Sujet Précédent Sujet Suivant

Shbdchk13 persistant

Fermé
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009 - 25 nov. 2008 à 18:24
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 6 déc. 2008 à 19:12
Bonjour,

depuis un certain temps, j'ai antivir qui me dit plusieur fois par jours que j'ai des virus dont voici le nom de celui de la derniere alerte: shbdchk13 .

Je n'arrive pas à les supprimer, que ce soit avec antivir, spybot, ad aware etc...
Alors un petit coup de main de votre part serait vraiment sympa.
Merci d'avance

48 réponses

Réponse 1 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
25 nov. 2008 à 19:40
Salut,

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
2
Réponse 2 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
26 nov. 2008 à 10:42
Bonjour,

une relecture de mon analyse de ton rapport Combofix (merci Nicolas Coolman) m'amène à te demander de faire des choses en plus (et de faire attention dans l'utilisation du PC car il est très probable que ton infection évolue ou que de nouvelles apparaissent).
==================

Fais redémarrer l'ordi et remets un rapport RSIT.

==================
Fais un contrôle sur VirusTotal de ces 3 fichiers :


c:\users\nicolas\AppData\Roaming\msts­c.exe
c:\windows\System32\drivers\mqtgsvc.e­xe
c:\windows\System32\drivers\logman.ex­e

et poste les rapports dans ta réponse.
1
Réponse 3 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
25 nov. 2008 à 19:09
personne ?
0
Réponse 4 / 48
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
25 nov. 2008 à 20:14
Bonsoir

pour suivre ;))
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
25 nov. 2008 à 22:03
bonsoir marie,

merci de ton attention, voici les rapports

Logfile of random's system information tool 1.04 (written by random/random)
Run by nicolas at 2008-11-25 21:59:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 30 GB (13%) free of 231 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:52, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Users\nicolas\LOCALS~1\APPLIC~1\ieudinit.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\nicolas\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\nicolas.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOS Connexion - Le web en toute simplicité
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\nicolas\LOCALS~1\APPLIC~1\ieudinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {E51B6382-1B9A-4627-BE54-0046B1D268DD} - (no file)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A91359C-8B83-42AA-BEC7-1DE18CE82297}: NameServer = 192.168.1.1
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 6 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
25 nov. 2008 à 22:04
et le second

info.txt logfile of random's system information tool 1.04 2008-11-25 21:56:12

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x040c -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x040c -removeonly
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Architecte 3D Platinium-->C:\PROGRA~1\ARCHIT~1\UNWISE.EXE C:\PROGRA~1\ARCHIT~1\INSTALL.LOG
Architecture 3D - 2.0 (version gratuite)-->"C:\Program Files\LiveCAD\Architecture 3D - 2.0 (version gratuite)\unins000.exe"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
a-squared Anti-Malware 3.5-->"C:\Program Files\a-squared Anti-Malware\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Blazing Angels 2 : Secret Missions of WWII-->C:\Program Files\InstallShield Installation Information\{D8768524-DE8D-40D3-904B-B1FCC31CF9F9}\Setup.exe -runfromtemp -l0x040c -removeonly
bwin Poker (remove only)-->"C:\Program Files\bwin\uninstall.exe"
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
DivX 3.11a-->C:\Program Files\DivX3.11a\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EVEREST Ultimate Edition v4.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Free Video Converter V 1.1-->"C:\Program Files\Free Video Converter\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holdem Manager-->MsiExec.exe /I{89B38025-05A0-4958-92C3-70882AE8553A}
iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mpeg Layer3 Codec FHG-Radium v1.263-->C:\Windows\UNWISE.EXE C:\audio\L3CODE~1\INSTALL.LOG
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Nero 7 Essentials-->MsiExec.exe /I{D34D82E0-4600-407B-9478-8506C1DD1036}
OCCT Perestroika 1.0.1-->"C:\Program Files\OCCT\unins000.exe"
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
OpenOffice.org 2.3-->MsiExec.exe /I{FADB55D0-403F-4413-A268-CF0A6F1185C2}
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Pokerbility 1.10.25-->"C:\Program Files\Pokerbility\unins000.exe"
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Pure-->C:\Program Files\InstallShield Installation Information\{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}\setup.exe -runfromtemp -l0x0c0c Pure -removeonly
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Revolution Script CZ-->C:\Windows\Revolution Script CZ Uninstaller.exe
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c uninstall -removeonly
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 3-->C:\Program Files\TeamSpeak 3\uninstall.exe
TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
TrackMania Nations ESWC 1.8.0-->"C:\Program Files\TrackMania Nations ESWC\unins000.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
VD Codec Pack 1.8-->C:\Program Files\VDCodecPack1.8\uninst.exe
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM-->MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 MFC (x86) WinSXS MSM-->MsiExec.exe /I{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM-->MsiExec.exe /I{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}
Winamax Poker (remove only)-->"C:\Program Files\WinamaxPoker\uninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.1 beta4-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
Wow Cartographe 1.09-->C:\Program Files\WowCartographe\uninst.exe
x264 Revision 366 x264.nl (remove only)-->"C:\Program Files\x264\x264-uninstall.exe"
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

=====HijackThis Backups=====

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

======Security center information======

AV: Avira AntiVir PersonalEdition
AS: AVG Anti-Spyware (disabled) (outdated)
AS: Windows Defender (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
0
Réponse 7 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
25 nov. 2008 à 22:58
Re,

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\Users\nicolas\LOCALS~1\APPLIC~1\ieudinit.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

==================

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


supprime (si il existe Combofix.exe sur ton Bureau ainsi que le répertoire Qoobox à la racine du disque, en général C:\Qoobox).

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions



à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 8 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
25 nov. 2008 à 23:46
salut lyonnais,

voici le rapport. pour la désinfection je la ferai demain.

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.25 -
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.25 -
AVG 8.0.0.199 2008.11.25 -
BitDefender 7.2 2008.11.25 -
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.25 -
DrWeb 4.44.0.09170 2008.11.25 -
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6227 2008.11.25 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.25 -
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.25 -
Ikarus T3.1.1.45.0 2008.11.25 -
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.25 Heur.Trojan.Generic
McAfee 5445 2008.11.25 -
McAfee+Artemis 5445 2008.11.25 -
Microsoft 1.4104 2008.11.25 -
NOD32 3640 2008.11.25 -
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.25 Suspicious file
PCTools 4.4.2.0 2008.11.25 -
Prevx1 V2 2008.11.25 -
Rising 21.05.12.00 2008.11.25 -
SecureWeb-Gateway 6.7.6 2008.11.25 -
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1823.2 2008.11.22 BehavesLike.Win32.Malware (v)
Symantec 10 2008.11.25 -
TheHacker 6.3.1.1.163 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 3.12.8.9 2008.11.25 -
ViRobot 2008.11.25.1485 2008.11.25 -
VirusBuster 4.5.11.0 2008.11.25 -
Information additionnelle
File size: 81920 bytes
MD5...: a66e1b04691a5b894d6d48206b5269af
SHA1..: 5f86097823d4f4d4f5eb6ebe34ee3973081be3c2
SHA256: 0cdb641fe46739b18a72acd3a8385dfc68c94c25fc3cc24b917a1f0a936e1427
SHA512: b3f23bcca035f459008aad9dcc845499ddb4d1f3e187a4848998c3a68fe24eac
93eb765b8338d032dde6ff46817b821a51b122db27e03b612926d503056ce49c
ssdeep: 1536:5OjsuBJ640kra0AAymEY6P4RqFGGTZB7zA6Feoat:ZuBJ6B0qm24Ux/0oat
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40acc6
timedatestamp.....: 0x4920ac5d (Sun Nov 16 23:27:25 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf55f 0x10000 6.22 8c1c59199ad9b53b32c7dd43b6f78620
.rdata 0x11000 0x1fe2 0x2000 5.49 2ac5bb73b8e691b589df3070c2c61367
.data 0x13000 0x3798 0x1000 1.47 6c71fa172fe3d98dcc83fdd01e106407

( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetSystemDirectoryA, OpenProcess, GetProcessPriorityBoost, GetFileType, GetStartupInfoA, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc

( 0 exports )
0
Réponse 9 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
26 nov. 2008 à 03:44
bonjour,

voici le rapport de combofix. Je te remercie de m'aider lyonnais ;)

ComboFix 08-11-26.01 - nicolas 2008-11-26 3:27:28.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1353 [GMT 1:00]
Lancé depuis: c:\users\nicolas\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\émilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpE9C3.tmp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\k4
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\rMa18yy
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-26 au 2008-11-26 ))))))))))))))))))))))))))))))))))))
.

2008-11-26 03:30 . 2008-11-17 00:34 81,920 --a------ c:\users\nicolas\AppData\Roaming\mstsc.exe
2008-11-26 03:20 . 2008-11-17 00:34 81,920 --a------ c:\windows\System32\drivers\mqtgsvc.exe
2008-11-26 03:20 . 2008-11-17 00:34 81,920 --a------ c:\windows\System32\drivers\logman.exe
2008-11-25 21:55 . 2008-11-25 21:56 <REP> d-------- C:\rsit
2008-11-24 23:35 . 2008-11-24 23:42 <REP> d-------- c:\program files\WowCartographe
2008-11-24 14:02 . 2008-11-24 19:42 <REP> d-------- c:\users\nicolas\WoW-2.3.0.7561-frFR
2008-11-18 14:06 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 14:06 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 14:06 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-18 14:06 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 14:06 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-18 14:06 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 14:06 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 14:06 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-18 14:06 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 22:16 . 2008-11-16 22:16 404,250 --a------ c:\windows\Revolution Script CZ Uninstaller.exe
2008-11-16 15:32 . 2008-11-26 03:32 <REP> d-------- c:\program files\Steam
2008-11-16 13:59 . 2008-11-23 15:05 <REP> d-------- c:\program files\Common Files\Steam
2008-11-15 13:50 . 2002-08-18 19:43 794,624 --a------ c:\windows\System32\spr32d35.dll
2008-11-15 04:24 . 2008-11-15 04:25 <REP> d-------- c:\users\nicolas\AppData\Roaming\LiveCAD2
2008-11-15 04:23 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll
2008-11-15 04:22 . 2008-11-15 04:22 <REP> d-------- c:\program files\LiveCAD
2008-11-14 01:44 . 2008-11-14 01:44 <REP> d-------- c:\program files\RVG Software
2008-11-12 13:37 . 2008-11-12 13:37 <REP> dr-h----- C:\AHCache
2008-11-12 05:01 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 05:01 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 05:01 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 01:19 . 2008-11-12 01:19 <REP> d-------- c:\program files\LimeWire
2008-11-11 02:13 . 2008-11-17 01:08 <REP> d-------- c:\users\All Users\rkfree
2008-11-11 02:13 . 2008-11-17 01:08 <REP> d-------- c:\programdata\rkfree
2008-10-31 23:30 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-31 23:30 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-31 23:30 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-31 23:30 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-31 23:30 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 14:23 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 14:23 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 14:23 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 02:15 . 2008-10-27 02:15 <REP> d-------- c:\program files\Pokerbility

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 02:27 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
2008-11-26 02:27 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
2008-11-23 02:48 --------- d-----w c:\users\nicolas\AppData\Roaming\OpenOffice.org2
2008-11-21 00:21 --------- d-----w c:\program files\bwin
2008-11-19 22:20 --------- d-----w c:\users\nicolas\AppData\Roaming\teamspeak2
2008-11-17 16:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-17 16:46 --------- d-----w c:\program files\Lavasoft
2008-11-17 16:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-16 23:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-16 14:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 14:13 --------- d-----w c:\programdata\Codemasters
2008-11-14 18:38 --------- d-----w c:\program files\WinamaxPoker
2008-11-14 01:22 --------- d-----w c:\programdata\NVIDIA
2008-11-12 00:25 --------- d-----w c:\users\nicolas\AppData\Roaming\LimeWire
2008-10-27 20:53 --------- d-----w c:\program files\Activision
2008-10-25 14:39 --------- d-----w c:\users\nicolas\AppData\Roaming\Mumble
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-22 11:33 --------- d-----w c:\program files\OpenAL
2008-10-20 12:11 --------- d-----w c:\users\nicolas\AppData\Roaming\Paltalk
2008-10-20 12:11 --------- d-----w c:\program files\Paltalk Messenger
2008-10-19 16:08 --------- d-----w c:\program files\PokerStars.NET
2008-10-18 13:04 --------- d-----w c:\programdata\Media Center Programs
2008-10-18 11:43 --------- d-----w c:\program files\GameSpy
2008-10-18 11:39 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-18 11:39 22,328 ----a-w c:\users\nicolas\AppData\Roaming\PnkBstrK.sys
2008-10-18 11:26 --------- d-----w c:\program files\Electronic Arts
2008-10-17 23:12 --------- d-s---w c:\users\émilie\AppData\Roaming\Microsoft
2008-10-17 23:11 --------- d-----w c:\programdata\Avg7
2008-10-17 23:10 --------- d-----w c:\programdata\Grisoft
2008-10-17 19:36 --------- d-----w c:\users\nicolas\AppData\Roaming\AVG7
2008-10-17 18:59 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-10-15 22:14 --------- d-----w c:\program files\Windows Mail
2008-10-15 09:19 --------- d-----w c:\program files\PokerRewardsCalculator
2008-10-15 09:18 --------- d-----w c:\program files\Image-Line
2008-10-14 17:56 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-14 17:53 --------- d--h--r c:\users\nicolas\AppData\Roaming\SecuROM
2008-10-14 17:50 --------- d-----w c:\programdata\Electronic Arts
2008-10-10 11:14 --------- d-----w c:\programdata\ma-config.com
2008-10-10 11:14 --------- d-----w c:\program files\ma-config.com
2008-10-08 14:43 --------- d-----w c:\program files\eMule
2008-10-07 12:21 --------- d-----w c:\users\nicolas\AppData\Roaming\Disney Interactive Studios
2008-10-07 12:05 --------- d-----w c:\program files\Disney Interactive Studios
2008-10-07 12:02 --------- d-----w c:\program files\DAEMON Tools Lite
2008-10-06 22:15 --------- d-----w c:\program files\Mumble
2008-09-30 12:06 --------- d-----w c:\program files\Sony
2008-09-30 11:37 --------- d-----w c:\users\nicolas\AppData\Roaming\dvdcss
2008-09-28 13:00 --------- d-----w c:\users\nicolas\AppData\Roaming\Sony Corporation
2008-09-28 12:53 --------- d-----w c:\programdata\Sony Corporation
2008-08-31 12:07 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-08-31 12:07 56 ---ha-w c:\programdata\ezsidmv.dat
2008-08-27 22:14 174 --sha-w c:\program files\desktop.ini
2007-12-31 19:36 147,456 ----a-w c:\users\nicolas\vbzip10.dll
2007-12-07 14:37 44 ----a-w c:\users\nicolas\addresses.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Steam"="c:\program files\steam\steam.exe" [2008-11-16 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2008-01-19 227840]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MqtgSVC"="c:\windows\System32\drivers\mqtgsvc.exe" [2008-11-17 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\windows\System32\drivers\logman.exe" [2008-11-17 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\users\nicolas\AppData\Local\Temp\comrepl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.X264"= x264vfw.dll
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 10:13 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-12-01 13:37 4186112 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{ED529C9F-5CB9-4A9B-890F-FAD69EB8621B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{46B144C2-E876-4240-BABC-37FCA70E5C54}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{5C9ECA7F-D381-4D76-8B45-25125C377193}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{7158C179-D22E-4611-9A81-B7B25ED269A4}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{F3B7E70C-8638-4F77-B70F-6DFD13CF7E8D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C59C477A-463F-4C27-8548-4B4B88CE2235}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DC12E3EB-123D-4300-AD80-81A1310A2B12}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{EBD28C76-4C6A-44A6-9597-36290089BD76}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{98BBC409-24E5-456A-91CC-15F2AB0EDDA8}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{AF392EBB-2109-4B07-A7EB-3FF1DC3587FB}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{75D5B769-E9B7-4ECD-A968-64F69140FEBD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{4072DE3E-2979-4014-99DB-9BCBA6691A2F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E79107BB-D6D6-4B6D-8CA8-F951207431A1}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{9C8C1F2B-13AA-497A-B1A4-E70DFED2005A}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{4BFF0396-112C-4D87-962A-8441D316B35D}c:\\program files\\msn messenger\\livecall.exe"= UDP:c:\program files\msn messenger\livecall.exe:Windows Live Call
"UDP Query User{203365B6-2ECE-4AB3-8699-DB4D9149D7CF}c:\\program files\\msn messenger\\livecall.exe"= TCP:c:\program files\msn messenger\livecall.exe:Windows Live Call
"TCP Query User{CAB73677-1C09-4081-AD01-5300DB868A15}c:\\windows\\windl\\mirc.exe"= UDP:c:\windows\windl\mirc.exe:mIRC
"UDP Query User{CC70295B-BB83-48E0-A17F-33D79BAA85BA}c:\\windows\\windl\\mirc.exe"= TCP:c:\windows\windl\mirc.exe:mIRC
"TCP Query User{770B9900-1F8B-4214-BEED-FB29EA5111D5}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= UDP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{67EDDB4C-49C0-44B2-8E16-8B31F4B2E44E}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= TCP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{734020D3-36B2-462A-A38B-1A3F59C68578}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{81075885-3713-42C7-9021-D3EB634014E6}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{5DC4668A-157D-404D-99CE-C146A4541247}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{54990A40-A2E4-4CC3-8B06-7043FAE0079B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C60606B6-D970-4157-9D6A-88E78386B774}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{2BF6CF69-373C-416C-B667-AE4195AF2BC7}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D8F15AAC-ACEC-4E4D-84D1-FF1CF7F6D7E3}c:\\program files\\disney interactive studios\\pure\\pure.exe"= UDP:c:\program files\disney interactive studios\pure\pure.exe:Pure
"UDP Query User{3023AD3C-05BF-49E0-81D0-1BDF48814CEE}c:\\program files\\disney interactive studios\\pure\\pure.exe"= TCP:c:\program files\disney interactive studios\pure\pure.exe:Pure
"{7B30449A-A6C0-49F0-8254-1FE93DD9C91A}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"{104FA4C2-D549-4E2F-BE38-C22972FA9765}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"TCP Query User{51E0DAB1-CB45-4A8C-9D16-06A5CC1B2276}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{E0F1FBA4-1DE9-406E-8307-576CFC0FB45D}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{FDBB74F5-E568-4D53-84F6-F452328C1D54}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{FB09D548-52A1-4BE5-922C-D19248E8A128}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{813A3210-4E32-41F2-B867-454ED9E70AA9}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{9B9DE649-3A04-4CB1-B3A1-3D5951D4E70C}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{5F3654C7-4019-4EA7-90A5-65BBCEDF0D49}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{95743B52-55D0-4A8D-9D79-A477FF3103A3}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{D9BFE5F3-F090-42C0-BCC8-267C8FA6DCD1}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{3E906ACB-5E48-4138-B695-77AED847D04D}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{EDB04522-575C-4F0B-B2DB-7C4F78E1C150}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= UDP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{B2D7216D-279B-4A90-992B-1B10FB288326}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= TCP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2007-06-18 4484]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2008-07-26 21504]
S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\system32\DRIVERS\CE6230StandaloneDriver.sys [2008-03-26 44800]
S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\system32\DRIVERS\CE6230BDA.sys [2008-03-26 19328]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-11-05 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2007-11-05 27072]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-11-16 104944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd6a743-93e8-11dd-93af-001a9219cb78}]
\shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6662202f-79a8-11dd-9321-001a9219cb78}]
\shell\AutoRun\command - D:\Launcher.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-21 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:18]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{E51B6382-1B9A-4627-BE54-0046B1D268DD} - (no file)
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
HKLM-Explorer_Run-Spool - c:\users\nicolas\LOCALS~1\APPLIC~1\spoolsv.exe
MSConfigStartUp-Host Process - c:\users\nicolas\svchost.exe
MSConfigStartUp-NetAnalyse - c:\program files\NetAnalyse\NetAnalyse.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-SystrayORAHSS - c:\program files\OrangeHSS\Systray\SystrayApp.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\3tprtbr3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 03:32:19
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\a-squared Anti-Malware\a2service.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\users\nicolas\AppData\Local\spoolsv.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Heure de fin: 2008-11-26 3:37:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-26 02:37:05

Avant-CF: 28 176 322 560 octets libres
Après-CF: 28,162,162,688 octets libres

294 --- E O F --- 2008-11-25 08:18:26
0
Réponse 10 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
26 nov. 2008 à 08:00
Bonjour,

un fichier à contrôler:

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : c:\users\nicolas\AppData\Local\Temp\comrepl.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

=======================

vérifie aussi celui-ci :

c:\windows\System32\spr32d35.dll
0
Réponse 11 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
26 nov. 2008 à 13:18
voici l'analyse des fichiers que tu m'as cité fait par VirusTotal :

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.24.3 2008.11.26 -
AntiVir 7.9.0.35 2008.11.26 -
Authentium 5.1.0.4 2008.11.26 -
Avast 4.8.1281.0 2008.11.25 -
AVG 8.0.0.199 2008.11.25 -
BitDefender 7.2 2008.11.26 -
CAT-QuickHeal 10.00 2008.11.26 -
ClamAV 0.94.1 2008.11.26 -
DrWeb 4.44.0.09170 2008.11.26 -
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6228 2008.11.26 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.26 -
Fortinet 3.117.0.0 2008.11.26 -
GData 19 2008.11.26 -
Ikarus T3.1.1.45.0 2008.11.26 -
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.26 Heur.Trojan.Generic
McAfee 5445 2008.11.25 -
McAfee+Artemis 5445 2008.11.25 Generic!Artemis
Microsoft 1.4104 2008.11.26 -
NOD32 3642 2008.11.26 -
Norman 5.80.02 2008.11.26 -
Panda 9.0.0.4 2008.11.25 Suspicious file
PCTools 4.4.2.0 2008.11.25 -
Prevx1 V2 2008.11.26 -
Rising 21.05.22.00 2008.11.26 -
SecureWeb-Gateway 6.7.6 2008.11.26 -
Sophos 4.35.0 2008.11.26 -
Sunbelt 3.1.1830.2 2008.11.26 BehavesLike.Win32.Malware (v)
Symantec 10 2008.11.26 -
TheHacker 6.3.1.1.163 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.26 -
VBA32 3.12.8.9 2008.11.26 -
ViRobot 2008.11.26.1487 2008.11.26 -
VirusBuster 4.5.11.0 2008.11.25 -


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.24.3 2008.11.26 -
AntiVir 7.9.0.35 2008.11.26 -
Authentium 5.1.0.4 2008.11.26 -
Avast 4.8.1281.0 2008.11.25 -
AVG 8.0.0.199 2008.11.26 -
BitDefender 7.2 2008.11.26 -
CAT-QuickHeal 10.00 2008.11.26 -
ClamAV 0.94.1 2008.11.26 -
DrWeb 4.44.0.09170 2008.11.26 -
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6228 2008.11.26 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.26 -
Fortinet 3.117.0.0 2008.11.26 -
GData 19 2008.11.26 -
Ikarus T3.1.1.45.0 2008.11.26 -
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.26 Heur.Trojan.Generic
McAfee 5445 2008.11.25 -
McAfee+Artemis 5445 2008.11.25 Generic!Artemis
Microsoft 1.4104 2008.11.26 -
NOD32 3642 2008.11.26 -
Norman 5.80.02 2008.11.26 -
Panda 9.0.0.4 2008.11.25 Suspicious file
PCTools 4.4.2.0 2008.11.26 -
Prevx1 V2 2008.11.26 -
Rising 21.05.22.00 2008.11.26 -
SecureWeb-Gateway 6.7.6 2008.11.26 -
Sophos 4.35.0 2008.11.26 -
Sunbelt 3.1.1830.2 2008.11.26 BehavesLike.Win32.Malware (v)
Symantec 10 2008.11.26 -
TheHacker 6.3.1.1.163 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.26 -
VBA32 3.12.8.9 2008.11.26 -
ViRobot 2008.11.26.1487 2008.11.26 -
VirusBuster 4.5.11.0 2008.11.25 -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.24.3 2008.11.26 -
AntiVir 7.9.0.35 2008.11.26 -
Authentium 5.1.0.4 2008.11.26 -
Avast 4.8.1281.0 2008.11.25 -
AVG 8.0.0.199 2008.11.26 -
BitDefender 7.2 2008.11.26 -
CAT-QuickHeal 10.00 2008.11.26 -
ClamAV 0.94.1 2008.11.26 -
DrWeb 4.44.0.09170 2008.11.26 -
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6228 2008.11.26 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.26 -
Fortinet 3.117.0.0 2008.11.26 -
GData 19 2008.11.26 -
Ikarus T3.1.1.45.0 2008.11.26 -
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.26 Heur.Trojan.Generic
McAfee 5445 2008.11.25 -
McAfee+Artemis 5445 2008.11.25 Generic!Artemis
Microsoft 1.4104 2008.11.26 -
NOD32 3642 2008.11.26 -
Norman 5.80.02 2008.11.26 -
Panda 9.0.0.4 2008.11.25 Suspicious file
PCTools 4.4.2.0 2008.11.26 -
Prevx1 V2 2008.11.26 -
Rising 21.05.22.00 2008.11.26 -
SecureWeb-Gateway 6.7.6 2008.11.26 -
Sophos 4.35.0 2008.11.26 -
Sunbelt 3.1.1830.2 2008.11.26 BehavesLike.Win32.Malware (v)
Symantec 10 2008.11.26 -
TheHacker 6.3.1.1.163 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.26 -
VBA32 3.12.8.9 2008.11.26 -
ViRobot 2008.11.26.1487 2008.11.26 -
VirusBuster 4.5.11.0 2008.11.25 -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.24.3 2008.11.26 -
AntiVir 7.9.0.35 2008.11.26 -
Authentium 5.1.0.4 2008.11.26 -
Avast 4.8.1281.0 2008.11.25 -
AVG 8.0.0.199 2008.11.26 -
BitDefender 7.2 2008.11.26 -
CAT-QuickHeal 10.00 2008.11.26 -
ClamAV 0.94.1 2008.11.26 -
DrWeb 4.44.0.09170 2008.11.26 -
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6228 2008.11.26 -
Ewido 4.0 2008.11.26 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.26 -
Fortinet 3.117.0.0 2008.11.26 -
GData 19 2008.11.26 -
Ikarus T3.1.1.45.0 2008.11.26 -
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.26 Heur.Trojan.Generic
McAfee 5445 2008.11.25 -
McAfee+Artemis 5445 2008.11.25 Generic!Artemis
Microsoft 1.4104 2008.11.26 -
NOD32 3642 2008.11.26 -
Norman 5.80.02 2008.11.26 -
Panda 9.0.0.4 2008.11.25 Suspicious file
PCTools 4.4.2.0 2008.11.26 -
Prevx1 V2 2008.11.26 -
Rising 21.05.22.00 2008.11.26 -
SecureWeb-Gateway 6.7.6 2008.11.26 -
Sophos 4.35.0 2008.11.26 -
Sunbelt 3.1.1830.2 2008.11.26 BehavesLike.Win32.Malware (v)
Symantec 10 2008.11.26 -
TheHacker 6.3.1.1.163 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.26 -
VBA32 3.12.8.9 2008.11.26 -
ViRobot 2008.11.26.1487 2008.11.26 -
VirusBuster 4.5.11.0 2008.11.25 -
0
Réponse 12 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
26 nov. 2008 à 13:25
et voici les log de RSIT :

Logfile of random's system information tool 1.04 (written by random/random)
Run by nicolas at 2008-11-26 13:22:23
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 25 GB (11%) free of 231 GB
Total RAM: 2046 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:46, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\drivers\mqtgsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Users\nicolas\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\nicolas.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\nicolas\AppData\Local\Temp\comrepl.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\System32\drivers\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\Windows\System32\drivers\logman.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Logman] C:\Windows\System32\drivers\logman.exe /waitservice (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A91359C-8B83-42AA-BEC7-1DE18CE82297}: NameServer = 192.168.1.1
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 13 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
26 nov. 2008 à 18:26
Bonsoir,

Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

F3 - REG:win.ini: load=C:\Users\nicolas\AppData\Local\Temp\comrepl.exe

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

======================================

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver::
aw7chg4x
jfdcd


File::
c:\users\nicolas\AppData\Local\Temp\comrepl.exe
c:\windows\System32\spr32d35.dll
c:\users\nicolas\AppData\Roaming\msts­c.exe
c:\windows\System32\drivers\mqtgsvc.exe
c:\windows\System32\drivers\logman.exe

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"MqtgSVC"=-
[HKUS\S-1-5-18\..\Policies\Explorer\Run]
"Logman"=-
[HKUS\.DEFAULT\..\Policies\Explorer\Run]
"Logman"=-

Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 14 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
27 nov. 2008 à 10:55
bonjour lyonnais,

désolé du retard, je n'étais pas très dispo ces 2 derniers jours. J'ai fait toutes les manips que tu m'as demandé mais je ne trouve pas le rapport de combofix, il n'est pas dans C:/combofix.txt. Voici celui de HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:52, on 27/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\drivers\mqtgsvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\nicolas\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\nicolas.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\nicolas\AppData\Local\Temp\comrepl.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\System32\drivers\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\Windows\System32\drivers\logman.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Logman] C:\Windows\System32\drivers\logman.exe /waitservice (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A91359C-8B83-42AA-BEC7-1DE18CE82297}: NameServer = 192.168.1.1
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 15 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
27 nov. 2008 à 12:15
Bonjour,

que s'est-il passé quand tu as fait le glisser-déposer de CfScript sur Combofix ?
0
Réponse 16 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
27 nov. 2008 à 12:49
eh bien ComcoFix s'est lancé correctement, il a supprimé les fichiers que j'ai copié/collé, mon PC a reboot et la finalisation s'est faite.
0
Réponse 17 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
27 nov. 2008 à 12:59
Re,

recommence la totalité de la manip du post 13.

Vérifie que le fichier CFScript est bien créé sur ton Bureau, à côté de Combofix.
0
Réponse 18 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
27 nov. 2008 à 13:04
ok je vais faire ça mais le fichier CFscript que j'ai créé ne se trouve plus sur le bureau après l'avoir glissé sur ComboFix.
0
Réponse 19 / 48
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
27 nov. 2008 à 13:05
Re,

recrée le.
0
Réponse 20 / 48
savatage Messages postés 109 Date d'inscription vendredi 16 novembre 2007 Statut Membre Dernière intervention 26 décembre 2009
27 nov. 2008 à 14:00
re,

c'est bon, voici le rapport de ComboFix :

ComboFix 08-11-26.05 - nicolas 2008-11-27 13:16:27.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1250 [GMT 1:00]
Lancé depuis: c:\users\nicolas\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\nicolas\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\users\nicolas\AppData\Local\Temp\comrepl.exe
c:\users\nicolas\AppData\Roaming\msts­c.exe
c:\windows\System32\drivers\logman.exe
c:\windows\System32\drivers\mqtgsvc.exe
c:\windows\System32\spr32d35.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\nicolas\AppData\Local\Temp\comrepl.exe
c:\windows\System32\drivers\logman.exe
c:\windows\System32\drivers\mqtgsvc.exe
c:\windows\System32\spr32d35.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_jfdcd


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-27 au 2008-11-27 ))))))))))))))))))))))))))))))))))))
.

2008-11-26 04:08 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 04:08 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 04:08 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 04:08 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 04:08 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 03:30 . 2008-11-17 00:34 81,920 --a------ c:\users\nicolas\AppData\Roaming\mstsc.exe
2008-11-25 21:55 . 2008-11-25 21:56 <REP> d-------- C:\rsit
2008-11-24 23:35 . 2008-11-24 23:42 <REP> d-------- c:\program files\WowCartographe
2008-11-24 14:02 . 2008-11-24 19:42 <REP> d-------- c:\users\nicolas\WoW-2.3.0.7561-frFR
2008-11-18 14:06 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 14:06 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 14:06 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-18 14:06 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 14:06 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-18 14:06 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 14:06 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 14:06 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-18 14:06 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 22:16 . 2008-11-16 22:16 404,250 --a------ c:\windows\Revolution Script CZ Uninstaller.exe.bak
2008-11-16 15:32 . 2008-11-27 10:43 <REP> d-------- c:\program files\Steam
2008-11-16 13:59 . 2008-11-23 15:05 <REP> d-------- c:\program files\Common Files\Steam
2008-11-15 04:24 . 2008-11-15 04:25 <REP> d-------- c:\users\nicolas\AppData\Roaming\LiveCAD2
2008-11-15 04:23 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll
2008-11-14 01:44 . 2008-11-14 01:44 <REP> d-------- c:\program files\RVG Software
2008-11-12 13:37 . 2008-11-12 13:37 <REP> dr-h----- C:\AHCache
2008-11-12 05:01 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 05:01 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 05:01 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 02:13 . 2008-11-17 01:08 <REP> d-------- c:\users\All Users\rkfree
2008-11-11 02:13 . 2008-11-17 01:08 <REP> d-------- c:\programdata\rkfree
2008-10-31 23:30 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-31 23:30 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-31 23:30 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-31 23:30 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-31 23:30 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-29 14:23 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 14:23 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 14:23 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 02:15 . 2008-10-27 02:15 <REP> d-------- c:\program files\Pokerbility

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 12:15 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
2008-11-27 12:15 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
2008-11-27 11:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 11:57 --------- d-----w c:\program files\Electronic Arts
2008-11-27 10:23 --------- d-----w c:\program files\bwin
2008-11-23 02:48 --------- d-----w c:\users\nicolas\AppData\Roaming\OpenOffice.org2
2008-11-19 22:20 --------- d-----w c:\users\nicolas\AppData\Roaming\teamspeak2
2008-11-17 16:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-17 16:46 --------- d-----w c:\program files\Lavasoft
2008-11-17 16:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-16 23:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-16 14:13 --------- d-----w c:\programdata\Codemasters
2008-11-14 18:38 --------- d-----w c:\program files\WinamaxPoker
2008-11-14 01:22 --------- d-----w c:\programdata\NVIDIA
2008-11-12 00:25 --------- d-----w c:\users\nicolas\AppData\Roaming\LimeWire
2008-10-27 20:53 --------- d-----w c:\program files\Activision
2008-10-25 14:39 --------- d-----w c:\users\nicolas\AppData\Roaming\Mumble
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-22 11:33 444,952 ----a-w c:\windows\System32\wrap_oal.dll
2008-10-22 11:33 109,080 ----a-w c:\windows\System32\OpenAL32.dll
2008-10-22 11:33 --------- d-----w c:\program files\OpenAL
2008-10-20 12:11 --------- d-----w c:\users\nicolas\AppData\Roaming\Paltalk
2008-10-20 12:11 --------- d-----w c:\program files\Paltalk Messenger
2008-10-19 16:08 --------- d-----w c:\program files\PokerStars.NET
2008-10-18 13:04 --------- d-----w c:\programdata\Media Center Programs
2008-10-18 11:43 --------- d-----w c:\program files\GameSpy
2008-10-18 11:39 669,184 ----a-w c:\windows\System32\pbsvc.exe
2008-10-18 11:39 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-18 11:39 22,328 ----a-w c:\users\nicolas\AppData\Roaming\PnkBstrK.sys
2008-10-18 11:39 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-10-17 23:12 --------- d-s---w c:\users\émilie\AppData\Roaming\Microsoft
2008-10-17 23:11 --------- d-----w c:\programdata\Avg7
2008-10-17 23:10 --------- d-----w c:\programdata\Grisoft
2008-10-17 19:36 --------- d-----w c:\users\nicolas\AppData\Roaming\AVG7
2008-10-17 18:59 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-10-15 22:14 --------- d-----w c:\program files\Windows Mail
2008-10-15 09:19 --------- d-----w c:\program files\PokerRewardsCalculator
2008-10-15 09:18 --------- d-----w c:\program files\Image-Line
2008-10-15 09:17 1,890 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-10-14 17:56 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-14 17:53 --------- d--h--r c:\users\nicolas\AppData\Roaming\SecuROM
2008-10-14 17:50 --------- d-----w c:\programdata\Electronic Arts
2008-10-10 11:14 --------- d-----w c:\programdata\ma-config.com
2008-10-10 11:14 --------- d-----w c:\program files\ma-config.com
2008-10-08 14:43 --------- d-----w c:\program files\eMule
2008-10-07 12:22 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-07 12:21 --------- d-----w c:\users\nicolas\AppData\Roaming\Disney Interactive Studios
2008-10-07 12:05 --------- d-----w c:\program files\Disney Interactive Studios
2008-10-07 12:02 --------- d-----w c:\program files\DAEMON Tools Lite
2008-10-06 22:15 --------- d-----w c:\program files\Mumble
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-30 12:06 --------- d-----w c:\program files\Sony
2008-09-30 11:37 --------- d-----w c:\users\nicolas\AppData\Roaming\dvdcss
2008-09-28 13:00 --------- d-----w c:\users\nicolas\AppData\Roaming\Sony Corporation
2008-09-28 12:53 --------- d-----w c:\programdata\Sony Corporation
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-06 18:11 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-08-31 12:07 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-08-31 12:07 56 ---ha-w c:\programdata\ezsidmv.dat
2008-08-27 22:14 174 --sha-w c:\program files\desktop.ini
2008-08-27 19:13 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-08-27 19:13 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2007-12-31 19:36 147,456 ----a-w c:\users\nicolas\vbzip10.dll
2007-12-07 14:37 44 ----a-w c:\users\nicolas\addresses.dat
.

((((((((((((((((((((((((((((( snapshot_2008-11-27_10.47.12.77 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-27 09:42:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-27 09:42:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-27 09:43:20 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-27 12:18:32 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-11-27 08:51:32 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-27 09:42:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-27 08:51:32 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-27 09:42:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-27 08:51:32 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-27 09:42:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-26 02:27:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-27 12:15:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-11-27 09:29:04 16,912 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3353809018-4188295010-4142484477-1000_UserData.bin
+ 2008-11-27 09:44:45 16,960 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3353809018-4188295010-4142484477-1000_UserData.bin
- 2008-11-27 09:29:03 82,890 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-27 09:44:45 82,944 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Steam"="c:\program files\steam\steam.exe" [2008-11-16 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2008-01-19 227840]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\windows\System32\drivers\logman.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.X264"= x264vfw.dll
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 10:13 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-12-01 13:37 4186112 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{ED529C9F-5CB9-4A9B-890F-FAD69EB8621B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{46B144C2-E876-4240-BABC-37FCA70E5C54}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{5C9ECA7F-D381-4D76-8B45-25125C377193}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{7158C179-D22E-4611-9A81-B7B25ED269A4}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{F3B7E70C-8638-4F77-B70F-6DFD13CF7E8D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C59C477A-463F-4C27-8548-4B4B88CE2235}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DC12E3EB-123D-4300-AD80-81A1310A2B12}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{EBD28C76-4C6A-44A6-9597-36290089BD76}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{98BBC409-24E5-456A-91CC-15F2AB0EDDA8}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{AF392EBB-2109-4B07-A7EB-3FF1DC3587FB}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{75D5B769-E9B7-4ECD-A968-64F69140FEBD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{4072DE3E-2979-4014-99DB-9BCBA6691A2F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{E79107BB-D6D6-4B6D-8CA8-F951207431A1}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{9C8C1F2B-13AA-497A-B1A4-E70DFED2005A}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{4BFF0396-112C-4D87-962A-8441D316B35D}c:\\program files\\msn messenger\\livecall.exe"= UDP:c:\program files\msn messenger\livecall.exe:Windows Live Call
"UDP Query User{203365B6-2ECE-4AB3-8699-DB4D9149D7CF}c:\\program files\\msn messenger\\livecall.exe"= TCP:c:\program files\msn messenger\livecall.exe:Windows Live Call
"TCP Query User{CAB73677-1C09-4081-AD01-5300DB868A15}c:\\windows\\windl\\mirc.exe"= UDP:c:\windows\windl\mirc.exe:mIRC
"UDP Query User{CC70295B-BB83-48E0-A17F-33D79BAA85BA}c:\\windows\\windl\\mirc.exe"= TCP:c:\windows\windl\mirc.exe:mIRC
"TCP Query User{770B9900-1F8B-4214-BEED-FB29EA5111D5}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= UDP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{67EDDB4C-49C0-44B2-8E16-8B31F4B2E44E}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= TCP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{734020D3-36B2-462A-A38B-1A3F59C68578}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{81075885-3713-42C7-9021-D3EB634014E6}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{5DC4668A-157D-404D-99CE-C146A4541247}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{54990A40-A2E4-4CC3-8B06-7043FAE0079B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C60606B6-D970-4157-9D6A-88E78386B774}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{2BF6CF69-373C-416C-B667-AE4195AF2BC7}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D8F15AAC-ACEC-4E4D-84D1-FF1CF7F6D7E3}c:\\program files\\disney interactive studios\\pure\\pure.exe"= UDP:c:\program files\disney interactive studios\pure\pure.exe:Pure
"UDP Query User{3023AD3C-05BF-49E0-81D0-1BDF48814CEE}c:\\program files\\disney interactive studios\\pure\\pure.exe"= TCP:c:\program files\disney interactive studios\pure\pure.exe:Pure
"{7B30449A-A6C0-49F0-8254-1FE93DD9C91A}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"{104FA4C2-D549-4E2F-BE38-C22972FA9765}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"TCP Query User{51E0DAB1-CB45-4A8C-9D16-06A5CC1B2276}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{E0F1FBA4-1DE9-406E-8307-576CFC0FB45D}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{FDBB74F5-E568-4D53-84F6-F452328C1D54}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{FB09D548-52A1-4BE5-922C-D19248E8A128}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{813A3210-4E32-41F2-B867-454ED9E70AA9}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{9B9DE649-3A04-4CB1-B3A1-3D5951D4E70C}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{5F3654C7-4019-4EA7-90A5-65BBCEDF0D49}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{95743B52-55D0-4A8D-9D79-A477FF3103A3}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{D9BFE5F3-F090-42C0-BCC8-267C8FA6DCD1}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{3E906ACB-5E48-4138-B695-77AED847D04D}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{EDB04522-575C-4F0B-B2DB-7C4F78E1C150}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= UDP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{B2D7216D-279B-4A90-992B-1B10FB288326}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= TCP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2007-06-18 4484]
S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\system32\DRIVERS\CE6230StandaloneDriver.sys [2008-03-26 44800]
S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\system32\DRIVERS\CE6230BDA.sys [2008-03-26 19328]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-11-05 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2007-11-05 27072]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-11-16 104944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd6a743-93e8-11dd-93af-001a9219cb78}]
\shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6662202f-79a8-11dd-9321-001a9219cb78}]
\shell\AutoRun\command - D:\Launcher.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-21 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:18]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 13:18:34
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-27 13:19:46
ComboFix-quarantined-files.txt 2008-11-27 12:19:44
ComboFix2.txt 2008-11-26 02:37:10

Avant-CF: 49,335,115,776 octets libres
Après-CF: 49,302,212,608 octets libres

292 --- E O F --- 2008-11-27 08:50:24
0

Discussions similaires

Installer Ubuntu sur clef USB avec persistance.
eddie73000 -
eddie73000 -

6 réponses
problème persistant
claudy -
sfel -

1 réponse
Installer Ubuntu sur une clé USB persistante
Zerosmtx -
pingouinormand -

7 réponses
Objets persistant
Eric -
vveenn -

3 réponses
malware persistant
caffard -
Fish66 -

12 réponses