Bonjour, Je viens de découvrir ce Trojan "Win32.TrojanPWS.OnlineGames"sur mon PC Que me conseillez-vous. Quarantaine ou supprimEr comment éradiquer? Merci de votre aide

Donne un peu de details, ! D'habitude , je suis devin, mais ma boule de cristal est en réparation Donc sur quelle manip l'erreur 52, et as tu essayer de faire le reste?

Win32.TrojanPWS.OnlineGames

Réponse 41 / 51

wouah Messages postés 213 Statut Membre

Retour pour voir la casse!
En fait, j'avais cru lancer le scan avec Kaspersky mais en réalité il chargeait...voilà c'est fait c'est lancé, je pense qu'il y en a pour un petit moment
Désolé pour cette perte de temps mais je te tiens au courant dès que ça termine et te poste le rapport A+ tard

Réponse 42 / 51

wouah Messages postés 213 Statut Membre

Voilà ci-dessous et après plus de 4H le rapport de Kaspersky

SPERSKY ONLINE SCANNER 7 REPORT
Friday, December 5, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 05, 2008 11:42:31
Records in database: 1438448
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 325981
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 04:12:35

File name / Threat name / Threats count
C:\Users\Hervé\Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Users\Hervé\Downloads\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Windows\System32\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.

Réponse 43 / 51

noctambule28 Messages postés 35799 Date d'inscription Statut Webmaster Dernière intervention 2 858

ok

c'est bientot fini, normalement

Commence par télécharger ComboFix ici:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau.
Regardes ici, si tu souhaites te familiariser avec son utilisation:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse faire.

Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

/!\ Pendant toute la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme et ne surfe pas sur le net.

Réponse 44 / 51

wouah Messages postés 213 Statut Membre

Pas de redemarrage mais un rapport est sortit le voilà
ComboFix 08-12-05.02 - Hervé 2008-12-05 22:23:42.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1898 [GMT 1:00]
Lancé depuis: c:\users\Hervé\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-05 au 2008-12-05 ))))))))))))))))))))))))))))))))))))
.

2008-12-05 15:36 . 2008-12-05 15:36 <REP> d-------- c:\program files\Mozilla Firefox 3.1 Beta 1
2008-12-05 14:13 . 2008-12-05 14:13 <REP> d-------- c:\program files\Notepad++
2008-12-05 13:18 . 2008-12-05 13:18 <REP> d-------- c:\users\All Users\Software4u
2008-12-05 13:18 . 2008-12-05 13:18 <REP> d-------- c:\programdata\Software4u
2008-12-05 13:18 . 2008-12-05 13:18 15,821 --a------ c:\windows\System32\dummy019file
2008-12-05 13:17 . 2008-12-05 13:17 <REP> d-------- c:\program files\Micro Application
2008-12-05 10:24 . 2008-12-05 10:27 <REP> d-------- c:\program files\UsbFix
2008-12-05 10:02 . 2008-12-05 10:02 <REP> d-------- C:\rsit
2008-12-05 09:13 . 2008-12-05 09:13 5,748 --a------ C:\Internet Explorer.reg
2008-12-05 09:01 . 2008-12-05 09:01 <REP> d-------- c:\users\Hervé\Livestation
2008-12-05 09:01 . 2008-12-05 09:01 <REP> d-------- c:\users\Hervé\Livestation
2008-12-05 09:01 . 2008-12-05 09:01 <REP> d-------- c:\program files\OpenAL
2008-12-05 09:01 . 2008-12-05 09:01 <REP> d-------- c:\program files\Livestation
2008-12-04 17:24 . 2008-12-04 17:24 <REP> d-------- c:\program files\Seagrand
2008-12-04 16:43 . 2008-12-04 16:43 <REP> d-------- c:\program files\Ambient Design
2008-12-04 16:27 . 2008-12-04 16:27 <REP> dr------- c:\users\Admin bis\Searches
2008-12-04 16:27 . 2008-12-04 16:27 <REP> d-------- c:\users\Admin bis\AppData\Roaming\Spamihilator
2008-12-04 16:27 . 2008-12-04 16:27 <REP> d-------- c:\users\Admin bis\AppData\Roaming\Roxio
2008-12-04 16:27 . 2008-12-04 16:27 <REP> d-------- c:\users\Admin bis\AppData\Roaming\Nokia
2008-12-04 16:26 . 2008-12-04 16:27 <REP> dr------- c:\users\Admin bis\Videos
2008-12-04 16:26 . 2008-12-04 16:27 <REP> dr------- c:\users\Admin bis\Saved Games
2008-12-04 16:26 . 2008-12-04 16:27 <REP> dr------- c:\users\Admin bis\Pictures
2008-12-04 16:26 . 2008-12-04 16:27 <REP> dr------- c:\users\Admin bis\Music
2008-12-04 16:26 . 2008-12-04 16:27 <REP> dr------- c:\users\Admin bis\Links
2008-12-04 16:26 . 2008-12-04 16:27 <REP> dr------- c:\users\Admin bis\Downloads
2008-12-04 16:26 . 2008-12-04 16:27 <REP> dr------- c:\users\Admin bis\Documents
2008-12-04 16:26 . 2008-12-04 16:26 <REP> dr------- c:\users\Admin bis\Contacts
2008-12-04 16:26 . 2008-12-04 16:26 <REP> d-------- c:\users\Admin bis\AppData\Roaming\PC Suite
2008-12-04 16:26 . 2006-11-02 13:37 <REP> d-------- c:\users\Admin bis\AppData\Roaming\Media Center Programs
2008-12-04 16:26 . 2008-12-04 16:27 <REP> d--h----- c:\users\Admin bis\AppData
2008-12-04 16:26 . 2008-12-04 16:27 <REP> d-------- c:\users\Admin bis
2008-12-04 15:45 . 2008-12-04 15:45 <REP> d-------- c:\program files\Artweaver 0.5
2008-12-04 15:45 . 2008-12-04 15:45 <REP> d-------- c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\Artweaver
2008-12-04 09:04 . 2008-12-04 22:59 4,030 --a------ c:\windows\System32\tmp.reg
2008-12-04 09:03 . 2008-12-04 23:00 <REP> d-------- c:\windows\System32\SmitfraudFix
2008-12-04 09:03 . 2007-09-05 23:22 289,144 --a------ c:\windows\System32\VCCLSID.exe
2008-12-04 09:03 . 2006-04-27 16:49 288,417 --a------ c:\windows\System32\SrchSTS.exe
2008-12-04 09:03 . 2008-10-01 14:51 87,552 --a------ c:\windows\System32\VACFix.exe
2008-12-04 09:03 . 2008-11-29 17:58 82,944 --a------ c:\windows\System32\o4Patch.exe
2008-12-04 09:03 . 2008-05-18 20:40 82,944 --a------ c:\windows\System32\IEDFix.exe
2008-12-04 09:03 . 2008-11-29 17:58 82,944 --a------ c:\windows\System32\IEDFix.C.exe
2008-12-04 09:03 . 2008-08-18 11:19 82,432 --a------ c:\windows\System32\404Fix.exe
2008-12-04 09:03 . 2003-06-05 20:13 53,248 --a------ c:\windows\System32\Process.exe
2008-12-04 09:03 . 2004-07-31 17:50 51,200 --a------ c:\windows\System32\dumphive.exe
2008-12-04 09:03 . 2007-10-03 23:36 25,600 --a------ c:\windows\System32\WS2Fix.exe
2008-12-03 18:22 . 2008-12-03 18:22 <REP> d-------- c:\users\All Users\Malwarebytes
2008-12-03 18:22 . 2008-12-03 18:22 <REP> d-------- c:\programdata\Malwarebytes
2008-12-03 18:22 . 2008-12-05 11:59 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-03 18:22 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-03 18:22 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-03 14:23 . 2008-12-03 14:23 <REP> d-------- C:\MFT 17092
2008-12-03 14:14 . 2008-12-03 14:14 355,584 --a------ c:\windows\System32\TuneUpDefragService.exe
2008-12-03 14:14 . 2008-05-29 09:28 28,416 --a------ c:\windows\System32\uxtuneup.dll
2008-12-03 14:14 . 2008-05-29 09:28 16,640 --a------ c:\windows\System32\authuitu.dll
2008-12-03 14:13 . 2008-12-03 14:13 <REP> d-------- c:\users\All Users\TuneUp Software
2008-12-03 14:13 . 2008-12-03 14:13 <REP> d-------- c:\programdata\TuneUp Software
2008-12-03 14:13 . 2008-12-03 14:13 <REP> d-------- c:\program files\TuneUp Utilities 2008
2008-12-03 12:53 . 2008-12-03 12:53 <REP> d-------- c:\windows\System32\Kaspersky Lab
2008-12-03 12:48 . 2008-12-03 12:48 <REP> d-------- c:\windows\BDOSCAN8
2008-12-03 12:46 . 2008-12-03 12:46 507,904 --a------ c:\windows\TMUPDATE.DLL
2008-12-03 12:46 . 2008-12-03 12:46 286,720 --a------ c:\windows\PATCH.EXE
2008-12-03 12:46 . 2008-12-03 12:46 69,689 --a------ c:\windows\UNZIP.DLL
2008-12-02 14:21 . 2008-12-02 14:21 <REP> d-------- c:\program files\Trend Micro
2008-12-02 14:06 . 2008-12-02 14:06 <REP> d-------- c:\program files\Windows Live Safety Center
2008-11-28 14:23 . 2008-11-28 14:56 <REP> d-------- c:\program files\MSN Messenger
2008-11-28 09:49 . 2008-11-28 09:50 516,200,617 --a------ c:\windows\MEMORY.DMP
2008-11-26 04:29 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 04:29 . 2008-08-28 04:37 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 04:29 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 04:29 . 2008-08-28 04:37 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 04:29 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 13:56 . 2008-11-25 13:56 <REP> d-------- c:\program files\Veoh Networks
2008-11-25 09:25 . 2008-11-25 09:25 <REP> d-------- c:\program files\PTGui
2008-11-24 23:26 . 2008-11-24 23:26 13,758 --a------ c:\windows\System32\inspecs.htm
2008-11-20 15:46 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-20 15:46 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-20 15:46 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-20 15:46 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-20 15:46 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-20 15:46 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-20 15:46 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-20 15:46 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-20 15:46 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-17 18:43 . 2008-11-17 18:43 <REP> d-------- c:\program files\3DBoxShotMaker
2008-11-17 18:34 . 2008-11-17 18:34 <REP> d-------- c:\program files\Reveal 1.2
2008-11-17 18:34 . 2008-11-17 18:34 <REP> d-------- c:\program files\Presenter 0.9
2008-11-17 18:15 . 2008-11-17 18:15 <REP> d-------- c:\program files\Showcase
2008-11-17 18:08 . 2008-11-17 18:08 <REP> d-------- c:\program files\Album Shaper 2.1
2008-11-17 17:34 . 2008-11-17 17:34 <REP> d-------- c:\program files\Easy Real Converter
2008-11-15 13:27 . 2008-11-15 13:52 <REP> d-------- c:\users\Hervé\Tracing
2008-11-15 13:27 . 2008-11-15 13:52 <REP> d-------- c:\users\Hervé\Tracing
2008-11-15 13:16 . 2008-11-16 18:16 <REP> d-------- c:\program files\Microsoft
2008-11-15 13:11 . 2008-11-15 13:11 <REP> d-------- c:\program files\Common Files\Windows Live
2008-11-14 12:13 . 2008-11-14 12:13 <REP> d-------- c:\program files\Blender Foundation
2008-11-14 08:37 . 2008-11-16 18:18 <REP> d-------- c:\users\Hervé\AnaBuilder
2008-11-14 08:37 . 2008-11-16 18:18 <REP> d-------- c:\users\Hervé\AnaBuilder
2008-11-14 08:37 . 2008-11-14 08:37 <REP> d-------- c:\users\Hervé\5289.tmp
2008-11-14 08:37 . 2008-11-14 08:37 <REP> d-------- c:\users\Hervé\5289.tmp
2008-11-14 00:22 . 2008-11-14 00:22 <REP> d-------- c:\program files\LooxisView_scr
2008-11-13 23:43 . 2008-11-16 18:16 <REP> d-------- c:\program files\LOOXISView
2008-11-13 23:38 . 2008-11-13 23:38 <REP> d-------- C:\LOOXIS
2008-11-13 19:25 . 2008-11-16 18:16 <REP> d-------- c:\program files\Callipygian 3D
2008-11-13 16:45 . 2008-11-13 16:45 <REP> d-------- c:\program files\Singular Inversions
2008-11-13 15:19 . 2008-11-13 15:19 <REP> d-------- c:\program files\Virtools
2008-11-11 19:29 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 19:29 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 19:29 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 13:20 . 2008-11-11 13:20 <REP> d-------- c:\users\Invité\AppData\Roaming\PC Suite
2008-11-11 13:20 . 2008-11-11 13:20 <REP> d-------- c:\users\Invité\AppData\Roaming\Nokia
2008-11-08 00:48 . 2008-08-26 10:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-11-08 00:46 . 2008-11-08 00:48 <REP> d----c--- c:\windows\System32\DRVSTORE
2008-11-06 10:22 . 2008-11-06 18:47 <REP> d-------- c:\program files\NiiMe
2008-11-05 17:24 . 2008-11-05 17:23 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-05 10:14 . 2008-11-05 10:14 <REP> d-------- c:\users\Hervé\.eclipse
2008-11-05 10:14 . 2008-11-05 10:14 <REP> d-------- c:\users\Hervé\.eclipse

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 21:27 8,912,896 --sha-w c:\users\Hervé\ntuser.dat
2008-12-05 21:27 8,912,896 --sha-w c:\users\Hervé\ntuser.dat
2008-12-05 21:23 1,835,008 --sha-w c:\users\Invité\ntuser.dat
2008-12-05 21:23 1,835,008 --sha-w c:\users\Invité\ntuser.dat
2008-12-05 14:35 --------- d-----w c:\programdata\Google Updater
2008-12-05 08:01 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2008-12-05 08:01 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-04 00:56 --------- d-----w c:\program files\Google
2008-12-03 15:46 --------- d-----w c:\programdata\NVIDIA
2008-12-03 13:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-03 08:01 --------- d-----w c:\program files\IncrediMail
2008-12-02 11:13 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-12-02 11:13 --------- d-----w c:\program files\Intuisphere
2008-11-26 17:17 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-21 11:04 --------- d-----w c:\program files\Gimp-2.0
2008-11-16 17:16 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-16 17:16 --------- d-----w c:\programdata\Microsoft Help
2008-11-16 17:16 --------- d-----w c:\program files\Windows Mail
2008-11-16 17:16 --------- d-----w c:\program files\Windows Live
2008-11-16 17:16 --------- d-----w c:\program files\SummaWinPlot
2008-11-16 16:56 --------- d-----w c:\program files\Templates
2008-11-16 14:23 --------- d-----w c:\programdata\Roxio
2008-11-15 11:57 --------- d-----w c:\programdata\WLInstaller
2008-11-11 12:20 --------- d-----w c:\users\Invité\AppData\Roaming\Spamihilator
2008-11-11 12:20 --------- d-----w c:\users\Invité\AppData\Roaming\PC Suite
2008-11-11 12:20 --------- d-----w c:\users\Invité\AppData\Roaming\Nokia
2008-11-08 00:54 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-07 23:48 --------- d-----w c:\program files\DIFX
2008-11-07 23:46 --------- d-----w c:\program files\Nokia
2008-11-05 16:23 --------- d-----w c:\program files\Java
2008-11-05 08:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 19:26 --------- d-----w c:\program files\Mobiola Web Camera 2 for S60 2nd Edition
2008-11-02 12:38 --------- d-----w c:\program files\IrfanView
2008-11-02 12:23 --------- d-----w c:\programdata\DassaultSystemes
2008-11-02 12:22 --------- d-----w c:\program files\Dassault Systemes
2008-11-02 12:17 --------- d-----w c:\program files\Virtual Earth 3D
2008-10-31 19:06 --------- d-----w c:\program files\GPSed Photo
2008-10-31 17:24 --------- d-----w c:\program files\Earth Bridge
2008-10-31 10:44 --------- d-----w c:\program files\Hybrid GeoTools
2008-10-31 08:29 --------- d-----w c:\program files\TrackMaker
2008-10-31 08:24 --------- d-----w c:\program files\gMapMaker
2008-10-28 22:18 --------- d-----w c:\programdata\PanaVue
2008-10-26 18:16 --------- d-----w c:\program files\3D Flash Animator 4 Release 5
2008-10-26 11:43 --------- d-----w c:\program files\Petank Party
2008-10-20 07:59 --------- d-----w c:\program files\Common Files\Nokia
2008-10-20 07:59 --------- d-----w c:\program files\Common Files\muvee Technologies
2008-10-18 17:04 --------- d-----w c:\program files\Microsoft Research
2008-10-18 17:00 --------- d-----w c:\program files\RegCleaner
2008-10-18 16:08 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 16:54 --------- d-----w c:\program files\Object2VR
2008-10-15 10:33 --------- d-----w c:\program files\PanoramaStudio
2008-10-14 07:31 --------- d-----w c:\programdata\WinZip
2008-10-10 10:24 --------- d-----w c:\program files\FileZilla FTP Client
2008-10-07 16:35 --------- d-----w c:\program files\Easypano
2008-10-07 11:52 --------- d-----w c:\program files\Maïdo Production
2008-10-07 11:43 --------- d-----w c:\program files\Nvu
2008-10-05 21:47 --------- d-----w c:\programdata\Apple Computer
2008-10-05 21:30 --------- d-----w c:\program files\QuickTime
2008-10-05 21:30 --------- d-----w c:\program files\Common Files\Apple
2008-10-05 13:39 --------- d-----w c:\programdata\Apple
2008-10-05 13:39 --------- d-----w c:\program files\Apple Software Update
2008-10-05 13:13 --------- d-----w c:\program files\Sony
2008-10-05 13:09 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-05 11:54 --------- d-----w c:\program files\PicLensIE
2008-10-05 07:39 --------- d-----w c:\program files\PMVR
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-27 12:38 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-09-22 06:56 1,936,384 ----a-w c:\windows\System32\WPanorama.scr
2008-09-19 18:45 2,257,968 ----a-w c:\program files\ICE.exe
2008-09-19 18:45 105,520 ----a-w c:\program files\ShellExtension.dll
2008-09-18 23:27 71,221 ----a-w c:\program files\EULA_32.rtf
2008-09-18 22:42 73,732 ----a-w c:\program files\ReadMe.rtf
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-16 00:12 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-05 15:04 288,768 ----a-w c:\windows\WLXPGSS.SCR
2008-06-26 19:38 2,788,800 ----a-w c:\program files\FLV PlayerFCSetup.exe
2008-06-26 19:37 7,710,016 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2008-06-26 19:36 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
2008-06-22 01:23 174 --sha-w c:\program files\desktop.ini
2008-06-20 19:37 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-06-20 19:37 56 ---ha-w c:\programdata\ezsidmv.dat
2008-06-02 17:11 13 ---h--w c:\users\All Users\1ÌØ13.sys
2008-06-02 17:11 13 ---h--w c:\programdata\1ÌØ13.sys
2008-04-29 10:46 32 ----a-w c:\users\All Users\ezsid.dat
2008-04-29 10:46 32 ----a-w c:\programdata\ezsid.dat
2008-03-09 10:23 6,604 ----a-w c:\program files\Uninstall.dat
2008-03-09 10:23 163,840 ----a-w c:\program files\Uninstall.exe
2002-08-01 16:33 17,384 ----a-w c:\program files\Install instructions.rtf
2002-08-01 16:20 7,618 ----a-w c:\program files\License.rtf
2002-08-01 16:18 135 ----a-w c:\program files\EasyDivX web.url
2002-08-01 15:51 9,472 ----a-w c:\program files\Disclamer.rtf
2002-07-26 15:02 153,088 ----a-w c:\program files\UNWISE.EXE
2002-07-03 21:14 1,586,688 ----a-w c:\program files\EasyDivX_082.exe
2002-06-26 20:00 196,608 ----a-w c:\program files\mpeg2avi.dll
2008-04-28 16:22 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-28 16:22 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-28 16:22 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll
2008-02-20 12:00 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022020080221\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-11-09 243072]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-19 68856]
"Google Update"="c:\users\Hervé\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-08-29 133104]
"Livestation"="c:\program files\Livestation\Livestation.exe" [2008-11-11 2019328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-24 29744]
"ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-05 136600]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-04-21 1081856]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2008-03-21 94208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-12-03 1265296]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-25 113664]
D‚marrage d'Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-11-18 51984]
Run Google Web Accelerator.lnk - c:\program files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"3DBoxShot"=c:\progra~1\3DBOXS~1\3DBoxShot.exe
"MSPService"=c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
"PCLEUSBTip"=c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
"PinnacleDriverCheck"=c:\windows\system32\\PSDrvCheck.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"toolbar_eula_launcher"=c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{145E8B3E-91A3-4F6E-8CFB-4E499FDC9EFF}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{F5382C1B-FB9F-44E9-8212-174F70ADA29E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9CD872E7-6613-4DE5-A31C-E4EDFC5FB068}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{2F864C28-E418-410D-879D-46734F3D4072}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FF2B4C26-2E13-49EC-8F8A-C5C5A3EA8EDD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{469C2A30-67E1-42A3-A27D-6E54124F74D4}c:\\program files\\spamihilator\\dccproc.exe"= UDP:c:\program files\spamihilator\dccproc.exe:dccproc
"UDP Query User{3184FE9B-1933-4203-8667-130C6383665A}c:\\program files\\spamihilator\\dccproc.exe"= TCP:c:\program files\spamihilator\dccproc.exe:dccproc
"TCP Query User{5B8AEA98-132E-4D0F-83AC-6BC4FCB87B5C}c:\\program files\\i-voyager\\scol.exe"= UDP:c:\program files\i-voyager\scol.exe:scol
"UDP Query User{77B7BF7C-18A7-48D9-816B-18A445BA490B}c:\\program files\\i-voyager\\scol.exe"= TCP:c:\program files\i-voyager\scol.exe:scol
"TCP Query User{3BBE6A2C-E54E-413F-8EA4-708715D8858A}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"UDP Query User{25A50A98-6A50-48A3-AA48-DC3654991809}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"TCP Query User{E155DC5F-EAE6-43EC-AE4E-46A1AD07A5FF}c:\\magkit\\magkit.exe"= UDP:c:\magkit\magkit.exe:magkit
"UDP Query User{0B994F32-AF8F-465C-AFEB-DACFAD8A64C0}c:\\magkit\\magkit.exe"= TCP:c:\magkit\magkit.exe:magkit
"TCP Query User{C74D1E14-C703-41EB-9810-91836B246F4D}c:\\magkit\\version.exe"= UDP:c:\magkit\version.exe:version
"UDP Query User{DF57CB1C-8961-42EB-9085-6692DFD433CE}c:\\magkit\\version.exe"= TCP:c:\magkit\version.exe:version
"TCP Query User{9655CD68-A534-429A-B03F-BFCFFA3F2F4A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{43FAB261-4C24-4212-A493-5AB2F1477129}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{5DF6EA16-EB0A-4A28-A58B-B0E2B6C458FD}"= UDP:c:\program files\EasyPHP 2.0b1\EasyPHP.exe:EasyPHP
"{0E6BCDFF-819A-4B41-97C7-2FF180AC900D}"= TCP:c:\program files\EasyPHP 2.0b1\EasyPHP.exe:EasyPHP
"{BC89593F-5EBC-4229-B83D-04E29E5C1A13}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{3E4CEAEC-183A-455E-B7E8-DDEE66B1578A}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{13A9286C-DBC0-48EC-B9A2-7C07143A8639}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{97D12F8D-2AE5-4E26-9F45-826762285E98}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{20F295FC-4253-4F13-9191-36DA53570A59}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{AA8B4E2D-5F73-4A5C-9D28-2CF6028B1826}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{F903E54D-BDCF-4A79-8C31-F3AA9DDD8706}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{CC05C1BC-5057-4A5D-A443-9924BA080691}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{4193FAEE-2A01-496C-A5A9-A4253B698703}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{F4715619-9E7F-447D-B15F-6554B2C1C7AE}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{E9BDCD17-336F-4550-B434-6A27D105AC61}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{8951AB7B-AF44-4830-96E1-38F9A08F3617}c:\\program files\\simplecenter\\home media server.exe"= UDP:c:\program files\simplecenter\home media server.exe:Home Media Server
"UDP Query User{AAADCCAF-5B98-4AFB-B743-881296449529}c:\\program files\\simplecenter\\home media server.exe"= TCP:c:\program files\simplecenter\home media server.exe:Home Media Server
"{B21F39A3-78F2-4B4E-8445-0740C0197CB5}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{450FD050-EA9D-4996-B2EC-C156091A9D39}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{215DDA2F-1A25-4DB0-BC5C-FFF1C47F0563}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{0DC1335B-9D5F-4B43-A97C-4F90FDA07A1D}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DB393EAE-1F65-47EE-BBFE-2D5A20B2F746}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{F26F5689-B326-4FB0-8A65-34C46090E67A}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{D523FD62-BF89-43EE-89C8-FBB4256D30FC}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{55BDC0E1-747A-45F1-B984-D3151039CAEF}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{316E541B-2ACB-410D-BEB7-7269041B9750}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{4A96334B-C326-475E-8EC0-7FC0D6EA9601}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{ACFA2136-2190-4619-8996-B74CA29929F6}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{2BF30254-6CE0-4082-A272-326989813E81}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{CABCD0D2-F23C-4C26-B2E2-F5D1FA5F699B}c:\\program files\\bitdownload\\bitdownload.exe"= UDP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"UDP Query User{3755CED0-6475-40A5-8A7C-D5D939765EE4}c:\\program files\\bitdownload\\bitdownload.exe"= TCP:c:\program files\bitdownload\bitdownload.exe:BitDownload
"TCP Query User{5E8B8D0B-3D92-47AA-8255-1CAACBF8370B}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{F2A1423E-5E4A-4E1B-BD07-9C7D27CEA9E8}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{6035F78F-CE24-4416-8836-92A7D2B41A47}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{1FD54814-7B4A-421F-A51E-3075B84D3A26}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{ABD23E68-2109-4CF7-A22B-7F7D60C4221B}c:\\program files\\simplecenter\\simplecenter.exe"= UDP:c:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server
"UDP Query User{3712C506-73CC-4EE2-AEB9-6BA0DA026662}c:\\program files\\simplecenter\\simplecenter.exe"= TCP:c:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server
"{E6D47256-24A7-4082-9EA6-A3DD0527D372}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{F4A223BB-27AA-4631-BA69-BD0A14E47BD7}c:\\program files\\nokia\\carbide.ui theme edition 3.2.1.0\\jre\\bin\\javaw.exe"= UDP:c:\program files\nokia\carbide.ui theme edition 3.2.1.0\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{1EC3ABFA-A25D-4EEC-9CB6-50245A45B58A}c:\\program files\\nokia\\carbide.ui theme edition 3.2.1.0\\jre\\bin\\javaw.exe"= TCP:c:\program files\nokia\carbide.ui theme edition 3.2.1.0\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"{FCB19D0B-6E9B-4BC2-87AA-9848F92EDD62}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{0FA6247A-8243-499A-90A7-0F9D120D4E53}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{0AEDE777-C7C8-4011-83AE-3405EEB081C0}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{1ED5C350-817F-4FDD-AB10-772FB6AE4859}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{F7538C28-F860-4C1C-8D70-FDFFB44B10AE}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{05D21C1A-36DA-4FA8-B287-007DE64B69FC}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5C0CCAF4-CDEC-4243-8E4B-87EAA94BB42C}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{CC6E39D8-169F-48B3-826A-A2BB38DCB6B6}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-02 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-02-20 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-09-06 809296]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2008-02-19 402432]
S2 gupdate1c8f8133df8398;Google Update Service (gupdate1c8f8133df8398);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-08-06 133104]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-18 29744]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08a1f6e9-dfa1-11dc-b3b8-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-12-05 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

2008-12-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 15:23]

2008-12-05 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Herv []

2008-12-05 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]

2008-12-05 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

2008-12-05 c:\windows\Tasks\User_Feed_Synchronization-{DC42960F-B471-44B6-9495-8C13868EA61C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 22:27:28
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-05 22:28:48
ComboFix-quarantined-files.txt 2008-12-05 21:28:45

Avant-CF: 294 268 293 120 octets libres
Après-CF: 294,384,848,896 octets libres

401 --- E O F --- 2008-12-05 04:14:05

Réponse 45 / 51

noctambule28 Messages postés 35799 Date d'inscription Statut Webmaster Dernière intervention 2 858

OK!
Je regarde ça, c'est un peu long...et je te dis quoi faire ( demain, je pense pas ce soir )
@+

Réponse 46 / 51

wouah Messages postés 213 Statut Membre

OK un grand merci bonne soirée.

Réponse 47 / 51

noctambule28 Messages postés 35799 Date d'inscription Statut Webmaster Dernière intervention 2 858

Re,

en premier lieu, et le reste viendre au fur et à mesure

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier :
c:\windows\System32\inspecs.htm
Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

idem pour
c:\programdata\1ÌØ13.sys

Option 1 recherche

Télécharge LOP S&D d'Eric71
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation.
* Puis double-clique sur le raccourci LOP S&D présent sur ton Bureau.
* Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
* Patiente jusqu'à la fin du scan.
* Poste le rapport généré (situé aussi ici C:\lopR.txt )

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.fr

Réponse 48 / 51

wouah Messages postés 213 Statut Membre

Salut, voilà les 2 rapports Virustotal et je fait le scan que tu me demande maintenant
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.6.0 2008.12.06 -
AntiVir 7.9.0.42 2008.12.05 -
Authentium 5.1.0.4 2008.12.06 -
Avast 4.8.1281.0 2008.12.06 -
AVG 8.0.0.199 2008.12.05 -
BitDefender 7.2 2008.12.06 -
CAT-QuickHeal 10.00 2008.12.06 -
ClamAV 0.94.1 2008.12.06 -
Comodo 692 2008.12.05 -
DrWeb 4.44.0.09170 2008.12.06 -
eSafe 7.0.17.0 2008.12.04 -
eTrust-Vet 31.6.6246 2008.12.05 -
Ewido 4.0 2008.12.05 -
F-Prot 4.4.4.56 2008.12.04 -
F-Secure 8.0.14332.0 2008.12.06 -
Fortinet 3.117.0.0 2008.12.06 -
GData 19 2008.12.06 -
Ikarus T3.1.1.45.0 2008.12.06 -
K7AntiVirus 7.10.545 2008.12.05 -
Kaspersky 7.0.0.125 2008.12.06 -
McAfee 5455 2008.12.05 -
McAfee+Artemis 5455 2008.12.05 -
Microsoft 1.4205 2008.12.06 -
NOD32 3668 2008.12.06 -
Norman 5.80.02 2008.12.05 -
Panda 9.0.0.4 2008.12.05 -
PCTools 4.4.2.0 2008.12.05 -
Prevx1 V2 2008.12.06 -
Rising 21.06.51.00 2008.12.06 -
SecureWeb-Gateway 6.7.6 2008.12.06 -
Sophos 4.36.0 2008.12.06 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.06 -
TheHacker 6.3.1.2.178 2008.12.06 -
TrendMicro 8.700.0.1004 2008.12.05 -
VBA32 3.12.8.10 2008.12.05 -
ViRobot 2008.12.6.1503 2008.12.06 -
VirusBuster 4.5.11.0 2008.12.05 -
Information additionnelle
File size: 13758 bytes
MD5...: 2de19d4b8b8768737ca9a6d8ab0d2966
SHA1..: 8f2919be5d13a88fc356eec1750a2c1aa7a7ca4e
SHA256: 44b42df7cf45fa4847b8ec156279f3fd7e0ef27309ee556d07848ba1f0c9741c
SHA512: 6548849a6d942bf697b4005a75e97037fce5997fe330423aad4204c25c0999bc
1a29c8b8eb58a8dcc8c4f81011612e54e8c3c27d9cf66851c8fed8cbf0972680

ssdeep: 384:98i9+Tw+q+Ut+eNe+DADgwcZwcPbpeSfuQENm:pRE3rSfuQEE

PEiD..: -
TrID..: File type identification
file seems to be plain text/ASCII (0.0%)
PEInfo: -

2ème RAPPORT

Fichier 1____13.sys reçu le 2008.12.06 10:02:06 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.6.0 2008.12.06 -
AntiVir 7.9.0.42 2008.12.05 -
Authentium 5.1.0.4 2008.12.06 -
Avast 4.8.1281.0 2008.12.06 -
AVG 8.0.0.199 2008.12.05 -
BitDefender 7.2 2008.12.06 -
CAT-QuickHeal 10.00 2008.12.06 -
ClamAV 0.94.1 2008.12.06 -
Comodo 692 2008.12.05 -
DrWeb 4.44.0.09170 2008.12.06 -
eSafe 7.0.17.0 2008.12.04 -
eTrust-Vet 31.6.6246 2008.12.05 -
Ewido 4.0 2008.12.05 -
F-Prot 4.4.4.56 2008.12.04 -
F-Secure 8.0.14332.0 2008.12.06 -
Fortinet 3.117.0.0 2008.12.06 -
GData 19 2008.12.06 -
Ikarus T3.1.1.45.0 2008.12.06 -
K7AntiVirus 7.10.545 2008.12.05 -
Kaspersky 7.0.0.125 2008.12.06 -
McAfee 5455 2008.12.05 -
McAfee+Artemis 5455 2008.12.05 -
Microsoft 1.4205 2008.12.06 -
NOD32 3668 2008.12.06 -
Norman 5.80.02 2008.12.05 -
Panda 9.0.0.4 2008.12.05 -
PCTools 4.4.2.0 2008.12.05 -
Prevx1 V2 2008.12.06 -
Rising 21.06.51.00 2008.12.06 -
SecureWeb-Gateway 6.7.6 2008.12.06 -
Sophos 4.36.0 2008.12.06 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.06 -
TheHacker 6.3.1.2.178 2008.12.06 -
TrendMicro 8.700.0.1004 2008.12.05 -
VBA32 3.12.8.10 2008.12.05 -
ViRobot 2008.12.6.1503 2008.12.06 -
VirusBuster 4.5.11.0 2008.12.05 -

Information additionnelle
File size: 13 bytes
MD5...: 85b977956a03592f900228220063c2e6
SHA1..: abe0120d90c56ea9b17430220295f0d450f19d42
SHA256: 58c7a12a860c900d3b4b65d1546be229f7ba50f7a922169b2375c22a624ddb39
SHA512: 0d4f673b8096fabf1d214cdbe5133b8c06fdffbd3ea7cc199e498c9779dba75c<BR>f5040db0c138b070f2ce0cc77d1384782e08f98b824ece3ebe45cc34a068c5b9<BR>
ssdeep: 3:Wtln:WX<BR>
PEiD..: -
TrID..: File type identification<BR>Unknown!
PEInfo: -

Réponse 49 / 51

wouah Messages postés 213 Statut Membre

Et voilà la suite

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Hervé ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081202-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:457 Go (Free:273 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 06/12/2008|10:32 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[06/11/2008|10:49] C:\Users\HERV~1\AppData\Local\.mpid
[23/02/2008|15:07] C:\Users\HERV~1\AppData\Local\Adobe
[17/11/2008|18:15] C:\Users\HERV~1\AppData\Local\Album Shaper
[29/02/2008|10:10] C:\Users\HERV~1\AppData\Local\Apple
[22/03/2008|15:43] C:\Users\HERV~1\AppData\Local\Apple Computer
[20/02/2008|12:04] C:\Users\HERV~1\AppData\Local\Application Data
[03/12/2008|08:19] C:\Users\HERV~1\AppData\Local\ApplicationHistory
[17/05/2008|20:54] C:\Users\HERV~1\AppData\Local\Apps
[01/08/2008|21:59] C:\Users\HERV~1\AppData\Local\BVRP Software
[02/10/2008|20:34] C:\Users\HERV~1\AppData\Local\Cooliris
[08/09/2008|07:01] C:\Users\HERV~1\AppData\Local\cooliris-win-iemin-release-1.8.0.4272.msi
[02/10/2008|19:03] C:\Users\HERV~1\AppData\Local\cooliris-win-iemin-release-1.8.2.4689.msi
[04/10/2008|09:42] C:\Users\HERV~1\AppData\Local\cooliris-win-iemin-release-1.8.3.14080.msi
[20/02/2008|23:57] C:\Users\HERV~1\AppData\Local\CyberLink
[17/11/2008|10:23] C:\Users\HERV~1\AppData\Local\d3d9caps.dat
[02/11/2008|13:23] C:\Users\HERV~1\AppData\Local\DassaultSystemes
[03/12/2008|14:17] C:\Users\HERV~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[31/10/2008|09:29] C:\Users\HERV~1\AppData\Local\Downloaded Installations
[07/08/2008|23:10] C:\Users\HERV~1\AppData\Local\eMule
[20/02/2008|12:12] C:\Users\HERV~1\AppData\Local\fusioncache.dat
[20/10/2008|09:04] C:\Users\HERV~1\AppData\Local\GDIPFONTCACHEV1.DAT
[01/11/2008|18:38] C:\Users\HERV~1\AppData\Local\gMapMaker
[06/12/2008|00:05] C:\Users\HERV~1\AppData\Local\Google
[20/02/2008|12:04] C:\Users\HERV~1\AppData\Local\Historique
[06/12/2008|00:03] C:\Users\HERV~1\AppData\Local\IconCache.db
[25/05/2008|09:23] C:\Users\HERV~1\AppData\Local\IM
[02/11/2008|13:24] C:\Users\HERV~1\AppData\Local\IsolatedStorage
[20/02/2008|23:57] C:\Users\HERV~1\AppData\Local\MagicSports
[31/10/2008|18:27] C:\Users\HERV~1\AppData\Local\MBoffin.com
[05/10/2008|14:10] C:\Users\HERV~1\AppData\Local\Microsoft
[23/05/2008|22:00] C:\Users\HERV~1\AppData\Local\Microsoft Games
[07/04/2008|20:01] C:\Users\HERV~1\AppData\Local\Microsoft Help
[02/12/2008|12:05] C:\Users\HERV~1\AppData\Local\MigWiz
[20/02/2008|12:42] C:\Users\HERV~1\AppData\Local\Mozilla
[20/10/2008|09:01] C:\Users\HERV~1\AppData\Local\Nokia
[21/02/2008|00:10] C:\Users\HERV~1\AppData\Local\Packard Bell
[28/10/2008|23:20] C:\Users\HERV~1\AppData\Local\PanaVue
[20/08/2008|07:57] C:\Users\HERV~1\AppData\Local\piclens-win-iemin-release-1.7.1.3938.msi
[20/02/2008|23:57] C:\Users\HERV~1\AppData\Local\PowerCinema
[17/11/2008|18:40] C:\Users\HERV~1\AppData\Local\Presenter
[17/11/2008|18:36] C:\Users\HERV~1\AppData\Local\Reveal
[06/12/2008|10:31] C:\Users\HERV~1\AppData\Local\Temp
[20/02/2008|12:04] C:\Users\HERV~1\AppData\Local\Temporary Internet Files
[22/04/2008|22:50] C:\Users\HERV~1\AppData\Local\Thunderbird
[13/11/2008|15:20] C:\Users\HERV~1\AppData\Local\Virtools
[20/02/2008|12:12] C:\Users\HERV~1\AppData\Local\VirtualStore
[07/08/2008|22:31] C:\Users\HERV~1\AppData\Local\Winamp Toolbar
[07/08/2008|22:42] C:\Users\HERV~1\AppData\Local\Wyzo
[31/03/2008|14:29] C:\Users\HERV~1\AppData\Local\zoomorama

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[06/12/2008 10:00][--a------] C:\Windows\tasks\Maintenance en 1 clic.job
[06/12/2008 04:18][--a------] C:\Windows\tasks\GoogleUpdateTaskUser.job
[06/12/2008 04:18][--a------] C:\Windows\tasks\GoogleUpdateTaskMachine.job
[06/12/2008 10:22][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{DC42960F-B471-44B6-9495-8C13868EA61C}.job
[06/12/2008 10:30][--a------] C:\Windows\tasks\Extension de garantie.job
[06/12/2008 10:30][--a------] C:\Windows\tasks\Recovery DVD Creator.job
[06/12/2008 00:05][--ah-----] C:\Windows\tasks\SA.DAT
[06/12/2008 00:03][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[18/12/2007|13:21] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[02/06/2008|18:11] C:\ProgramData\1Þ13.sys
[30/09/2008|16:29] C:\ProgramData\3D3
[29/09/2008|18:36] C:\ProgramData\Adobe
[05/04/2008|09:36] C:\ProgramData\AppData
[05/10/2008|14:39] C:\ProgramData\Apple
[05/10/2008|22:47] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[16/02/2008|17:51] C:\ProgramData\Bureau
[01/08/2008|22:31] C:\ProgramData\BVRP Software
[01/10/2008|11:17] C:\ProgramData\CyberLink
[02/11/2008|13:23] C:\ProgramData\DassaultSystemes
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[06/03/2008|21:37] C:\ProgramData\DVD Shrink
[21/04/2008|00:23] C:\ProgramData\eBay
[07/08/2008|23:12] C:\ProgramData\eMule
[27/02/2008|20:22] C:\ProgramData\EPSON
[29/04/2008|11:46] C:\ProgramData\ezsid.dat
[20/06/2008|20:37] C:\ProgramData\ezsidmv.dat
[16/02/2008|17:51] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[18/11/2008|09:39] C:\ProgramData\Google
[05/12/2008|15:35] C:\ProgramData\Google Updater
[19/02/2008|17:14] C:\ProgramData\IM
[19/02/2008|17:12] C:\ProgramData\IncrediMail
[30/09/2008|16:52] C:\ProgramData\Installations
[18/12/2007|13:12] C:\ProgramData\InstallShield
[19/04/2008|20:45] C:\ProgramData\Lauyan
[29/07/2008|07:51] C:\ProgramData\Lavasoft
[03/12/2008|18:22] C:\ProgramData\Malwarebytes
[16/02/2008|17:51] C:\ProgramData\Menu D‚marrer
[15/11/2008|13:10] C:\ProgramData\Microsoft
[16/11/2008|18:16] C:\ProgramData\Microsoft Help
[16/02/2008|17:51] C:\ProgramData\ModŠles
[01/08/2008|23:53] C:\ProgramData\Nokia
[03/12/2008|16:46] C:\ProgramData\NVIDIA
[07/08/2008|22:28] C:\ProgramData\OrbNetworks
[28/10/2008|23:18] C:\ProgramData\PanaVue
[02/08/2008|00:17] C:\ProgramData\PC Suite
[22/06/2008|20:13] C:\ProgramData\Pinnacle
[23/06/2008|22:53] C:\ProgramData\Pinnacle Studio
[06/03/2008|18:18] C:\ProgramData\Propellerhead Software
[16/11/2008|15:23] C:\ProgramData\Roxio
[01/08/2008|22:44] C:\ProgramData\RTE
[30/09/2008|16:05] C:\ProgramData\Screaming Bee
[19/02/2008|18:06] C:\ProgramData\Skyline
[29/04/2008|14:43] C:\ProgramData\Skype
[01/10/2008|11:25] C:\ProgramData\SmartSound Software Inc
[05/12/2008|13:18] C:\ProgramData\Software4u
[18/12/2007|13:11] C:\ProgramData\Sonic
[02/12/2008|12:13] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:02] C:\ProgramData\Start Menu
[20/02/2008|19:15] C:\ProgramData\Symantec
[19/02/2008|11:17] C:\ProgramData\Symantec(319)
[03/08/2008|21:31] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[03/12/2008|14:13] C:\ProgramData\TuneUp Software
[07/08/2008|22:29] C:\ProgramData\Winamp Toolbar
[28/07/2008|12:58] C:\ProgramData\WindowsSearch
[14/10/2008|08:31] C:\ProgramData\WinZip
[15/11/2008|12:57] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[04/03/2008|12:32] C:\Program Files\[webwiz]
[28/09/2008|12:00] C:\Program Files\360 Degrees of Freedom
[26/10/2008|19:16] C:\Program Files\3D Flash Animator 4 Release 5
[17/11/2008|18:43] C:\Program Files\3DBoxShotMaker
[06/09/2008|12:59] C:\Program Files\7-Zip
[18/12/2007|13:20] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[01/08/2008|23:51] C:\Program Files\Adobe
[23/06/2008|20:49] C:\Program Files\AdorageI-GfxDatas
[22/06/2008|20:03] C:\Program Files\AdorageI-SAL
[17/11/2008|18:08] C:\Program Files\Album Shaper 2.1
[17/02/2008|12:02] C:\Program Files\Alwil Software
[04/12/2008|16:43] C:\Program Files\Ambient Design
[06/04/2008|18:07] C:\Program Files\Anark
[05/10/2008|14:39] C:\Program Files\Apple Software Update
[25/04/2008|21:38] C:\Program Files\ArtOfIllusion
[04/12/2008|15:45] C:\Program Files\Artweaver 0.5
[22/02/2008|14:16] C:\Program Files\Audacity
[04/10/2008|22:09] C:\Program Files\Autodesk
[22/02/2008|22:40] C:\Program Files\AviSynth 2.5
[14/11/2008|12:13] C:\Program Files\Blender Foundation
[09/03/2008|11:23] C:\Program Files\BSPlayer
[06/03/2008|18:56] C:\Program Files\Buzz
[16/11/2008|18:16] C:\Program Files\Callipygian 3D
[22/02/2008|14:00] C:\Program Files\CamStudio
[22/02/2008|14:02] C:\Program Files\Capturino 1.4
[30/09/2008|16:27] C:\Program Files\CCleaner
[29/09/2008|18:44] C:\Program Files\CleVR Stitcher
[18/03/2008|14:47] C:\Program Files\Cobian Backup 8
[09/06/2008|20:23] C:\Program Files\CoffeeCup Software
[05/12/2008|22:25] C:\Program Files\Common Files
[27/09/2008|13:41] C:\Program Files\Conduit
[16/02/2008|19:38] C:\Program Files\Controle Parental
[01/10/2008|11:00] C:\Program Files\CyberLink
[02/11/2008|13:22] C:\Program Files\Dassault Systemes
[29/04/2008|14:28] C:\Program Files\DAZ
[19/02/2008|17:45] C:\Program Files\del.icio.us
[02/03/2008|10:01] C:\Program Files\Didapages
[08/11/2008|00:48] C:\Program Files\DIFX
[06/03/2008|18:29] C:\Program Files\DigitalSoundPlanet
[30/09/2008|06:27] C:\Program Files\DivX
[06/03/2008|21:37] C:\Program Files\DVD Shrink
[08/03/2008|18:07] C:\Program Files\E-Anim801
[31/10/2008|18:24] C:\Program Files\Earth Bridge
[06/03/2008|19:24] C:\Program Files\Easy Music Composer Free
[17/11/2008|17:34] C:\Program Files\Easy Real Converter
[07/10/2008|17:35] C:\Program Files\Easypano
[29/04/2008|13:51] C:\Program Files\EasyPHP 2.0b1
[07/08/2008|23:10] C:\Program Files\eMule
[27/02/2008|20:27] C:\Program Files\epson
[22/02/2008|22:40] C:\Program Files\eRightSoft
[16/02/2008|17:51] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[10/10/2008|11:24] C:\Program Files\FileZilla FTP Client
[01/03/2008|23:19] C:\Program Files\Flash Slideshow Maker Professional
[09/09/2008|16:39] C:\Program Files\FlashGet
[07/04/2008|15:16] C:\Program Files\FlightGear
[26/06/2008|20:35] C:\Program Files\FLV Player
[27/09/2008|13:41] C:\Program Files\Freecorder
[15/08/2008|23:33] C:\Program Files\Garmin
[21/11/2008|12:04] C:\Program Files\Gimp-2.0
[31/10/2008|09:24] C:\Program Files\gMapMaker
[08/03/2008|15:04] C:\Program Files\Goldshell
[04/12/2008|01:56] C:\Program Files\Google
[31/10/2008|20:06] C:\Program Files\GPSed Photo
[09/03/2008|11:23] C:\Program Files\Guide
[16/03/2008|23:57] C:\Program Files\HAMA Joystick Outlandish
[18/12/2007|13:06] C:\Program Files\HDReg
[28/09/2008|12:29] C:\Program Files\Hugin
[31/10/2008|11:44] C:\Program Files\Hybrid GeoTools
[08/03/2008|14:53] C:\Program Files\ImageSkill
[03/12/2008|09:01] C:\Program Files\IncrediMail
[09/03/2008|11:23] C:\Program Files\Install
[05/11/2008|09:58] C:\Program Files\InstallShield Installation Information
[22/06/2008|02:16] C:\Program Files\Internet Explorer
[02/12/2008|12:13] C:\Program Files\Intuisphere
[02/11/2008|13:38] C:\Program Files\IrfanView
[06/09/2008|12:23] C:\Program Files\ItsLabel
[17/02/2008|18:23] C:\Program Files\IVCsoft
[17/03/2008|22:21] C:\Program Files\i-voyager
[08/07/2008|21:48] C:\Program Files\JAlbumWin
[05/11/2008|17:23] C:\Program Files\Java
[06/03/2008|19:00] C:\Program Files\Jeskola Buzz
[07/03/2008|15:24] C:\Program Files\Kreatives.org
[19/04/2008|20:46] C:\Program Files\Lauyan
[29/07/2008|07:53] C:\Program Files\Lavasoft
[23/02/2008|23:10] C:\Program Files\LimeWire
[05/12/2008|09:01] C:\Program Files\Livestation
[01/08/2008|22:01] C:\Program Files\LiveUpdate
[16/11/2008|18:16] C:\Program Files\LOOXISView
[14/11/2008|00:22] C:\Program Files\LooxisView_scr
[07/04/2008|14:33] C:\Program Files\MagicSofts
[07/10/2008|12:52] C:\Program Files\Ma‹do Production
[05/12/2008|11:59] C:\Program Files\Malwarebytes' Anti-Malware
[05/12/2008|13:17] C:\Program Files\Micro Application
[16/11/2008|18:16] C:\Program Files\Microsoft
[20/02/2008|03:08] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[07/04/2008|19:56] C:\Program Files\Microsoft Office
[18/10/2008|18:04] C:\Program Files\Microsoft Research
[18/10/2008|17:08] C:\Program Files\Microsoft Silverlight
[05/10/2008|14:09] C:\Program Files\Microsoft SQL Server Compact Edition
[18/12/2007|13:19] C:\Program Files\Microsoft Works
[18/12/2007|13:19] C:\Program Files\Microsoft.NET
[01/08/2008|22:22] C:\Program Files\mobile PhoneTools
[04/11/2008|20:26] C:\Program Files\Mobiola Web Camera 2 for S60 2nd Edition
[22/02/2008|21:46] C:\Program Files\Morphfacile
[22/06/2008|02:16] C:\Program Files\Movie Maker
[21/04/2008|18:00] C:\Program Files\Mozilla Firefox
[05/12/2008|15:36] C:\Program Files\Mozilla Firefox 3.1 Beta 1
[22/04/2008|22:50] C:\Program Files\Mozilla Thunderbird
[02/11/2006|13:37] C:\Program Files\MSBuild
[28/11/2008|14:56] C:\Program Files\MSN Messenger
[17/02/2008|03:05] C:\Program Files\MSXML 4.0
[02/03/2008|18:22] C:\Program Files\Nero
[06/11/2008|18:47] C:\Program Files\NiiMe
[08/11/2008|00:46] C:\Program Files\Nokia
[20/02/2008|19:12] C:\Program Files\Norton 360
[05/12/2008|14:13] C:\Program Files\Notepad++
[07/10/2008|12:43] C:\Program Files\Nvu
[17/10/2008|17:54] C:\Program Files\Object2VR
[05/12/2008|09:01] C:\Program Files\OpenAL
[21/02/2008|00:18] C:\Program Files\OpenOffice.org 2.3
[18/12/2007|13:21] C:\Program Files\Packard Bell
[04/10/2008|10:36] C:\Program Files\PanaVue
[22/04/2008|21:57] C:\Program Files\Panda Security
[01/10/2008|21:56] C:\Program Files\Pano2QTVR
[01/10/2008|20:44] C:\Program Files\Pano2VR
[15/10/2008|11:33] C:\Program Files\PanoramaStudio
[26/10/2008|12:43] C:\Program Files\Petank Party
[01/07/2008|23:02] C:\Program Files\Photo Story 3 for Windows
[22/03/2008|19:40] C:\Program Files\PhotoFiltre
[20/06/2008|16:30] C:\Program Files\PhotoFiltre Studio
[30/09/2008|00:18] C:\Program Files\Photosynth
[26/09/2008|23:53] C:\Program Files\Picasa2
[05/10/2008|12:54] C:\Program Files\PicLensIE
[23/06/2008|22:33] C:\Program Files\Pinnacle
[05/10/2008|08:39] C:\Program Files\PMVR
[01/06/2008|19:56] C:\Program Files\Powerbullet
[11/08/2008|00:15] C:\Program Files\PowerISO
[17/11/2008|18:34] C:\Program Files\Presenter 0.9
[23/06/2008|20:53] C:\Program Files\proDAD
[25/11/2008|09:25] C:\Program Files\PTGui
[05/10/2008|22:30] C:\Program Files\QuickTime
[29/02/2008|10:35] C:\Program Files\QuickZip4
[26/02/2008|19:06] C:\Program Files\Real
[18/12/2007|13:01] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[18/10/2008|18:00] C:\Program Files\RegCleaner
[26/06/2008|20:38] C:\Program Files\Replay Media Catcher
[17/11/2008|18:34] C:\Program Files\Reveal 1.2
[26/06/2008|21:10] C:\Program Files\Riva
[18/12/2007|13:11] C:\Program Files\Roxio
[01/08/2008|22:40] C:\Program Files\RTE
[23/02/2008|15:01] C:\Program Files\Samsung
[18/12/2007|13:07] C:\Program Files\Seagate
[04/12/2008|17:24] C:\Program Files\Seagrand
[16/02/2008|19:30] C:\Program Files\Securitoo
[18/02/2008|17:35] C:\Program Files\Serif
[30/09/2008|16:29] C:\Program Files\ShopFactory V7
[17/11/2008|18:15] C:\Program Files\Showcase
[27/08/2008|23:33] C:\Program Files\SimpleCenter
[13/11/2008|16:45] C:\Program Files\Singular Inversions
[17/02/2008|18:39] C:\Program Files\Skyline
[29/04/2008|14:43] C:\Program Files\Skype
[23/06/2008|20:38] C:\Program Files\SmartSound Software
[09/03/2008|11:23] C:\Program Files\softs
[05/10/2008|14:13] C:\Program Files\Sony
[26/06/2008|08:36] C:\Program Files\SourceTec
[11/06/2008|07:46] C:\Program Files\Spamihilator
[08/11/2008|01:54] C:\Program Files\Spybot - Search & Destroy
[22/02/2008|21:47] C:\Program Files\Sqirlz Morph
[16/11/2008|18:16] C:\Program Files\SummaWinPlot
[02/06/2008|17:00] C:\Program Files\Sweet Home 3D
[09/03/2008|11:23] C:\Program Files\temp
[16/11/2008|17:56] C:\Program Files\Templates
[31/10/2008|09:29] C:\Program Files\TrackMaker
[02/12/2008|14:21] C:\Program Files\Trend Micro
[03/12/2008|14:13] C:\Program Files\TuneUp Utilities 2008
[01/07/2008|23:02] C:\Program Files\UltraMenu
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[05/12/2008|10:27] C:\Program Files\UsbFix
[09/03/2008|11:23] C:\Program Files\user
[25/11/2008|13:56] C:\Program Files\Veoh Networks
[04/03/2008|11:57] C:\Program Files\VideoCap
[03/03/2008|16:18] C:\Program Files\VideoLAN
[13/11/2008|15:19] C:\Program Files\Virtools
[02/11/2008|13:17] C:\Program Files\Virtual Earth 3D
[22/02/2008|14:14] C:\Program Files\VirtualDub-MPEG2
[03/03/2008|16:09] C:\Program Files\Webcamfirst
[07/08/2008|22:40] C:\Program Files\Winamp
[07/08/2008|22:28] C:\Program Files\Winamp Remote
[07/08/2008|22:29] C:\Program Files\Winamp Toolbar
[22/06/2008|02:16] C:\Program Files\Windows Calendar
[22/06/2008|02:16] C:\Program Files\Windows Collaboration
[22/06/2008|02:16] C:\Program Files\Windows Defender
[22/06/2008|02:16] C:\Program Files\Windows Journal
[16/11/2008|18:16] C:\Program Files\Windows Live
[02/12/2008|14:06] C:\Program Files\Windows Live Safety Center
[16/11/2008|18:16] C:\Program Files\Windows Mail
[22/06/2008|02:16] C:\Program Files\Windows Media Player
[02/11/2006|13:37] C:\Program Files\Windows NT
[22/06/2008|02:16] C:\Program Files\Windows Photo Gallery
[22/06/2008|02:16] C:\Program Files\Windows Sidebar
[16/11/2008|18:16] C:\Program Files\WinRAR
[14/10/2008|08:30] C:\Program Files\WinZip
[26/06/2008|21:15] C:\Program Files\WM Recorder 10.2
[01/10/2008|20:23] C:\Program Files\WPanorama
[24/02/2008|00:18] C:\Program Files\XnView
[25/04/2008|07:52] C:\Program Files\Zoomorama

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[25/07/2008|21:25] C:\Program Files\Common Files\Adobe
[29/09/2008|18:35] C:\Program Files\Common Files\Adobe AIR
[05/10/2008|22:30] C:\Program Files\Common Files\Apple
[29/02/2008|12:21] C:\Program Files\Common Files\DAZ
[18/12/2007|13:19] C:\Program Files\Common Files\DESIGNER
[01/08/2008|23:53] C:\Program Files\Common Files\i4j_jres
[18/12/2007|13:13] C:\Program Files\Common Files\InstallShield
[16/02/2008|23:43] C:\Program Files\Common Files\Java
[02/08/2008|00:54] C:\Program Files\Common Files\MainConcept
[26/10/2008|12:45] C:\Program Files\Common Files\microsoft shared
[15/10/2008|10:14] C:\Program Files\Common Files\MSSoap
[20/10/2008|08:59] C:\Program Files\Common Files\muvee Technologies
[20/10/2008|08:59] C:\Program Files\Common Files\Nokia
[01/08/2008|23:49] C:\Program Files\Common Files\PCSuite
[30/03/2008|17:28] C:\Program Files\Common Files\Real
[18/12/2007|13:11] C:\Program Files\Common Files\Roxio Shared
[01/08/2008|22:40] C:\Program Files\Common Files\RTE
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/03/2008|18:22] C:\Program Files\Common Files\Simple Star Shared
[29/04/2008|14:43] C:\Program Files\Common Files\Skype
[08/04/2008|20:39] C:\Program Files\Common Files\snp2std
[18/12/2007|13:11] C:\Program Files\Common Files\Sonic Shared
[26/06/2008|08:36] C:\Program Files\Common Files\SourceTec
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[18/12/2007|13:11] C:\Program Files\Common Files\SureThing Shared
[26/06/2008|21:10] C:\Program Files\Common Files\SWF Studio
[20/02/2008|19:15] C:\Program Files\Common Files\Symantec Shared
[22/06/2008|02:16] C:\Program Files\Common Files\System
[15/11/2008|13:11] C:\Program Files\Common Files\Windows Live
[16/11/2008|18:16] C:\Program Files\Common Files\WindowsLiveInstaller
[03/12/2008|14:12] C:\Program Files\Common Files\Wise Installation Wizard
[30/03/2008|17:28] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 91 Processes )

iexplore.exe ~ [PID:1588]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 10:32:40
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 30

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\HERV~1\Documents\Garmin V9\Garmin Mobile XT Keygen v1.1.txt
C:\Users\HERV~1\Documents\Garmin V9\Garmin Mobile XT new keygen 2008 + guida.zip
C:\Users\HERV~1\Documents\GPS tuto Instal Garmin\Garmin mobile XT avec Radar POI\Garmin Mobile XT Keygen v1.1.txt
C:\Users\HERV~1\Documents\GPS tuto Instal Garmin\Garmin mobile XT avec Radar POI\Garmin Mobile XT new keygen 2008 + guida.zip
C:\Users\HERV~1\Downloads\eMule\Incoming\The Panorama Factory v5.2 + seria & keygen by emule spain.zip
C:\Users\HERV~1\Videos\Incomplete\Garmin Mobile XT 4.10.60 Multilanguage Nokia\Garmin Mobile XT 4.10.60 Multilanguage Nokia\Keygen
C:\Users\HERV~1\Videos\Incomplete\Garmin Mobile XT 4.10.60 Multilanguage Nokia\Garmin Mobile XT 4.10.60 Multilanguage Nokia\Keygen\garmin_kgen.exe

[F:95][D:80]-> C:\Users\HERV~1\AppData\Local\Temp
[F:302][D:1]-> C:\Users\HERV~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:64][D:9]-> C:\Users\HERV~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:150][D:18]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 06/12/2008|10:34 - Option : [1]

--------------------\\ Fin du rapport a 10:34:57
[ UAC => 1 ]

Réponse 50 / 51

noctambule28 Messages postés 35799 Date d'inscription Statut Webmaster Dernière intervention 2 858

Salut

Houla, ça devient un casse tete !!
Tu ne sembles pas infecté, et pourtant tout est reuni pour que ce soit le cas !!

Lis ça , bien qu je pense que tu en sois conscient.
Donc pour bien faire faudrait supprimer toute la partie crack!

et , là je seche un peu !

Tu peux reessayer USBFix, et au pire retelecharge-le( desactive ton antivirus, ainsi que toute tes protections residente pour le scan)
uac comprise

Réponse 51 / 51

noctambule28 Messages postés 35799 Date d'inscription Statut Webmaster Dernière intervention 2 858

* Ouvre le bloc notes. Copie colle ceci dedans :

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{CABCD0D2-F23C-4C26-B2E2-F5D1FA5F699B}c:\\program files\\bitdownload\\bitdownload.exe"= "-"
"UDP Query User{3755CED0-6475-40A5-8A7C-D5D939765EE4}c:\\program files\\bitdownload\\bitdownload.exe"= "-"

* Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

et fait ceci

clic droit sur C:\Internet Explorer.reg
modifier et copier le contenu du bloc-notes

tu l'affiches ici , stp

@+

Win32.TrojanPWS.OnlineGames

51 réponses

Votre réponse

Discussions similaires

Newsletters