Shbdchk13 persistant

savatage Messages postés 136 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,

depuis un certain temps, j'ai antivir qui me dit plusieur fois par jours que j'ai des virus dont voici le nom de celui de la derniere alerte: shbdchk13 .

Je n'arrive pas à les supprimer, que ce soit avec antivir, spybot, ad aware etc...
Alors un petit coup de main de votre part serait vraiment sympa.
Merci d'avance
Configuration: Windows Vista
Firefox 3.0.4

48 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un problème se manifeste par des alertes antivirus indiquant des virus nommés shbdchk13 sur Windows Vista avec Firefox 3.0.4, et des difficultés à les éliminer malgré l’usage d’outils courants. Des réponses proposent d’utiliser RSIT et HijackThis pour générer des rapports détaillés et examiner les éléments suspects, puis de partager les contenus log.txt et info.txt afin d’identifier les composants malveillants. D’autres préconisent ComboFix et des vérifications VirusTotal sur des fichiers incriminés tels que mqtgsvc.exe et mstsc.exe, puis à poster les rapports pour poursuite du nettoyage. En cas d’utilisation d’outils additionnels comme OAD pour rechercher des fichiers précis, il est recommandé d’exécuter en mode administrateur et d’attendre le rapport avant toute action, afin d’éviter de fausses suppressions.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Salut,

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    2
  2. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    une relecture de mon analyse de ton rapport Combofix (merci Nicolas Coolman) m'amène à te demander de faire des choses en plus (et de faire attention dans l'utilisation du PC car il est très probable que ton infection évolue ou que de nouvelles apparaissent).
    ==================

    Fais redémarrer l'ordi et remets un rapport RSIT.

    ==================
    Fais un contrôle sur VirusTotal de ces 3 fichiers :

    c:\users\nicolas\AppData\Roaming\msts­c.exe
    c:\windows\System32\drivers\mqtgsvc.e­xe
    c:\windows\System32\drivers\logman.ex­e

    et poste les rapports dans ta réponse.
    1
  3. savatage Messages postés 136 Statut Membre
     
    personne ?
    0
  4. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bonsoir

    pour suivre ;))
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. savatage Messages postés 136 Statut Membre
     
    bonsoir marie,

    merci de ton attention, voici les rapports

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by nicolas at 2008-11-25 21:59:39
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 30 GB (13%) free of 231 GB
    Total RAM: 2046 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:59:52, on 25/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Users\nicolas\LOCALS~1\APPLIC~1\ieudinit.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Steam\Steam.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\nicolas\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\nicolas.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SOS Connexion - Le web en toute simplicité
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F3 - REG:win.ini: load=C:\Users\nicolas\LOCALS~1\APPLIC~1\ieudinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {E51B6382-1B9A-4627-BE54-0046B1D268DD} - (no file)
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5A91359C-8B83-42AA-BEC7-1DE18CE82297}: NameServer = 192.168.1.1
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    0
  7. savatage Messages postés 136 Statut Membre
     
    et le second

    info.txt logfile of random's system information tool 1.04 2008-11-25 21:56:12

    ======Uninstall list======

    -->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x040c -removeonly
    -->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x040c -removeonly
    -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
    -->C:\Windows\UNNeroShowTime.exe /UNINSTALL
    -->C:\Windows\UNNeroVision.exe /UNINSTALL
    -->C:\Windows\UNRecode.exe /UNINSTALL
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
    Architecte 3D Platinium-->C:\PROGRA~1\ARCHIT~1\UNWISE.EXE C:\PROGRA~1\ARCHIT~1\INSTALL.LOG
    Architecture 3D - 2.0 (version gratuite)-->"C:\Program Files\LiveCAD\Architecture 3D - 2.0 (version gratuite)\unins000.exe"
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    a-squared Anti-Malware 3.5-->"C:\Program Files\a-squared Anti-Malware\unins000.exe"
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Blazing Angels 2 : Secret Missions of WWII-->C:\Program Files\InstallShield Installation Information\{D8768524-DE8D-40D3-904B-B1FCC31CF9F9}\Setup.exe -runfromtemp -l0x040c -removeonly
    bwin Poker (remove only)-->"C:\Program Files\bwin\uninstall.exe"
    Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374}
    Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
    Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80
    DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
    DivX 3.11a-->C:\Program Files\DivX3.11a\uninst.exe
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    EVEREST Ultimate Edition v4.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    Free Video Converter V 1.1-->"C:\Program Files\Free Video Converter\unins000.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Holdem Manager-->MsiExec.exe /I{89B38025-05A0-4958-92C3-70882AE8553A}
    iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
    LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
    livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mpeg Layer3 Codec FHG-Radium v1.263-->C:\Windows\UNWISE.EXE C:\audio\L3CODE~1\INSTALL.LOG
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
    Nero 7 Essentials-->MsiExec.exe /I{D34D82E0-4600-407B-9478-8506C1DD1036}
    OCCT Perestroika 1.0.1-->"C:\Program Files\OCCT\unins000.exe"
    OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
    OpenOffice.org 2.3-->MsiExec.exe /I{FADB55D0-403F-4413-A268-CF0A6F1185C2}
    Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
    Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
    Pokerbility 1.10.25-->"C:\Program Files\Pokerbility\unins000.exe"
    PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
    PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
    Pure-->C:\Program Files\InstallShield Installation Information\{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}\setup.exe -runfromtemp -l0x0c0c Pure -removeonly
    QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Revolution Script CZ-->C:\Windows\Revolution Script CZ Uninstaller.exe
    SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
    Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c uninstall -removeonly
    SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    TeamSpeak 3-->C:\Program Files\TeamSpeak 3\uninstall.exe
    TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
    TrackMania Nations ESWC 1.8.0-->"C:\Program Files\TrackMania Nations ESWC\unins000.exe"
    TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
    VD Codec Pack 1.8-->C:\Program Files\VDCodecPack1.8\uninst.exe
    VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
    Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM-->MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}
    Visual C++ 8.0 MFC (x86) WinSXS MSM-->MsiExec.exe /I{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}
    Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM-->MsiExec.exe /I{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}
    Winamax Poker (remove only)-->"C:\Program Files\WinamaxPoker\uninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinPcap 3.1 beta4-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
    Wow Cartographe 1.09-->C:\Program Files\WowCartographe\uninst.exe
    x264 Revision 366 x264.nl (remove only)-->"C:\Program Files\x264\x264-uninstall.exe"
    XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

    =====HijackThis Backups=====

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    ======Security center information======

    AV: Avira AntiVir PersonalEdition
    AS: AVG Anti-Spyware (disabled) (outdated)
    AS: Windows Defender (disabled)

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=4b02
    "NUMBER_OF_PROCESSORS"=2
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

    -----------------EOF-----------------
    0
  8. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\Users\nicolas\LOCALS~1\APPLIC~1\ieudinit.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

    ==================

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    supprime (si il existe Combofix.exe sur ton Bureau ainsi que le répertoire Qoobox à la racine du disque, en général C:\Qoobox).

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le Bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  9. savatage Messages postés 136 Statut Membre
     
    salut lyonnais,

    voici le rapport. pour la désinfection je la ferai demain.

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.11.24.3 2008.11.25 -
    AntiVir 7.9.0.35 2008.11.25 -
    Authentium 5.1.0.4 2008.11.25 -
    Avast 4.8.1281.0 2008.11.25 -
    AVG 8.0.0.199 2008.11.25 -
    BitDefender 7.2 2008.11.25 -
    CAT-QuickHeal 10.00 2008.11.25 -
    ClamAV 0.94.1 2008.11.25 -
    DrWeb 4.44.0.09170 2008.11.25 -
    eSafe 7.0.17.0 2008.11.25 -
    eTrust-Vet 31.6.6227 2008.11.25 -
    Ewido 4.0 2008.11.25 -
    F-Prot 4.4.4.56 2008.11.25 -
    F-Secure 8.0.14332.0 2008.11.25 -
    Fortinet 3.117.0.0 2008.11.25 -
    GData 19 2008.11.25 -
    Ikarus T3.1.1.45.0 2008.11.25 -
    K7AntiVirus 7.10.533 2008.11.25 -
    Kaspersky 7.0.0.125 2008.11.25 Heur.Trojan.Generic
    McAfee 5445 2008.11.25 -
    McAfee+Artemis 5445 2008.11.25 -
    Microsoft 1.4104 2008.11.25 -
    NOD32 3640 2008.11.25 -
    Norman 5.80.02 2008.11.25 -
    Panda 9.0.0.4 2008.11.25 Suspicious file
    PCTools 4.4.2.0 2008.11.25 -
    Prevx1 V2 2008.11.25 -
    Rising 21.05.12.00 2008.11.25 -
    SecureWeb-Gateway 6.7.6 2008.11.25 -
    Sophos 4.35.0 2008.11.25 -
    Sunbelt 3.1.1823.2 2008.11.22 BehavesLike.Win32.Malware (v)
    Symantec 10 2008.11.25 -
    TheHacker 6.3.1.1.163 2008.11.25 -
    TrendMicro 8.700.0.1004 2008.11.25 -
    VBA32 3.12.8.9 2008.11.25 -
    ViRobot 2008.11.25.1485 2008.11.25 -
    VirusBuster 4.5.11.0 2008.11.25 -
    Information additionnelle
    File size: 81920 bytes
    MD5...: a66e1b04691a5b894d6d48206b5269af
    SHA1..: 5f86097823d4f4d4f5eb6ebe34ee3973081be3c2
    SHA256: 0cdb641fe46739b18a72acd3a8385dfc68c94c25fc3cc24b917a1f0a936e1427
    SHA512: b3f23bcca035f459008aad9dcc845499ddb4d1f3e187a4848998c3a68fe24eac
    93eb765b8338d032dde6ff46817b821a51b122db27e03b612926d503056ce49c
    ssdeep: 1536:5OjsuBJ640kra0AAymEY6P4RqFGGTZB7zA6Feoat:ZuBJ6B0qm24Ux/0oat
    PEiD..: -
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x40acc6
    timedatestamp.....: 0x4920ac5d (Sun Nov 16 23:27:25 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xf55f 0x10000 6.22 8c1c59199ad9b53b32c7dd43b6f78620
    .rdata 0x11000 0x1fe2 0x2000 5.49 2ac5bb73b8e691b589df3070c2c61367
    .data 0x13000 0x3798 0x1000 1.47 6c71fa172fe3d98dcc83fdd01e106407

    ( 6 imports )
    > USER32.dll: LoadImageA
    > ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
    > WS2_32.dll: -, -
    > WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
    > NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
    > KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetSystemDirectoryA, OpenProcess, GetProcessPriorityBoost, GetFileType, GetStartupInfoA, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc

    ( 0 exports )
    0
  10. savatage Messages postés 136 Statut Membre
     
    bonjour,

    voici le rapport de combofix. Je te remercie de m'aider lyonnais ;)

    ComboFix 08-11-26.01 - nicolas 2008-11-26 3:27:28.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1353 [GMT 1:00]
    Lancé depuis: c:\users\nicolas\Desktop\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\émilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpE9C3.tmp
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\k4
    c:\windows\system32\packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\rMa18yy
    c:\windows\system32\wanpacket.dll
    c:\windows\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-26 au 2008-11-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-26 03:30 . 2008-11-17 00:34 81,920 --a------ c:\users\nicolas\AppData\Roaming\mstsc.exe
    2008-11-26 03:20 . 2008-11-17 00:34 81,920 --a------ c:\windows\System32\drivers\mqtgsvc.exe
    2008-11-26 03:20 . 2008-11-17 00:34 81,920 --a------ c:\windows\System32\drivers\logman.exe
    2008-11-25 21:55 . 2008-11-25 21:56 <REP> d-------- C:\rsit
    2008-11-24 23:35 . 2008-11-24 23:42 <REP> d-------- c:\program files\WowCartographe
    2008-11-24 14:02 . 2008-11-24 19:42 <REP> d-------- c:\users\nicolas\WoW-2.3.0.7561-frFR
    2008-11-18 14:06 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-18 14:06 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-18 14:06 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-18 14:06 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-18 14:06 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-18 14:06 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-18 14:06 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-18 14:06 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-18 14:06 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-16 22:16 . 2008-11-16 22:16 404,250 --a------ c:\windows\Revolution Script CZ Uninstaller.exe
    2008-11-16 15:32 . 2008-11-26 03:32 <REP> d-------- c:\program files\Steam
    2008-11-16 13:59 . 2008-11-23 15:05 <REP> d-------- c:\program files\Common Files\Steam
    2008-11-15 13:50 . 2002-08-18 19:43 794,624 --a------ c:\windows\System32\spr32d35.dll
    2008-11-15 04:24 . 2008-11-15 04:25 <REP> d-------- c:\users\nicolas\AppData\Roaming\LiveCAD2
    2008-11-15 04:23 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll
    2008-11-15 04:22 . 2008-11-15 04:22 <REP> d-------- c:\program files\LiveCAD
    2008-11-14 01:44 . 2008-11-14 01:44 <REP> d-------- c:\program files\RVG Software
    2008-11-12 13:37 . 2008-11-12 13:37 <REP> dr-h----- C:\AHCache
    2008-11-12 05:01 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
    2008-11-12 05:01 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
    2008-11-12 05:01 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-12 01:19 . 2008-11-12 01:19 <REP> d-------- c:\program files\LimeWire
    2008-11-11 02:13 . 2008-11-17 01:08 <REP> d-------- c:\users\All Users\rkfree
    2008-11-11 02:13 . 2008-11-17 01:08 <REP> d-------- c:\programdata\rkfree
    2008-10-31 23:30 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
    2008-10-31 23:30 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
    2008-10-31 23:30 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
    2008-10-31 23:30 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2008-10-31 23:30 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
    2008-10-29 14:23 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
    2008-10-29 14:23 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
    2008-10-29 14:23 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
    2008-10-27 02:15 . 2008-10-27 02:15 <REP> d-------- c:\program files\Pokerbility

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-26 02:27 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
    2008-11-26 02:27 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
    2008-11-23 02:48 --------- d-----w c:\users\nicolas\AppData\Roaming\OpenOffice.org2
    2008-11-21 00:21 --------- d-----w c:\program files\bwin
    2008-11-19 22:20 --------- d-----w c:\users\nicolas\AppData\Roaming\teamspeak2
    2008-11-17 16:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-11-17 16:46 --------- d-----w c:\program files\Lavasoft
    2008-11-17 16:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-11-16 23:51 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-16 14:13 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-16 14:13 --------- d-----w c:\programdata\Codemasters
    2008-11-14 18:38 --------- d-----w c:\program files\WinamaxPoker
    2008-11-14 01:22 --------- d-----w c:\programdata\NVIDIA
    2008-11-12 00:25 --------- d-----w c:\users\nicolas\AppData\Roaming\LimeWire
    2008-10-27 20:53 --------- d-----w c:\program files\Activision
    2008-10-25 14:39 --------- d-----w c:\users\nicolas\AppData\Roaming\Mumble
    2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-10-22 11:33 --------- d-----w c:\program files\OpenAL
    2008-10-20 12:11 --------- d-----w c:\users\nicolas\AppData\Roaming\Paltalk
    2008-10-20 12:11 --------- d-----w c:\program files\Paltalk Messenger
    2008-10-19 16:08 --------- d-----w c:\program files\PokerStars.NET
    2008-10-18 13:04 --------- d-----w c:\programdata\Media Center Programs
    2008-10-18 11:43 --------- d-----w c:\program files\GameSpy
    2008-10-18 11:39 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-10-18 11:39 22,328 ----a-w c:\users\nicolas\AppData\Roaming\PnkBstrK.sys
    2008-10-18 11:26 --------- d-----w c:\program files\Electronic Arts
    2008-10-17 23:12 --------- d-s---w c:\users\émilie\AppData\Roaming\Microsoft
    2008-10-17 23:11 --------- d-----w c:\programdata\Avg7
    2008-10-17 23:10 --------- d-----w c:\programdata\Grisoft
    2008-10-17 19:36 --------- d-----w c:\users\nicolas\AppData\Roaming\AVG7
    2008-10-17 18:59 --------- d-----w c:\programdata\Spybot - Search & Destroy
    2008-10-15 22:14 --------- d-----w c:\program files\Windows Mail
    2008-10-15 09:19 --------- d-----w c:\program files\PokerRewardsCalculator
    2008-10-15 09:18 --------- d-----w c:\program files\Image-Line
    2008-10-14 17:56 --------- d-----w c:\program files\Common Files\InstallShield
    2008-10-14 17:53 --------- d--h--r c:\users\nicolas\AppData\Roaming\SecuROM
    2008-10-14 17:50 --------- d-----w c:\programdata\Electronic Arts
    2008-10-10 11:14 --------- d-----w c:\programdata\ma-config.com
    2008-10-10 11:14 --------- d-----w c:\program files\ma-config.com
    2008-10-08 14:43 --------- d-----w c:\program files\eMule
    2008-10-07 12:21 --------- d-----w c:\users\nicolas\AppData\Roaming\Disney Interactive Studios
    2008-10-07 12:05 --------- d-----w c:\program files\Disney Interactive Studios
    2008-10-07 12:02 --------- d-----w c:\program files\DAEMON Tools Lite
    2008-10-06 22:15 --------- d-----w c:\program files\Mumble
    2008-09-30 12:06 --------- d-----w c:\program files\Sony
    2008-09-30 11:37 --------- d-----w c:\users\nicolas\AppData\Roaming\dvdcss
    2008-09-28 13:00 --------- d-----w c:\users\nicolas\AppData\Roaming\Sony Corporation
    2008-09-28 12:53 --------- d-----w c:\programdata\Sony Corporation
    2008-08-31 12:07 56 ---ha-w c:\users\All Users\ezsidmv.dat
    2008-08-31 12:07 56 ---ha-w c:\programdata\ezsidmv.dat
    2008-08-27 22:14 174 --sha-w c:\program files\desktop.ini
    2007-12-31 19:36 147,456 ----a-w c:\users\nicolas\vbzip10.dll
    2007-12-07 14:37 44 ----a-w c:\users\nicolas\addresses.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Steam"="c:\program files\steam\steam.exe" [2008-11-16 1410296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\System32\msconfig.exe" [2008-01-19 227840]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "MqtgSVC"="c:\windows\System32\drivers\mqtgsvc.exe" [2008-11-17 81920]

    [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "Logman"="c:\windows\System32\drivers\logman.exe" [2008-11-17 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "load"=c:\users\nicolas\AppData\Local\Temp\comrepl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msacm.l3acm"= l3codecp.acm
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "vidc.X264"= x264vfw.dll
    "msacm.l3codec"= l3codecp.acm

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    --a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-06-02 10:13 267048 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    --a------ 2006-12-01 13:37 4186112 c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{ED529C9F-5CB9-4A9B-890F-FAD69EB8621B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{46B144C2-E876-4240-BABC-37FCA70E5C54}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{5C9ECA7F-D381-4D76-8B45-25125C377193}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
    "UDP Query User{7158C179-D22E-4611-9A81-B7B25ED269A4}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
    "TCP Query User{F3B7E70C-8638-4F77-B70F-6DFD13CF7E8D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{C59C477A-463F-4C27-8548-4B4B88CE2235}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{DC12E3EB-123D-4300-AD80-81A1310A2B12}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{EBD28C76-4C6A-44A6-9597-36290089BD76}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{98BBC409-24E5-456A-91CC-15F2AB0EDDA8}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
    "UDP Query User{AF392EBB-2109-4B07-A7EB-3FF1DC3587FB}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
    "TCP Query User{75D5B769-E9B7-4ECD-A968-64F69140FEBD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{4072DE3E-2979-4014-99DB-9BCBA6691A2F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{E79107BB-D6D6-4B6D-8CA8-F951207431A1}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{9C8C1F2B-13AA-497A-B1A4-E70DFED2005A}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{4BFF0396-112C-4D87-962A-8441D316B35D}c:\\program files\\msn messenger\\livecall.exe"= UDP:c:\program files\msn messenger\livecall.exe:Windows Live Call
    "UDP Query User{203365B6-2ECE-4AB3-8699-DB4D9149D7CF}c:\\program files\\msn messenger\\livecall.exe"= TCP:c:\program files\msn messenger\livecall.exe:Windows Live Call
    "TCP Query User{CAB73677-1C09-4081-AD01-5300DB868A15}c:\\windows\\windl\\mirc.exe"= UDP:c:\windows\windl\mirc.exe:mIRC
    "UDP Query User{CC70295B-BB83-48E0-A17F-33D79BAA85BA}c:\\windows\\windl\\mirc.exe"= TCP:c:\windows\windl\mirc.exe:mIRC
    "TCP Query User{770B9900-1F8B-4214-BEED-FB29EA5111D5}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= UDP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{67EDDB4C-49C0-44B2-8E16-8B31F4B2E44E}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= TCP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{734020D3-36B2-462A-A38B-1A3F59C68578}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "UDP Query User{81075885-3713-42C7-9021-D3EB634014E6}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "{5DC4668A-157D-404D-99CE-C146A4541247}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{54990A40-A2E4-4CC3-8B06-7043FAE0079B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{C60606B6-D970-4157-9D6A-88E78386B774}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{2BF6CF69-373C-416C-B667-AE4195AF2BC7}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "TCP Query User{D8F15AAC-ACEC-4E4D-84D1-FF1CF7F6D7E3}c:\\program files\\disney interactive studios\\pure\\pure.exe"= UDP:c:\program files\disney interactive studios\pure\pure.exe:Pure
    "UDP Query User{3023AD3C-05BF-49E0-81D0-1BDF48814CEE}c:\\program files\\disney interactive studios\\pure\\pure.exe"= TCP:c:\program files\disney interactive studios\pure\pure.exe:Pure
    "{7B30449A-A6C0-49F0-8254-1FE93DD9C91A}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
    "{104FA4C2-D549-4E2F-BE38-C22972FA9765}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID
    "TCP Query User{51E0DAB1-CB45-4A8C-9D16-06A5CC1B2276}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
    "UDP Query User{E0F1FBA4-1DE9-406E-8307-576CFC0FB45D}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
    "TCP Query User{FDBB74F5-E568-4D53-84F6-F452328C1D54}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "UDP Query User{FB09D548-52A1-4BE5-922C-D19248E8A128}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "TCP Query User{813A3210-4E32-41F2-B867-454ED9E70AA9}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{9B9DE649-3A04-4CB1-B3A1-3D5951D4E70C}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{5F3654C7-4019-4EA7-90A5-65BBCEDF0D49}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{95743B52-55D0-4A8D-9D79-A477FF3103A3}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{D9BFE5F3-F090-42C0-BCC8-267C8FA6DCD1}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{3E906ACB-5E48-4138-B695-77AED847D04D}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{EDB04522-575C-4F0B-B2DB-7C4F78E1C150}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= UDP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
    "UDP Query User{B2D7216D-279B-4A90-992B-1B10FB288326}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= TCP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
    R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2007-06-18 4484]
    R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2008-07-26 21504]
    S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\system32\DRIVERS\CE6230StandaloneDriver.sys [2008-03-26 44800]
    S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\system32\DRIVERS\CE6230BDA.sys [2008-03-26 19328]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-11-05 28224]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2007-11-05 27072]
    S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-11-16 104944]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd6a743-93e8-11dd-93af-001a9219cb78}]
    \shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6662202f-79a8-11dd-9321-001a9219cb78}]
    \shell\AutoRun\command - D:\Launcher.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-21 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:18]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{E51B6382-1B9A-4627-BE54-0046B1D268DD} - (no file)
    WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
    HKLM-Explorer_Run-Spool - c:\users\nicolas\LOCALS~1\APPLIC~1\spoolsv.exe
    MSConfigStartUp-Host Process - c:\users\nicolas\svchost.exe
    MSConfigStartUp-NetAnalyse - c:\program files\NetAnalyse\NetAnalyse.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    MSConfigStartUp-SystrayORAHSS - c:\program files\OrangeHSS\Systray\SystrayApp.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\users\nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\3tprtbr3.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-26 03:32:19
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\System32\nvvsvc.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\a-squared Anti-Malware\a2service.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\windows\System32\PnkBstrA.exe
    c:\windows\System32\WUDFHost.exe
    c:\windows\System32\conime.exe
    c:\users\nicolas\AppData\Local\spoolsv.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\windows\System32\wbem\WMIADAP.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-26 3:37:09 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-26 02:37:05

    Avant-CF: 28 176 322 560 octets libres
    Après-CF: 28,162,162,688 octets libres

    294 --- E O F --- 2008-11-25 08:18:26
    0
  11. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    un fichier à contrôler:

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : c:\users\nicolas\AppData\Local\Temp\comrepl.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

    =======================

    vérifie aussi celui-ci :

    c:\windows\System32\spr32d35.dll
    0
  12. savatage Messages postés 136 Statut Membre
     
    voici l'analyse des fichiers que tu m'as cité fait par VirusTotal :

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.11.24.3 2008.11.26 -
    AntiVir 7.9.0.35 2008.11.26 -
    Authentium 5.1.0.4 2008.11.26 -
    Avast 4.8.1281.0 2008.11.25 -
    AVG 8.0.0.199 2008.11.25 -
    BitDefender 7.2 2008.11.26 -
    CAT-QuickHeal 10.00 2008.11.26 -
    ClamAV 0.94.1 2008.11.26 -
    DrWeb 4.44.0.09170 2008.11.26 -
    eSafe 7.0.17.0 2008.11.25 -
    eTrust-Vet 31.6.6228 2008.11.26 -
    Ewido 4.0 2008.11.25 -
    F-Prot 4.4.4.56 2008.11.25 -
    F-Secure 8.0.14332.0 2008.11.26 -
    Fortinet 3.117.0.0 2008.11.26 -
    GData 19 2008.11.26 -
    Ikarus T3.1.1.45.0 2008.11.26 -
    K7AntiVirus 7.10.533 2008.11.25 -
    Kaspersky 7.0.0.125 2008.11.26 Heur.Trojan.Generic
    McAfee 5445 2008.11.25 -
    McAfee+Artemis 5445 2008.11.25 Generic!Artemis
    Microsoft 1.4104 2008.11.26 -
    NOD32 3642 2008.11.26 -
    Norman 5.80.02 2008.11.26 -
    Panda 9.0.0.4 2008.11.25 Suspicious file
    PCTools 4.4.2.0 2008.11.25 -
    Prevx1 V2 2008.11.26 -
    Rising 21.05.22.00 2008.11.26 -
    SecureWeb-Gateway 6.7.6 2008.11.26 -
    Sophos 4.35.0 2008.11.26 -
    Sunbelt 3.1.1830.2 2008.11.26 BehavesLike.Win32.Malware (v)
    Symantec 10 2008.11.26 -
    TheHacker 6.3.1.1.163 2008.11.25 -
    TrendMicro 8.700.0.1004 2008.11.26 -
    VBA32 3.12.8.9 2008.11.26 -
    ViRobot 2008.11.26.1487 2008.11.26 -
    VirusBuster 4.5.11.0 2008.11.25 -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.11.24.3 2008.11.26 -
    AntiVir 7.9.0.35 2008.11.26 -
    Authentium 5.1.0.4 2008.11.26 -
    Avast 4.8.1281.0 2008.11.25 -
    AVG 8.0.0.199 2008.11.26 -
    BitDefender 7.2 2008.11.26 -
    CAT-QuickHeal 10.00 2008.11.26 -
    ClamAV 0.94.1 2008.11.26 -
    DrWeb 4.44.0.09170 2008.11.26 -
    eSafe 7.0.17.0 2008.11.25 -
    eTrust-Vet 31.6.6228 2008.11.26 -
    Ewido 4.0 2008.11.25 -
    F-Prot 4.4.4.56 2008.11.25 -
    F-Secure 8.0.14332.0 2008.11.26 -
    Fortinet 3.117.0.0 2008.11.26 -
    GData 19 2008.11.26 -
    Ikarus T3.1.1.45.0 2008.11.26 -
    K7AntiVirus 7.10.533 2008.11.25 -
    Kaspersky 7.0.0.125 2008.11.26 Heur.Trojan.Generic
    McAfee 5445 2008.11.25 -
    McAfee+Artemis 5445 2008.11.25 Generic!Artemis
    Microsoft 1.4104 2008.11.26 -
    NOD32 3642 2008.11.26 -
    Norman 5.80.02 2008.11.26 -
    Panda 9.0.0.4 2008.11.25 Suspicious file
    PCTools 4.4.2.0 2008.11.26 -
    Prevx1 V2 2008.11.26 -
    Rising 21.05.22.00 2008.11.26 -
    SecureWeb-Gateway 6.7.6 2008.11.26 -
    Sophos 4.35.0 2008.11.26 -
    Sunbelt 3.1.1830.2 2008.11.26 BehavesLike.Win32.Malware (v)
    Symantec 10 2008.11.26 -
    TheHacker 6.3.1.1.163 2008.11.25 -
    TrendMicro 8.700.0.1004 2008.11.26 -
    VBA32 3.12.8.9 2008.11.26 -
    ViRobot 2008.11.26.1487 2008.11.26 -
    VirusBuster 4.5.11.0 2008.11.25 -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.11.24.3 2008.11.26 -
    AntiVir 7.9.0.35 2008.11.26 -
    Authentium 5.1.0.4 2008.11.26 -
    Avast 4.8.1281.0 2008.11.25 -
    AVG 8.0.0.199 2008.11.26 -
    BitDefender 7.2 2008.11.26 -
    CAT-QuickHeal 10.00 2008.11.26 -
    ClamAV 0.94.1 2008.11.26 -
    DrWeb 4.44.0.09170 2008.11.26 -
    eSafe 7.0.17.0 2008.11.25 -
    eTrust-Vet 31.6.6228 2008.11.26 -
    Ewido 4.0 2008.11.25 -
    F-Prot 4.4.4.56 2008.11.25 -
    F-Secure 8.0.14332.0 2008.11.26 -
    Fortinet 3.117.0.0 2008.11.26 -
    GData 19 2008.11.26 -
    Ikarus T3.1.1.45.0 2008.11.26 -
    K7AntiVirus 7.10.533 2008.11.25 -
    Kaspersky 7.0.0.125 2008.11.26 Heur.Trojan.Generic
    McAfee 5445 2008.11.25 -
    McAfee+Artemis 5445 2008.11.25 Generic!Artemis
    Microsoft 1.4104 2008.11.26 -
    NOD32 3642 2008.11.26 -
    Norman 5.80.02 2008.11.26 -
    Panda 9.0.0.4 2008.11.25 Suspicious file
    PCTools 4.4.2.0 2008.11.26 -
    Prevx1 V2 2008.11.26 -
    Rising 21.05.22.00 2008.11.26 -
    SecureWeb-Gateway 6.7.6 2008.11.26 -
    Sophos 4.35.0 2008.11.26 -
    Sunbelt 3.1.1830.2 2008.11.26 BehavesLike.Win32.Malware (v)
    Symantec 10 2008.11.26 -
    TheHacker 6.3.1.1.163 2008.11.25 -
    TrendMicro 8.700.0.1004 2008.11.26 -
    VBA32 3.12.8.9 2008.11.26 -
    ViRobot 2008.11.26.1487 2008.11.26 -
    VirusBuster 4.5.11.0 2008.11.25 -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.11.24.3 2008.11.26 -
    AntiVir 7.9.0.35 2008.11.26 -
    Authentium 5.1.0.4 2008.11.26 -
    Avast 4.8.1281.0 2008.11.25 -
    AVG 8.0.0.199 2008.11.26 -
    BitDefender 7.2 2008.11.26 -
    CAT-QuickHeal 10.00 2008.11.26 -
    ClamAV 0.94.1 2008.11.26 -
    DrWeb 4.44.0.09170 2008.11.26 -
    eSafe 7.0.17.0 2008.11.25 -
    eTrust-Vet 31.6.6228 2008.11.26 -
    Ewido 4.0 2008.11.26 -
    F-Prot 4.4.4.56 2008.11.25 -
    F-Secure 8.0.14332.0 2008.11.26 -
    Fortinet 3.117.0.0 2008.11.26 -
    GData 19 2008.11.26 -
    Ikarus T3.1.1.45.0 2008.11.26 -
    K7AntiVirus 7.10.533 2008.11.25 -
    Kaspersky 7.0.0.125 2008.11.26 Heur.Trojan.Generic
    McAfee 5445 2008.11.25 -
    McAfee+Artemis 5445 2008.11.25 Generic!Artemis
    Microsoft 1.4104 2008.11.26 -
    NOD32 3642 2008.11.26 -
    Norman 5.80.02 2008.11.26 -
    Panda 9.0.0.4 2008.11.25 Suspicious file
    PCTools 4.4.2.0 2008.11.26 -
    Prevx1 V2 2008.11.26 -
    Rising 21.05.22.00 2008.11.26 -
    SecureWeb-Gateway 6.7.6 2008.11.26 -
    Sophos 4.35.0 2008.11.26 -
    Sunbelt 3.1.1830.2 2008.11.26 BehavesLike.Win32.Malware (v)
    Symantec 10 2008.11.26 -
    TheHacker 6.3.1.1.163 2008.11.25 -
    TrendMicro 8.700.0.1004 2008.11.26 -
    VBA32 3.12.8.9 2008.11.26 -
    ViRobot 2008.11.26.1487 2008.11.26 -
    VirusBuster 4.5.11.0 2008.11.25 -
    0
  13. savatage Messages postés 136 Statut Membre
     
    et voici les log de RSIT :

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by nicolas at 2008-11-26 13:22:23
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 25 GB (11%) free of 231 GB
    Total RAM: 2046 MB (50% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:22:46, on 26/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\drivers\mqtgsvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\mobsync.exe
    C:\Users\nicolas\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\nicolas.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F3 - REG:win.ini: load=C:\Users\nicolas\AppData\Local\Temp\comrepl.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\System32\drivers\mqtgsvc.exe /waitservice
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\Windows\System32\drivers\logman.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Logman] C:\Windows\System32\drivers\logman.exe /waitservice (User 'Default user')
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5A91359C-8B83-42AA-BEC7-1DE18CE82297}: NameServer = 192.168.1.1
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    0
  14. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    Relance HijackThis.

    Choisis Do a scan only

    Coche la case devant les lignes suivantes

    F3 - REG:win.ini: load=C:\Users\nicolas\AppData\Local\Temp\comrepl.exe

    Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

    Clique sur fix checked.

    Ferme Hijackthis.

    ======================================

    Copie ou imprime les instructions avant

    Déconnecte toi d'internet et ferme toutes tes applications.

    Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver::
    aw7chg4x
    jfdcd

    File::
    c:\users\nicolas\AppData\Local\Temp\comrepl.exe
    c:\windows\System32\spr32d35.dll
    c:\users\nicolas\AppData\Roaming\msts­c.exe
    c:\windows\System32\drivers\mqtgsvc.exe
    c:\windows\System32\drivers\logman.exe

    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "MqtgSVC"=-
    [HKUS\S-1-5-18\..\Policies\Explorer\Run]
    "Logman"=-
    [HKUS\.DEFAULT\..\Policies\Explorer\Run]
    "Logman"=-


    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

    Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Réactive ton parefeu, ton antivirus, la garde de ton antispyware

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
    0
  15. savatage Messages postés 136 Statut Membre
     
    bonjour lyonnais,

    désolé du retard, je n'étais pas très dispo ces 2 derniers jours. J'ai fait toutes les manips que tu m'as demandé mais je ne trouve pas le rapport de combofix, il n'est pas dans C:/combofix.txt. Voici celui de HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:32:52, on 27/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\drivers\mqtgsvc.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\nicolas\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\nicolas.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F3 - REG:win.ini: load=C:\Users\nicolas\AppData\Local\Temp\comrepl.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\System32\drivers\mqtgsvc.exe /waitservice
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\Windows\System32\drivers\logman.exe /waitservice (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Logman] C:\Windows\System32\drivers\logman.exe /waitservice (User 'Default user')
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5A91359C-8B83-42AA-BEC7-1DE18CE82297}: NameServer = 192.168.1.1
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    0
  16. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    que s'est-il passé quand tu as fait le glisser-déposer de CfScript sur Combofix ?
    0
  17. savatage Messages postés 136 Statut Membre
     
    eh bien ComcoFix s'est lancé correctement, il a supprimé les fichiers que j'ai copié/collé, mon PC a reboot et la finalisation s'est faite.
    0
  18. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    recommence la totalité de la manip du post 13.

    Vérifie que le fichier CFScript est bien créé sur ton Bureau, à côté de Combofix.
    0
  19. savatage Messages postés 136 Statut Membre
     
    ok je vais faire ça mais le fichier CFscript que j'ai créé ne se trouve plus sur le bureau après l'avoir glissé sur ComboFix.
    0
  20. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    recrée le.
    0
  21. savatage Messages postés 136 Statut Membre
     
    re,

    c'est bon, voici le rapport de ComboFix :

    ComboFix 08-11-26.05 - nicolas 2008-11-27 13:16:27.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1250 [GMT 1:00]
    Lancé depuis: c:\users\nicolas\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\nicolas\Desktop\CFscript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\users\nicolas\AppData\Local\Temp\comrepl.exe
    c:\users\nicolas\AppData\Roaming\msts­c.exe
    c:\windows\System32\drivers\logman.exe
    c:\windows\System32\drivers\mqtgsvc.exe
    c:\windows\System32\spr32d35.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\users\nicolas\AppData\Local\Temp\comrepl.exe
    c:\windows\System32\drivers\logman.exe
    c:\windows\System32\drivers\mqtgsvc.exe
    c:\windows\System32\spr32d35.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_jfdcd

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-27 au 2008-11-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-26 04:08 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
    2008-11-26 04:08 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
    2008-11-26 04:08 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-26 04:08 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
    2008-11-26 04:08 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
    2008-11-26 03:30 . 2008-11-17 00:34 81,920 --a------ c:\users\nicolas\AppData\Roaming\mstsc.exe
    2008-11-25 21:55 . 2008-11-25 21:56 <REP> d-------- C:\rsit
    2008-11-24 23:35 . 2008-11-24 23:42 <REP> d-------- c:\program files\WowCartographe
    2008-11-24 14:02 . 2008-11-24 19:42 <REP> d-------- c:\users\nicolas\WoW-2.3.0.7561-frFR
    2008-11-18 14:06 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
    2008-11-18 14:06 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
    2008-11-18 14:06 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
    2008-11-18 14:06 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
    2008-11-18 14:06 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
    2008-11-18 14:06 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
    2008-11-18 14:06 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
    2008-11-18 14:06 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
    2008-11-18 14:06 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
    2008-11-16 22:16 . 2008-11-16 22:16 404,250 --a------ c:\windows\Revolution Script CZ Uninstaller.exe.bak
    2008-11-16 15:32 . 2008-11-27 10:43 <REP> d-------- c:\program files\Steam
    2008-11-16 13:59 . 2008-11-23 15:05 <REP> d-------- c:\program files\Common Files\Steam
    2008-11-15 04:24 . 2008-11-15 04:25 <REP> d-------- c:\users\nicolas\AppData\Roaming\LiveCAD2
    2008-11-15 04:23 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll
    2008-11-14 01:44 . 2008-11-14 01:44 <REP> d-------- c:\program files\RVG Software
    2008-11-12 13:37 . 2008-11-12 13:37 <REP> dr-h----- C:\AHCache
    2008-11-12 05:01 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
    2008-11-12 05:01 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
    2008-11-12 05:01 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-11 02:13 . 2008-11-17 01:08 <REP> d-------- c:\users\All Users\rkfree
    2008-11-11 02:13 . 2008-11-17 01:08 <REP> d-------- c:\programdata\rkfree
    2008-10-31 23:30 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
    2008-10-31 23:30 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
    2008-10-31 23:30 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
    2008-10-31 23:30 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2008-10-31 23:30 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
    2008-10-29 14:23 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
    2008-10-29 14:23 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
    2008-10-29 14:23 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
    2008-10-27 02:15 . 2008-10-27 02:15 <REP> d-------- c:\program files\Pokerbility

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-27 12:15 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
    2008-11-27 12:15 23,068,672 ----a-w c:\users\émilie\NTUSER.DAT
    2008-11-27 11:57 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-27 11:57 --------- d-----w c:\program files\Electronic Arts
    2008-11-27 10:23 --------- d-----w c:\program files\bwin
    2008-11-23 02:48 --------- d-----w c:\users\nicolas\AppData\Roaming\OpenOffice.org2
    2008-11-19 22:20 --------- d-----w c:\users\nicolas\AppData\Roaming\teamspeak2
    2008-11-17 16:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-11-17 16:46 --------- d-----w c:\program files\Lavasoft
    2008-11-17 16:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-11-16 23:51 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-16 14:13 --------- d-----w c:\programdata\Codemasters
    2008-11-14 18:38 --------- d-----w c:\program files\WinamaxPoker
    2008-11-14 01:22 --------- d-----w c:\programdata\NVIDIA
    2008-11-12 00:25 --------- d-----w c:\users\nicolas\AppData\Roaming\LimeWire
    2008-10-27 20:53 --------- d-----w c:\program files\Activision
    2008-10-25 14:39 --------- d-----w c:\users\nicolas\AppData\Roaming\Mumble
    2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-10-22 11:33 444,952 ----a-w c:\windows\System32\wrap_oal.dll
    2008-10-22 11:33 109,080 ----a-w c:\windows\System32\OpenAL32.dll
    2008-10-22 11:33 --------- d-----w c:\program files\OpenAL
    2008-10-20 12:11 --------- d-----w c:\users\nicolas\AppData\Roaming\Paltalk
    2008-10-20 12:11 --------- d-----w c:\program files\Paltalk Messenger
    2008-10-19 16:08 --------- d-----w c:\program files\PokerStars.NET
    2008-10-18 13:04 --------- d-----w c:\programdata\Media Center Programs
    2008-10-18 11:43 --------- d-----w c:\program files\GameSpy
    2008-10-18 11:39 669,184 ----a-w c:\windows\System32\pbsvc.exe
    2008-10-18 11:39 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-10-18 11:39 22,328 ----a-w c:\users\nicolas\AppData\Roaming\PnkBstrK.sys
    2008-10-18 11:39 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
    2008-10-17 23:12 --------- d-s---w c:\users\émilie\AppData\Roaming\Microsoft
    2008-10-17 23:11 --------- d-----w c:\programdata\Avg7
    2008-10-17 23:10 --------- d-----w c:\programdata\Grisoft
    2008-10-17 19:36 --------- d-----w c:\users\nicolas\AppData\Roaming\AVG7
    2008-10-17 18:59 --------- d-----w c:\programdata\Spybot - Search & Destroy
    2008-10-15 22:14 --------- d-----w c:\program files\Windows Mail
    2008-10-15 09:19 --------- d-----w c:\program files\PokerRewardsCalculator
    2008-10-15 09:18 --------- d-----w c:\program files\Image-Line
    2008-10-15 09:17 1,890 ----a-w c:\windows\System32\ealregsnapshot1.reg
    2008-10-14 17:56 --------- d-----w c:\program files\Common Files\InstallShield
    2008-10-14 17:53 --------- d--h--r c:\users\nicolas\AppData\Roaming\SecuROM
    2008-10-14 17:50 --------- d-----w c:\programdata\Electronic Arts
    2008-10-10 11:14 --------- d-----w c:\programdata\ma-config.com
    2008-10-10 11:14 --------- d-----w c:\program files\ma-config.com
    2008-10-08 14:43 --------- d-----w c:\program files\eMule
    2008-10-07 12:22 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
    2008-10-07 12:21 --------- d-----w c:\users\nicolas\AppData\Roaming\Disney Interactive Studios
    2008-10-07 12:05 --------- d-----w c:\program files\Disney Interactive Studios
    2008-10-07 12:02 --------- d-----w c:\program files\DAEMON Tools Lite
    2008-10-06 22:15 --------- d-----w c:\program files\Mumble
    2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-09-30 12:06 --------- d-----w c:\program files\Sony
    2008-09-30 11:37 --------- d-----w c:\users\nicolas\AppData\Roaming\dvdcss
    2008-09-28 13:00 --------- d-----w c:\users\nicolas\AppData\Roaming\Sony Corporation
    2008-09-28 12:53 --------- d-----w c:\programdata\Sony Corporation
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-09-06 18:11 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
    2008-08-31 12:07 56 ---ha-w c:\users\All Users\ezsidmv.dat
    2008-08-31 12:07 56 ---ha-w c:\programdata\ezsidmv.dat
    2008-08-27 22:14 174 --sha-w c:\program files\desktop.ini
    2008-08-27 19:13 82,432 ----a-w c:\windows\System32\axaltocm.dll
    2008-08-27 19:13 101,888 ----a-w c:\windows\System32\ifxcardm.dll
    2007-12-31 19:36 147,456 ----a-w c:\users\nicolas\vbzip10.dll
    2007-12-07 14:37 44 ----a-w c:\users\nicolas\addresses.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-27_10.47.12.77 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-11-27 09:42:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-11-27 09:42:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-11-27 09:43:20 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-11-27 12:18:32 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2008-11-27 08:51:32 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-11-27 09:42:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-11-27 08:51:32 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-11-27 09:42:42 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-11-27 08:51:32 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-11-27 09:42:42 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-26 02:27:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2008-11-27 12:15:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    - 2008-11-27 09:29:04 16,912 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3353809018-4188295010-4142484477-1000_UserData.bin
    + 2008-11-27 09:44:45 16,960 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3353809018-4188295010-4142484477-1000_UserData.bin
    - 2008-11-27 09:29:03 82,890 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-11-27 09:44:45 82,944 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Steam"="c:\program files\steam\steam.exe" [2008-11-16 1410296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\System32\msconfig.exe" [2008-01-19 227840]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

    [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "Logman"="c:\windows\System32\drivers\logman.exe" [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msacm.l3acm"= l3codecp.acm
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    "vidc.X264"= x264vfw.dll
    "msacm.l3codec"= l3codecp.acm

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    --a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-06-02 10:13 267048 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    --a------ 2006-12-01 13:37 4186112 c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{ED529C9F-5CB9-4A9B-890F-FAD69EB8621B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{46B144C2-E876-4240-BABC-37FCA70E5C54}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{5C9ECA7F-D381-4D76-8B45-25125C377193}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
    "UDP Query User{7158C179-D22E-4611-9A81-B7B25ED269A4}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
    "TCP Query User{F3B7E70C-8638-4F77-B70F-6DFD13CF7E8D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{C59C477A-463F-4C27-8548-4B4B88CE2235}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{DC12E3EB-123D-4300-AD80-81A1310A2B12}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{EBD28C76-4C6A-44A6-9597-36290089BD76}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{98BBC409-24E5-456A-91CC-15F2AB0EDDA8}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
    "UDP Query User{AF392EBB-2109-4B07-A7EB-3FF1DC3587FB}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
    "TCP Query User{75D5B769-E9B7-4ECD-A968-64F69140FEBD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{4072DE3E-2979-4014-99DB-9BCBA6691A2F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{E79107BB-D6D6-4B6D-8CA8-F951207431A1}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{9C8C1F2B-13AA-497A-B1A4-E70DFED2005A}e:\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:e:\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{4BFF0396-112C-4D87-962A-8441D316B35D}c:\\program files\\msn messenger\\livecall.exe"= UDP:c:\program files\msn messenger\livecall.exe:Windows Live Call
    "UDP Query User{203365B6-2ECE-4AB3-8699-DB4D9149D7CF}c:\\program files\\msn messenger\\livecall.exe"= TCP:c:\program files\msn messenger\livecall.exe:Windows Live Call
    "TCP Query User{CAB73677-1C09-4081-AD01-5300DB868A15}c:\\windows\\windl\\mirc.exe"= UDP:c:\windows\windl\mirc.exe:mIRC
    "UDP Query User{CC70295B-BB83-48E0-A17F-33D79BAA85BA}c:\\windows\\windl\\mirc.exe"= TCP:c:\windows\windl\mirc.exe:mIRC
    "TCP Query User{770B9900-1F8B-4214-BEED-FB29EA5111D5}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= UDP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{67EDDB4C-49C0-44B2-8E16-8B31F4B2E44E}e:\\steamapps\\metalguinness\\counter-strike\\hl.exe"= TCP:e:\steamapps\metalguinness\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{734020D3-36B2-462A-A38B-1A3F59C68578}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "UDP Query User{81075885-3713-42C7-9021-D3EB634014E6}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "{5DC4668A-157D-404D-99CE-C146A4541247}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{54990A40-A2E4-4CC3-8B06-7043FAE0079B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
    "{C60606B6-D970-4157-9D6A-88E78386B774}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "{2BF6CF69-373C-416C-B667-AE4195AF2BC7}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
    "TCP Query User{D8F15AAC-ACEC-4E4D-84D1-FF1CF7F6D7E3}c:\\program files\\disney interactive studios\\pure\\pure.exe"= UDP:c:\program files\disney interactive studios\pure\pure.exe:Pure
    "UDP Query User{3023AD3C-05BF-49E0-81D0-1BDF48814CEE}c:\\program files\\disney interactive studios\\pure\\pure.exe"= TCP:c:\program files\disney interactive studios\pure\pure.exe:Pure
    "{7B30449A-A6C0-49F0-8254-1FE93DD9C91A}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
    "{104FA4C2-D549-4E2F-BE38-C22972FA9765}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID
    "TCP Query User{51E0DAB1-CB45-4A8C-9D16-06A5CC1B2276}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
    "UDP Query User{E0F1FBA4-1DE9-406E-8307-576CFC0FB45D}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
    "TCP Query User{FDBB74F5-E568-4D53-84F6-F452328C1D54}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "UDP Query User{FB09D548-52A1-4BE5-922C-D19248E8A128}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "TCP Query User{813A3210-4E32-41F2-B867-454ED9E70AA9}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{9B9DE649-3A04-4CB1-B3A1-3D5951D4E70C}e:\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:e:\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{5F3654C7-4019-4EA7-90A5-65BBCEDF0D49}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{95743B52-55D0-4A8D-9D79-A477FF3103A3}c:\\program files\\steam\\steamapps\\rolex306\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\rolex306\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{D9BFE5F3-F090-42C0-BCC8-267C8FA6DCD1}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{3E906ACB-5E48-4138-B695-77AED847D04D}c:\\program files\\steam\\steamapps\\metalguinness\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\metalguinness\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{EDB04522-575C-4F0B-B2DB-7C4F78E1C150}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= UDP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
    "UDP Query User{B2D7216D-279B-4A90-992B-1B10FB288326}c:\\users\\nicolas\\documents\\logiciels telechargés\\wow-frfr-installer-downloader.exe"= TCP:c:\users\nicolas\documents\logiciels telechargés\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
    R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2007-06-18 4484]
    S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\system32\DRIVERS\CE6230StandaloneDriver.sys [2008-03-26 44800]
    S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\system32\DRIVERS\CE6230BDA.sys [2008-03-26 19328]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-11-05 28224]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2007-11-05 27072]
    S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-11-16 104944]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd6a743-93e8-11dd-93af-001a9219cb78}]
    \shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6662202f-79a8-11dd-9321-001a9219cb78}]
    \shell\AutoRun\command - D:\Launcher.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-21 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:18]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-27 13:18:34
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-11-27 13:19:46
    ComboFix-quarantined-files.txt 2008-11-27 12:19:44
    ComboFix2.txt 2008-11-26 02:37:10

    Avant-CF: 49,335,115,776 octets libres
    Après-CF: 49,302,212,608 octets libres

    292 --- E O F --- 2008-11-27 08:50:24
    0
  • 1
  • 2
  • 3