\Program Files\Fichiers communs\Java
[27/08/2008|01:17] C:\Program Files\Fichiers communs\Logitech
[30/08/2008|15:49] C:\Program Files\Fichiers communs\Microsoft Shared
[16/03/2007|16:40] C:\Program Files\Fichiers communs\Motive
[31/01/2006|15:40] C:\Program Files\Fichiers communs\MSSoap
[28/03/2006|20:09] C:\Program Files\Fichiers communs\Nero
[16/08/2008|13:51] C:\Program Files\Fichiers communs\Real
[31/01/2006|15:40] C:\Program Files\Fichiers communs\Services
[31/01/2006|16:35] C:\Program Files\Fichiers communs\SpeechEngines
[31/01/2006|16:23] C:\Program Files\Fichiers communs\System
[26/04/2008|20:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[26/09/2007|01:39] C:\Program Files\Fichiers communs\Wise Installation Wizard
[16/08/2008|13:51] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 39 Processus )

iexplore.exe ~ [PID:2612]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\Patrick\APPLIC~1\RULEKN~1

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
C:\DOCUME~1\Patrick\APPLIC~1\rulekn~1
C:\Program Files\rulekn~1
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\3wPlayer-2.0.0.0-setup.exe
C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
C:\DOCUME~1\Patrick\Cookies\patrick@adin.bigpoint[1].txt
C:\DOCUME~1\Patrick\Cookies\patrick@adin.bigpoint[2].txt
C:\WINDOWS\Tasks\A64BFD4090DC7378.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lies htm admin]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Patrick\\APPLIC~1\\RULEKN~1\\That Ace.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 22:21:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Patrick\Bureau\Programmes\D‚compresseur\WinRAR 3.0 With Crack.exe
C:\DOCUME~1\Patrick\Bureau\Programmes\Vid‚os\Ulead_Gif_Animator_5.0_Supergege\Crack.exe


[F:14][D:1]-> C:\DOCUME~1\Patrick\LOCALS~1\Temp
[F:109][D:0]-> C:\DOCUME~1\Patrick\Cookies
[F:1215][D:8]-> C:\DOCUME~1\Patrick\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 01/09/2008|22:24 - Option : [1]

--------------------\\ Fin du rapport a 22:24:36
0
Réponse 34 / 61
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Patrick\Bureau\Programmes\D‚compresseur\WinRAR 3.0 With Crack.exe
C:\DOCUME~1\Patrick\Bureau\Programmes\Vid‚os\Ulead_Gif_Animator_5.0_Supergege\Crack.exe

Ce genre de téléchargement et de fichiers est une menace permanente contre la sécurité.

Je t'invite à les supprimer sans délais et à chercher des équivalents gratuits (Xp intègre un utilitaire efficace de décompression).

Ensuite,

Relance Lop S&D

Choisis cette fois ci l'Option 2 ( Suppression )

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

Nouvelle tâche, tape explorer.exe et valide )
0
Réponse 35 / 61
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

en plus fait ça :

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\eyunnonbcrt.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

Tes ennuis sont venus quand tu as téléchargé C:\Program Files\BitTorrent Fastest Tool

Je te suggère aussi de supprimer Boonty Games dont la politique n'assure pas la protection des données recueillies ( à mon avis). Si tu en es d'accord, je te donnerai la manip de suppression.

0
Réponse 36 / 61
Utilisateur anonyme
 
fais le post 27
a+
0
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Salut,

déjà fait (+ lancement de la désinfection)
0
Réponse 37 / 61
mistinguette13000
 
coucou :


--------------------\\ Lop S&D 4.2.3-8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Patrick ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Not Activated)
Firewall : Sunbelt Personal Firewall 4.6.1845 T (Activated)

"C:\Lop SD" ( MAJ : 31-08-2008|15:45 )
Option : [2] ( 03/09/2008|13:57 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Program Files\BitTorrent Fastest Tool\3wPlayer-2.0.0.0-setup.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@adin.bigpoint[1].txt
Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@adin.bigpoint[2].txt
Supprime! - C:\WINDOWS\Tasks\A64BFD4090DC7378.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tick Find Close Surf
Supprime! - C:\DOCUME~1\Patrick\APPLIC~1\rulekn~1
Supprime! - C:\Program Files\rulekn~1
Supprime! - C:\Program Files\BitTorrent Fastest Tool
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[11/03/2008|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/08/2007|14:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
[31/01/2006|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[01/04/2006|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/04/2008|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[26/08/2008|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[31/01/2006|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[29/12/2007|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
[12/04/2006|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[26/09/2007|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[26/08/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[06/07/2006|19:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[02/07/2008|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/03/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[23/05/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
[02/08/2006|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[31/01/2006|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[29/12/2007|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[27/08/2008|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[04/08/2007|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[25/08/2008|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[29/09/2007|13:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!

[31/01/2006|16:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[31/01/2006|16:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[31/01/2006|16:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[31/01/2006|15:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[31/01/2006|16:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[31/01/2006|15:43] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[31/01/2006|15:43] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[29/05/2008|15:02] C:\DOCUME~1\Patrick\APPLIC~1\Adobe
[18/10/2006|03:17] C:\DOCUME~1\Patrick\APPLIC~1\AdobeUM
[01/04/2006|09:34] C:\DOCUME~1\Patrick\APPLIC~1\Apple Computer
[31/01/2006|16:34] C:\DOCUME~1\Patrick\APPLIC~1\ATI
[31/01/2006|16:35] C:\DOCUME~1\Patrick\APPLIC~1\desktop.ini
[02/04/2008|22:44] C:\DOCUME~1\Patrick\APPLIC~1\Hamachi
[01/05/2007|03:12] C:\DOCUME~1\Patrick\APPLIC~1\Help
[31/01/2006|15:43] C:\DOCUME~1\Patrick\APPLIC~1\Identities
[12/04/2006|09:14] C:\DOCUME~1\Patrick\APPLIC~1\Jasc Software Inc
[11/03/2006|01:19] C:\DOCUME~1\Patrick\APPLIC~1\Macromedia
[26/08/2008|18:24] C:\DOCUME~1\Patrick\APPLIC~1\Malwarebytes
[05/09/2007|14:55] C:\DOCUME~1\Patrick\APPLIC~1\Media Player Classic
[17/03/2008|21:10] C:\DOCUME~1\Patrick\APPLIC~1\Microsoft
[21/03/2007|22:25] C:\DOCUME~1\Patrick\APPLIC~1\Motive
[11/03/2006|01:59] C:\DOCUME~1\Patrick\APPLIC~1\Mozilla
[01/09/2007|21:52] C:\DOCUME~1\Patrick\APPLIC~1\MSNInstaller
[13/08/2008|13:40] C:\DOCUME~1\Patrick\APPLIC~1\Real
[25/08/2008|22:33] C:\DOCUME~1\Patrick\APPLIC~1\SecuROM
[21/07/2008|17:15] C:\DOCUME~1\Patrick\APPLIC~1\skypePM
[07/11/2006|01:37] C:\DOCUME~1\Patrick\APPLIC~1\Sun
[27/12/2007|00:06] C:\DOCUME~1\Patrick\APPLIC~1\teamspeak2
[28/03/2006|08:55] C:\DOCUME~1\Patrick\APPLIC~1\Template
[27/08/2008|00:23] C:\DOCUME~1\Patrick\APPLIC~1\uTorrent
[03/11/2006|16:14] C:\DOCUME~1\Patrick\APPLIC~1\vlc
[02/07/2008|16:38] C:\DOCUME~1\Patrick\APPLIC~1\wklnhst.dat

[31/01/2006|16:35] C:\DOCUME~1\YUUPMN~1\APPLIC~1\Adobe
[31/01/2006|16:34] C:\DOCUME~1\YUUPMN~1\APPLIC~1\ATI
[31/01/2006|16:35] C:\DOCUME~1\YUUPMN~1\APPLIC~1\desktop.ini
[31/01/2006|15:43] C:\DOCUME~1\YUUPMN~1\APPLIC~1\Identities
[31/01/2006|16:37] C:\DOCUME~1\YUUPMN~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[03/09/2008 13:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[02/06/2008|03:32] C:\Program Files\7-Zip
[01/07/2008|10:21] C:\Program Files\Adobe
[28/03/2006|20:07] C:\Program Files\Ahead
[20/11/2007|15:08] C:\Program Files\Alwil Software
[31/01/2006|16:32] C:\Program Files\ATI Technologies
[26/04/2008|16:27] C:\Program Files\Avira
[26/08/2006|17:01] C:\Program Files\Axis Communications
[01/09/2007|11:38] C:\Program Files\BF2G15Mod
[26/08/2008|04:01] C:\Program Files\Boonty
[26/08/2008|15:06] C:\Program Files\BoontyGames
[24/05/2006|18:52] C:\Program Files\BroadJump
[27/08/2008|01:05] C:\Program Files\CCleaner
[16/03/2007|17:05] C:\Program Files\Club-Internet
[03/04/2008|11:43] C:\Program Files\Common Files
[29/08/2008|13:38] C:\Program Files\Conduit
[14/10/2006|18:55] C:\Program Files\Custom-Strike
[25/08/2008|22:37] C:\Program Files\DAEMON Tools
[20/03/2007|06:01] C:\Program Files\EA GAMES
[09/05/2006|19:28] C:\Program Files\Elaborate Bytes
[23/09/2007|22:15] C:\Program Files\eMule
[26/04/2008|16:27] C:\Program Files\Eset
[31/08/2008|18:02] C:\Program Files\ExpertTool
[01/09/2008|01:03] C:\Program Files\Fichiers communs
[29/11/2006|16:57] C:\Program Files\Freelancer Mod Manager
[27/08/2008|04:21] C:\Program Files\GameSpy Arcade
[26/08/2007|16:42] C:\Program Files\Hamachi
[10/09/2007|13:00] C:\Program Files\Horloge
[19/07/2006|14:50] C:\Program Files\Image-Line
[31/01/2007|19:25] C:\Program Files\IncrediMail
[27/08/2008|04:20] C:\Program Files\InstallShield Installation Information
[10/03/2006|03:08] C:\Program Files\Intel
[30/08/2008|15:48] C:\Program Files\Internet Explorer
[31/01/2006|16:25] C:\Program Files\InterVideo
[12/04/2006|09:14] C:\Program Files\Jasc Software Inc
[19/07/2007|23:17] C:\Program Files\Java
[25/08/2008|22:27] C:\Program Files\JoWooD Productions
[11/03/2006|01:31] C:\Program Files\K-Lite Codec Pack
[11/03/2006|01:59] C:\Program Files\K-Meleon
[29/10/2006|05:28] C:\Program Files\Lavalys
[26/09/2007|01:40] C:\Program Files\Lavasoft
[19/03/2007|04:13] C:\Program Files\LDC++
[26/09/2007|17:00] C:\Program Files\Lexmark 5400 Series
[27/08/2008|01:13] C:\Program Files\Logitech
[26/08/2008|18:24] C:\Program Files\Malwarebytes' Anti-Malware
[29/08/2007|12:55] C:\Program Files\MaxSoftware
[29/08/2007|12:56] C:\Program Files\MaxTV
[29/08/2007|12:55] C:\Program Files\MaxTV Online
[26/04/2008|20:12] C:\Program Files\Messenger
[03/10/2006|00:29] C:\Program Files\MessengerPlus! 3
[30/08/2008|15:52] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[31/01/2006|15:41] C:\Program Files\microsoft frontpage
[26/08/2007|13:48] C:\Program Files\Microsoft Games
[15/03/2006|19:59] C:\Program Files\Microsoft IntelliType Pro
[15/03/2006|19:58] C:\Program Files\Microsoft IntelliType Pro 5.2
[31/01/2006|16:23] C:\Program Files\Microsoft Office
[31/01/2006|16:23] C:\Program Files\Microsoft Visual Studio
[31/01/2006|16:21] C:\Program Files\Microsoft Works
[31/01/2006|16:23] C:\Program Files\Microsoft.NET
[21/03/2007|21:49] C:\Program Files\Motive
[31/01/2006|15:39] C:\Program Files\Movie Maker
[26/04/2008|20:09] C:\Program Files\MSN
[31/01/2006|15:38] C:\Program Files\MSN Gaming Zone
[25/08/2008|17:35] C:\Program Files\MSN Messenger
[31/10/2007|03:53] C:\Program Files\MSN Toolbar
[30/08/2008|15:47] C:\Program Files\MSXML 4.0
[31/08/2008|19:00] C:\Program Files\Navilog1
[03/11/2006|14:46] C:\Program Files\NeoTrace Express
[31/01/2006|15:40] C:\Program Files\NetMeeting
[07/01/2008|22:08] C:\Program Files\Neuf
[26/04/2008|16:27] C:\Program Files\nod32
[16/03/2007|16:36] C:\Program Files\No-IP
[31/01/2006|16:07] C:\Program Files\Outlook Express
[11/08/2008|21:22] C:\Program Files\PartyGaming
[16/08/2008|21:00] C:\Program Files\PokerStars
[01/06/2006|16:49] C:\Program Files\QuickTime
[08/03/2006|22:03] C:\Program Files\Raccourcis de programmes
[19/03/2006|20:01] C:\Program Files\Real
[01/09/2007|11:39] C:\Program Files\Schmads Inc
[31/01/2006|15:40] C:\Program Files\Services en ligne
[11/08/2008|21:22] C:\Program Files\SplitCam
[25/08/2008|19:28] C:\Program Files\Spybot - Search & Destroy
[26/08/2008|23:36] C:\Program Files\Sunbelt Software
[05/08/2006|01:01] C:\Program Files\Teamspeak2_RC2
[01/09/2007|11:40] C:\Program Files\The Sir. Community
[29/08/2008|13:38] C:\Program Files\torrent_search
[20/11/2007|23:33] C:\Program Files\Trend Micro
[04/08/2007|21:41] C:\Program Files\Uninstall Information
[22/04/2007|05:13] C:\Program Files\Unlocker
[19/03/2007|04:19] C:\Program Files\uTorrent
[16/04/2007|13:00] C:\Program Files\Valve Hammer Editor
[18/03/2008|20:06] C:\Program Files\VideoLAN
[21/07/2006|17:12] C:\Program Files\vp4eDemo
[11/03/2006|01:33] C:\Program Files\Winamp
[26/04/2008|20:34] C:\Program Files\Windows Live
[30/08/2008|15:47] C:\Program Files\Windows Media Player
[30/08/2008|23:11] C:\Program Files\Windows NT
[11/03/2006|01:48] C:\Program Files\WinRAR
[31/07/2008|12:05] C:\Program Files\WowCartographe
[31/01/2006|15:41] C:\Program Files\xerox
[29/09/2007|14:29] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[11/03/2008|12:23] C:\Program Files\Fichiers communs\Adobe
[28/03/2006|20:07] C:\Program Files\Fichiers communs\Ahead
[19/04/2007|15:15] C:\Program Files\Fichiers communs\Blizzard Entertainment
[26/08/2008|04:03] C:\Program Files\Fichiers communs\BOONTY Shared
[31/01/2006|16:23] C:\Program Files\Fichiers communs\DESIGNER
[15/07/2006|22:39] C:\Program Files\Fichiers communs\FotoWire
[02/12/2006|01:07] C:\Program Files\Fichiers communs\InstallShield
[12/04/2006|09:15] C:\Program Files\Fichiers communs\Jasc Software Inc
[07/11/2006|01:36] C:\Program Files\Fichiers communs\Java
[27/08/2008|01:17] C:\Program Files\Fichiers communs\Logitech
[30/08/2008|15:49] C:\Program Files\Fichiers communs\Microsoft Shared
[16/03/2007|16:40] C:\Program Files\Fichiers communs\Motive
[31/01/2006|15:40] C:\Program Files\Fichiers communs\MSSoap
[28/03/2006|20:09] C:\Program Files\Fichiers communs\Nero
[16/08/2008|13:51] C:\Program Files\Fichiers communs\Real
[31/01/2006|15:40] C:\Program Files\Fichiers communs\Services
[31/01/2006|16:35] C:\Program Files\Fichiers communs\SpeechEngines
[31/01/2006|16:23] C:\Program Files\Fichiers communs\System
[26/04/2008|20:27] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[26/09/2007|01:39] C:\Program Files\Fichiers communs\Wise Installation Wizard
[16/08/2008|13:51] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 36 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Patrick\Cookies\patrick@ssl.bigpoint[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 14:01:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Patrick\Bureau\Programmes\D‚compresseur\WinRAR 3.0 With Crack.exe
C:\DOCUME~1\Patrick\Bureau\Programmes\Vid‚os\Ulead_Gif_Animator_5.0_Supergege\Crack.exe


[F:21][D:1]-> C:\DOCUME~1\Patrick\LOCALS~1\Temp
[F:109][D:0]-> C:\DOCUME~1\Patrick\Cookies
[F:2746][D:12]-> C:\DOCUME~1\Patrick\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 01/09/2008|22:24 - Option : [1]
1 - 03/09/2008|14:04 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 03/09/2008|14:04 - Option : [2]

--------------------\\ Fin du rapport a 14:04:05
0
Réponse 38 / 61
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

supprime tes cracks, crois moi.

le rapport VirusTotal ?
0
Réponse 39 / 61
mistinguette13000
 
Concernant : Tes ennuis sont venus quand tu as téléchargé C:\Program Files\BitTorrent Fastest Tool
Ce truc je sais mm pas ce que cela peut etre je ne l'ai pas telecharger volontairement ca devait etre avec un autre truc.
0
Réponse 40 / 61
mistinguette13000
 
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.3.0 2008.09.03 -
AntiVir 7.8.1.23 2008.09.03 -
Authentium 5.1.0.4 2008.09.03 -
Avast 4.8.1195.0 2008.09.03 -
AVG 8.0.0.161 2008.09.03 -
BitDefender 7.2 2008.09.03 -
CAT-QuickHeal 9.50 2008.09.02 -
ClamAV 0.93.1 2008.09.03 -
DrWeb 4.44.0.09170 2008.09.03 -
eSafe 7.0.17.0 2008.09.02 -
eTrust-Vet 31.6.6066 2008.09.03 -
Ewido 4.0 2008.09.03 -
F-Prot 4.4.4.56 2008.09.03 -
F-Secure 8.0.14332.0 2008.09.03 -
Fortinet 3.14.0.0 2008.09.03 -
GData 19 2008.09.03 -
Ikarus T3.1.1.34.0 2008.09.03 -
K7AntiVirus 7.10.439 2008.09.03 -
Kaspersky 7.0.0.125 2008.09.03 -
McAfee 5375 2008.09.02 -
Microsoft 1.3903 2008.09.03 -
NOD32v2 3411 2008.09.03 -
Norman 5.80.02 2008.09.03 -
Panda 9.0.0.4 2008.09.02 -
PCTools 4.4.2.0 2008.09.03 -
Prevx1 V2 2008.09.03 Cloaked Malware
Rising 20.60.21.00 2008.09.03 -
Sophos 4.33.0 2008.09.03 -
Sunbelt 3.1.1582.1 2008.09.02 -
Symantec 10 2008.09.03 -
TheHacker 6.3.0.8.070 2008.09.02 -
TrendMicro 8.700.0.1004 2008.09.03 -
VBA32 3.12.8.4 2008.09.03 -
ViRobot 2008.9.2.1361 2008.09.03 -
VirusBuster 4.5.11.0 2008.09.03 -
Webwasher-Gateway 6.6.2 2008.09.03 -
Information additionnelle
File size: 64859 bytes
MD5...: 6580ee03530f2d9041b7bd0952e301dd
SHA1..: 5010b2561a9e38e19e5f95f855397e3f77363853
SHA256: 0441d482180daa775e25e1f6d7f357e567d44c6132482acc9bb6ebf078b30b07
SHA512: b2a4cf445a13537ff0fa822079429626259f616c4eee9f6973b204ed66f01f00
d56029737c107d298ebff9db3eea2092b215cc3d41498cce944dbb09f4899682
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403225
timedatestamp.....: 0x481c71ea (Sat May 03 14:08:42 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5934 0x5a00 6.46 663546ac41801daf2dc51f560ec05a56
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x1af98 0x400 4.70 f0511f18783910813a0de0de02bc1206
.ndata 0x24000 0xc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x30000 0x908 0xa00 3.84 015681cb056ddb9db817315c7407bfda

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=135503975BC62AA4FD560046E6D56D00EDA29F88
0

Discussions similaires

Encore les CiD
doudoudim -
doudoudim -

18 réponses
appel intrusif sur Skype
FAMATHELY -
Utilisateur anonyme -

3 réponses
CiD
Bahia -
espion3004 -

1 réponse
comment donner les droits sur fichier partage
ch'ti du 57 -
fil1958 -

2 réponses
Problème CiD
Djemalounet -
Djemalounet -

104 réponses