Virus !!! - Sécurité, virus et assimilés::Virus

Offre d'emploi : 01net recrute 2 développeurs PHP / MySql

Auteur

Message

Régis5680

Posté le 23/06/2008 19:48:09

Bonsoir,

Mon ordinateur se bloque tout seul.
J'ai quelques virus sur mon ordinateur,j'avais crée un sujet plus haut et on m'a envoyer ici après quelques tests.Je ne sais pas si ça vient de la.

J'ai un rapport kaspersky.

http://forum.telecharger.01net.com/telecharger/windows__logiciels/windows/ord(...)

Merci à ceux qui auront l'amabilité de me répondre.

Régis5680

Posté le 23/06/2008 23:08:40

Personne?

Laddy

Posté le 24/06/2008 07:45:00

Bonjour
peux tu poster l'intégralité de ton scan fait avec kaspersky ?

Puis

Deckard's System Scanner

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

1. ferme toutes les applications et fenêtres
2. double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous

Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

3. s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
* tu devras cliquer 2 fois sur le OK des boîtes de dialogue
Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
* quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :
* tu n'auras pas de boîte de dialogue (pas de OK)
* quand le traitement est terminé, un fichier texte s'affiche :
main.txt <- ouvert en premier plan et en plein écran[
4. copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
5. copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
6. n'oublie pas de réactiver les protections si elles ont été stoppées.

Aide : http://bibou0007.com/outils-specifiques-f78/tutorial-deckard-s-system-scanner(...)

Poste les rapports de DSS (un rapport hijackthis est inclus dans les rapports DSS).

-------
Offrez vous une bonne protection avec Antivir.
Bibou0007.com

Régis5680

Posté le 24/06/2008 12:23:59

Le Rapport Kapersky est énorme donc je ne sais pas trop comment faire.

-->Message édité par Régis5680 le 24/06/2008 12:33:12<--

Régis5680

Posté le 24/06/2008 12:28:00

Deckard's System Scanner v20071014.68
Run by Régis on 2008-06-24 12:26:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as Régis.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:34, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Régis\Mes documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Régis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nbckjvjlfkhes.com/RhHFWKKdhTmelu64fpEm19HgChzuMdBMd/9nxatWOtGOXH2e(...)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ymqedbussyw.com/RhHFWKKdhTn8uYTYPe1DMjFhCdcFZCSDRdHdziCIEPU.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [bagsbeep] C:\DOCUME~1\RGIS~1\APPLIC~1\MEMOBA~1\Fork Name.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\\Steam.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QQXEP - Unknown owner - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\QQXEP.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 12735 bytes

-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-23 16:37:55 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-23 16:09:57 0 d-------- C:\Documents and Settings\Régis\Application Data\Pro Cycling Manager 2008
2008-06-23 15:23:14 0 d-------- C:\Program Files\PalickSoft
2008-06-21 17:20:03 0 d-------- C:\Program Files\Cyanide
2008-06-21 13:58:28 0 d-------- C:\WINDOWS\Logs
2008-06-20 18:44:17 0 d-------- C:\Documents and Settings\Régis\Application Data\Malwarebytes
2008-06-20 11:49:21 0 d-------- C:\WINDOWS\nvidia icons
2008-06-18 13:38:41 0 d-------- C:\Documents and Settings\Régis\Application Data\Icone
2008-05-29 19:42:25 0 d-------- C:\Program Files\Sun
2008-05-28 17:25:00 0 d-------- C:\Program Files\FreeUndelete
2008-05-27 21:21:13 0 dr------- C:\Documents and Settings\LocalService\Mes documents
2008-05-25 22:42:29 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-25 22:40:32 400896 --a------ C:\WINDOWS\system32\CF28320.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>

-- Find3M Report ---------------------------------------------------------------

2008-06-24 12:26:26 0 d-------- C:\Program Files\Trend Micro
2008-06-20 22:25:03 0 d-------- C:\Documents and Settings\Régis\Application Data\Azureus
2008-06-20 18:46:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 16:10:56 0 d-------- C:\Program Files\Steam
2008-06-18 18:29:12 0 d-------- C:\Documents and Settings\Régis\Application Data\Mozilla
2008-06-14 12:44:58 0 d-------- C:\Documents and Settings\Régis\Application Data\Adobe
2008-06-13 11:46:21 0 d-------- C:\Program Files\Apple Software Update
2008-06-11 22:55:04 0 d-------- C:\Program Files\LimeWire
2008-06-11 20:38:01 0 d-------- C:\Documents and Settings\Régis\Application Data\AdobeUM
2008-06-08 20:44:16 0 d-------- C:\Documents and Settings\Régis\Application Data\LimeWire
2008-05-29 19:41:47 0 d-------- C:\Program Files\Java
2008-05-27 20:27:06 1037312 -----n--- C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
2008-05-18 17:38:57 0 d-------- C:\Program Files\EA SPORTS
2008-05-18 14:16:29 0 d-------- C:\Documents and Settings\Régis\Application Data\memobarbbias
2008-05-15 22:40:31 0 d-------- C:\Program Files\Nero
2008-05-15 22:40:31 0 d-------- C:\Program Files\Fichiers communs
2008-05-15 15:23:09 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-13 22:26:32 0 d-------- C:\Program Files\Avira
2008-05-10 10:33:06 0 d-------- C:\Documents and Settings\Régis\Application Data\Nero
2008-05-09 15:07:21 0 d-------- C:\Documents and Settings\Régis\Application Data\CDBurnerXP_Soft
2008-05-07 22:31:52 4392 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-05 13:10:42 0 d-------- C:\Program Files\SopCast
2008-05-05 13:10:02 0 d-------- C:\Program Files\TvAnts
2008-05-05 13:08:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-28 08:03:06 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-28 08:03:06 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-27 15:40:31 0 d-------- C:\Program Files\LucasArts
2008-04-24 08:10:33 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-13 23:20:12 476284 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-04-13 23:20:12 78148 --a------ C:\WINDOWS\system32\perfc00C.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 18:04]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [02/06/2005 08:35]
"KBD"="C:\HP\KBD\KBD.EXE" [03/02/2005 01:44]
"Home Theater SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [18/07/2005 20:12]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [18/07/2005 19:05]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/05/2005 01:21]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/04/2004 22:43]
"PCDrProfiler"="" []
"AlcxMonitor"="ALCXMNTR.EXE" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [26/10/2004 00:17]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [11/05/2005 02:50]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [14/12/2004 02:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [12/05/2005 07:12]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [08/10/2004 11:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/10/2004 13:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/10/2004 13:24]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/05/2008 05:46]
"nwiz"="nwiz.exe" [03/05/2008 05:46 C:\WINDOWS\system32\nwiz.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/05/2008 05:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [15/02/2007 22:50]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/10/2004 13:06]
"bagsbeep"="C:\DOCUME~1\RGIS~1\APPLIC~1\MEMOBA~1\Fork Name.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 20:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/12/2007 15:09]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"Steam"="C:\Program Files\Steam\\Steam.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

C:\Documents and Settings\R‚gis\Menu D‚marrer\Programmes\D‚marrage\
HDD temperature.lnk - C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe [24/11/2004 15:08:38]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/05/2005 07:23:26]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [24/09/2005 08:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [15/02/2007 22:50:45]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [29/10/2005 12:42:33]
Sagem - Utilitaire r‚seau pour Cl‚ USB Wi-Fi 802.11g.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [28/10/2005 18:45:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

-- End of Deckard's System Scanner: finished at 2008-06-24 12:27:32 ------------

Laddy

Posté le 24/06/2008 12:47:30

Pour le rapport de kaspersky utilise http://www.miraclesalad.com/webtools/clip.php
Aide : http://bibou0007.com/aide-a-la-desinfection-f8/rapport-de-grande-taille-t765.(...)

-------
Offrez vous une bonne protection avec Antivir.
Bibou0007.com

Laddy

Posté le 24/06/2008 12:51:53

Télécharge Lop S&D de Angeldark et Eric71 sur ton bureau.

* Décompresse l'archive obtenue en faisant un clic-droit et 'Extraire tout'.
* Double-clique sur le nouveau répertoire Lop S&D obtenu et double-clique sur Scan.bat
(il est possible que l'extension .bat n'apparaisse pas suivant les options d'affichage définies).
* Tape R pour Rechercher et valide ton choix par la touche Entrée.
* Laisse l'outil travailler, il va générer un rapport, poste le à la suite.

Analyse avec VirusTotal :
Rends toi sur ce lien : Virus Total
Aide : virus total
# Clique sur Parcourir
# Rends toi jusque sur ce fichier si tu le trouves :

C:\WINDOWS\PSEXESVC.EXE

# Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
# Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
# Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
# Une nouvelle fenêtre de ton navigateur va apparaître puis poste le résultat.

J'attends :
ton rapport lop
ton rapport viscantotal

-------
Offrez vous une bonne protection avec Antivir.
Bibou0007.com

Régis5680

Posté le 24/06/2008 13:25:44

-----------------------[ Lop S&D 4.2.1-8 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : R‚gis ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 24/06/2008 | 13:22:45,84 ] [ PC : TOMMYGROIX ]
[ MAJ : 24-06-2008 | 11:00 ]

-------------[ Listing des dossiers dans Application Data ]------------

[01/01/2005|17:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[24/11/2004|00:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[25/11/2004|05:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[01/01/2005|17:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intervideo
[01/01/2005|18:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[01/01/2005|18:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView

[09/07/2006|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[27/05/2007|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[26/01/2007|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[13/05/2008|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[24/11/2004|00:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[06/08/2007|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Emjysoft
[23/09/2006|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/01/2005|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[25/12/2005|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[01/01/2005|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[28/10/2005|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[07/05/2008|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22/12/2005|23:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/12/2007|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[02/04/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[12/09/2007|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[18/02/2008|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[28/01/2006|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2005|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[01/01/2005|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[03/11/2005|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[12/02/2008|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[24/01/2008|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[05/11/2005|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[01/01/2005|17:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[24/11/2004|00:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[25/11/2004|05:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2005|17:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[01/01/2005|18:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2005|18:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2005|18:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[11/02/2008|13:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[01/01/2005|17:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[01/01/2005|17:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[14/06/2008|12:44] C:\DOCUME~1\RGIS~1\APPLIC~1\Adobe
[11/06/2008|20:38] C:\DOCUME~1\RGIS~1\APPLIC~1\AdobeUM
[27/05/2007|14:25] C:\DOCUME~1\RGIS~1\APPLIC~1\Ahead
[26/01/2007|12:27] C:\DOCUME~1\RGIS~1\APPLIC~1\Apple Computer
[20/06/2008|22:25] C:\DOCUME~1\RGIS~1\APPLIC~1\Azureus
[09/05/2008|15:07] C:\DOCUME~1\RGIS~1\APPLIC~1\CDBurnerXP_Soft
[21/05/2007|19:58] C:\DOCUME~1\RGIS~1\APPLIC~1\DeepBurner
[24/11/2004|00:13] C:\DOCUME~1\RGIS~1\APPLIC~1\desktop.ini
[06/08/2007|15:42] C:\DOCUME~1\RGIS~1\APPLIC~1\Emjysoft
[29/11/2005|21:13] C:\DOCUME~1\RGIS~1\APPLIC~1\FotoWire
[21/09/2006|21:47] C:\DOCUME~1\RGIS~1\APPLIC~1\Google
[17/09/2007|22:16] C:\DOCUME~1\RGIS~1\APPLIC~1\Help
[19/12/2005|15:01] C:\DOCUME~1\RGIS~1\APPLIC~1\HP
[17/11/2005|18:15] C:\DOCUME~1\RGIS~1\APPLIC~1\HPQ
[18/06/2008|13:38] C:\DOCUME~1\RGIS~1\APPLIC~1\Icone
[25/11/2004|05:26] C:\DOCUME~1\RGIS~1\APPLIC~1\Identities
[22/03/2006|20:50] C:\DOCUME~1\RGIS~1\APPLIC~1\Intervideo
[08/06/2008|20:44] C:\DOCUME~1\RGIS~1\APPLIC~1\LimeWire
[05/03/2007|20:58] C:\DOCUME~1\RGIS~1\APPLIC~1\Macromedia
[20/06/2008|18:44] C:\DOCUME~1\RGIS~1\APPLIC~1\Malwarebytes
[18/05/2008|14:16] C:\DOCUME~1\RGIS~1\APPLIC~1\memobarbbias
[11/06/2008|22:54] C:\DOCUME~1\RGIS~1\APPLIC~1\Microsoft
[18/06/2008|18:29] C:\DOCUME~1\RGIS~1\APPLIC~1\Mozilla
[24/12/2005|19:05] C:\DOCUME~1\RGIS~1\APPLIC~1\MSNInstaller
[10/05/2008|10:33] C:\DOCUME~1\RGIS~1\APPLIC~1\Nero
[22/05/2007|19:54] C:\DOCUME~1\RGIS~1\APPLIC~1\Nikon
[21/05/2007|21:11] C:\DOCUME~1\RGIS~1\APPLIC~1\pcouffin.cat
[21/05/2007|21:11] C:\DOCUME~1\RGIS~1\APPLIC~1\pcouffin.inf
[21/05/2007|21:11] C:\DOCUME~1\RGIS~1\APPLIC~1\pcouffin.log
[21/05/2007|21:11] C:\DOCUME~1\RGIS~1\APPLIC~1\pcouffin.sys
[23/06/2008|16:13] C:\DOCUME~1\RGIS~1\APPLIC~1\Pro Cycling Manager 2008
[01/01/2005|18:02] C:\DOCUME~1\RGIS~1\APPLIC~1\SampleView
[13/12/2007|22:16] C:\DOCUME~1\RGIS~1\APPLIC~1\SecuROM
[13/12/2007|22:20] C:\DOCUME~1\RGIS~1\APPLIC~1\Sports Interactive
[11/11/2005|21:10] C:\DOCUME~1\RGIS~1\APPLIC~1\Sun
[01/01/2005|18:12] C:\DOCUME~1\RGIS~1\APPLIC~1\Symantec
[14/06/2007|22:59] C:\DOCUME~1\RGIS~1\APPLIC~1\Talkback
[18/05/2006|22:24] C:\DOCUME~1\RGIS~1\APPLIC~1\Template
[27/06/2006|13:51] C:\DOCUME~1\RGIS~1\APPLIC~1\Update_HP_RedboxHprblog_HPSU.log
[14/07/2007|19:03] C:\DOCUME~1\RGIS~1\APPLIC~1\vlc
[21/05/2007|21:11] C:\DOCUME~1\RGIS~1\APPLIC~1\Vso
[21/06/2007|21:45] C:\DOCUME~1\RGIS~1\APPLIC~1\WinRAR
[22/05/2007|22:05] C:\DOCUME~1\RGIS~1\APPLIC~1\wklnhst.dat
[28/07/2006|10:58] C:\DOCUME~1\RGIS~1\APPLIC~1\XnView
[24/01/2008|15:37] C:\DOCUME~1\RGIS~1\APPLIC~1\Yahoo!
[03/02/2007|12:09] C:\DOCUME~1\RGIS~1\APPLIC~1\ZangoToolbar

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[20/06/2008 11:46][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[27/12/2005 18:43][--a------] C:\WINDOWS\tasks\Connexion facile … Internet.job
[24/06/2008 11:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[28/06/2006|17:15] C:\Program Files\[webwiz]
[01/01/2005|17:55] C:\Program Files\Adobe
[13/06/2008|11:46] C:\Program Files\Apple Software Update
[29/10/2005|12:41] C:\Program Files\ArcSoft
[21/05/2007|20:04] C:\Program Files\Astonsoft
[22/04/2006|13:44] C:\Program Files\Atari
[13/05/2008|22:26] C:\Program Files\Avira
[09/12/2007|17:10] C:\Program Files\Azureus
[25/12/2007|11:16] C:\Program Files\Common Files
[24/11/2004|03:37] C:\Program Files\ComPlus Applications
[21/06/2008|18:02] C:\Program Files\Cyanide
[13/12/2007|22:06] C:\Program Files\DAEMON Tools
[11/12/2005|20:37] C:\Program Files\directx
[06/08/2007|15:58] C:\Program Files\DivX
[21/01/2006|23:07] C:\Program Files\EA GAMES
[18/05/2008|17:38] C:\Program Files\EA SPORTS
[28/10/2005|18:13] C:\Program Files\Easy Internet signup
[21/06/2007|22:27] C:\Program Files\eMule
[08/05/2008|23:12] C:\Program Files\ERUNT
[15/05/2008|22:40] C:\Program Files\Fichiers communs
[26/11/2006|15:05] C:\Program Files\FireFly Studios
[28/05/2008|17:35] C:\Program Files\FreeUndelete
[07/05/2006|21:00] C:\Program Files\GameSpy Arcade
[02/02/2007|19:18] C:\Program Files\Google
[30/07/2007|23:08] C:\Program Files\Hannes Converter
[19/05/2006|21:17] C:\Program Files\Hattrick Buddy
[07/02/2006|18:05] C:\Program Files\Hattrick Forever
[01/01/2005|17:53] C:\Program Files\Hewlett-Packard
[01/01/2005|17:42] C:\Program Files\HP
[02/07/2007|10:57] C:\Program Files\HT-ScoreBoard
[05/05/2008|13:08] C:\Program Files\InstallShield Installation Information
[11/06/2008|11:47] C:\Program Files\Internet Explorer
[01/01/2005|17:54] C:\Program Files\InterVideo
[01/01/2005|17:57] C:\Program Files\iPod
[01/01/2005|17:57] C:\Program Files\iTunes
[04/02/2006|16:38] C:\Program Files\IZArc
[29/05/2008|19:41] C:\Program Files\Java
[18/02/2008|16:53] C:\Program Files\KONAMI
[23/09/2007|17:26] C:\Program Files\Lavasoft
[11/06/2008|22:55] C:\Program Files\LimeWire
[03/12/2005|20:26] C:\Program Files\Logitech
[27/04/2008|15:40] C:\Program Files\LucasArts
[15/06/2006|17:34] C:\Program Files\Macrogaming
[01/01/2005|17:54] C:\Program Files\Macrovision Corp
[20/06/2008|18:46] C:\Program Files\Malwarebytes' Anti-Malware
[20/01/2006|19:30] C:\Program Files\Maxis
[01/01/2005|17:33] C:\Program Files\Messenger
[11/02/2008|23:05] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[25/11/2004|05:27] C:\Program Files\microsoft frontpage
[19/12/2005|18:32] C:\Program Files\Microsoft Games
[01/01/2005|17:57] C:\Program Files\Microsoft Office
[01/01/2005|17:57] C:\Program Files\Microsoft Works
[25/11/2004|05:27] C:\Program Files\Movie Maker
[24/06/2008|13:11] C:\Program Files\Mozilla Firefox
[28/10/2005|19:05] C:\Program Files\MSN
[22/06/2006|17:10] C:\Program Files\MSN Apps
[25/11/2004|05:27] C:\Program Files\MSN Gaming Zone
[11/02/2008|12:57] C:\Program Files\MSN Messenger
[22/11/2006|21:48] C:\Program Files\MSXML 4.0
[01/01/2005|18:00] C:\Program Files\muvee Technologies
[15/05/2008|22:40] C:\Program Files\Nero
[23/10/2006|19:22] C:\Program Files\NetMeeting
[29/10/2005|12:42] C:\Program Files\Nikon
[25/11/2004|05:27] C:\Program Files\Online Services
[13/06/2007|23:25] C:\Program Files\Outlook Express
[23/06/2008|15:23] C:\Program Files\PalickSoft
[01/01/2005|18:11] C:\Program Files\PC-Doctor 5 for Windows
[13/01/2008|14:38] C:\Program Files\Picasa2
[26/01/2007|12:20] C:\Program Files\QuickTime
[28/10/2005|18:45] C:\Program Files\SAGEM
[28/10/2005|18:45] C:\Program Files\SAGEM Wi-Fi USB 802.11g
[01/01/2005|18:09] C:\Program Files\Services en ligne
[01/01/2005|17:52] C:\Program Files\Sonic
[25/12/2007|21:00] C:\Program Files\Sony
[05/05/2008|13:10] C:\Program Files\SopCast
[12/02/2008|18:03] C:\Program Files\Sports Interactive
[20/06/2008|16:10] C:\Program Files\Steam
[29/05/2008|19:42] C:\Program Files\Sun
[19/04/2008|16:01] C:\Program Files\TrackMania Nations ESWC
[24/06/2008|12:26] C:\Program Files\Trend Micro
[05/05/2008|13:10] C:\Program Files\TvAnts
[24/11/2004|03:37] C:\Program Files\Uninstall Information
[10/02/2008|19:31] C:\Program Files\Veoh Networks
[06/08/2007|15:43] C:\Program Files\VideoLAN
[21/05/2007|21:12] C:\Program Files\VSO
[28/06/2006|16:58] C:\Program Files\Webcam Surveyor
[31/01/2008|19:27] C:\Program Files\Webtarot
[03/11/2005|22:56] C:\Program Files\Windows Journal Viewer
[12/02/2008|18:37] C:\Program Files\Windows Live
[25/12/2007|11:19] C:\Program Files\Windows Media Connect 2
[25/12/2007|21:01] C:\Program Files\Windows Media Player
[01/02/2005|10:21] C:\Program Files\Windows NT
[24/11/2004|03:37] C:\Program Files\WindowsUpdate
[06/08/2007|18:13] C:\Program Files\WinRAR
[14/04/2006|13:45] C:\Program Files\WinZip
[25/11/2004|05:28] C:\Program Files\xerox
[03/11/2006|20:48] C:\Program Files\XnView
[24/01/2008|15:36] C:\Program Files\Yahoo!
[09/12/2007|17:44] C:\Program Files\YesMessenger
[13/12/2007|22:15] C:\Program Files\Zero G Registry
[01/06/2007|19:21] C:\Program Files\zimeloader

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[01/01/2005|17:55] C:\Program Files\Fichiers communs\Adobe
[01/11/2005|23:37] C:\Program Files\Fichiers communs\AOL
[29/11/2005|21:13] C:\Program Files\Fichiers communs\FotoWire
[01/01/2005|17:47] C:\Program Files\Fichiers communs\Hewlett-Packard
[01/01/2005|17:45] C:\Program Files\Fichiers communs\HP
[01/01/2005|17:57] C:\Program Files\Fichiers communs\InstallShield
[01/01/2005|17:54] C:\Program Files\Fichiers communs\InterVideo
[01/01/2005|17:29] C:\Program Files\Fichiers communs\Java
[28/10/2005|19:34] C:\Program Files\Fichiers communs\Logitech
[11/02/2008|12:58] C:\Program Files\Fichiers communs\Microsoft Shared
[25/11/2004|05:26] C:\Program Files\Fichiers communs\MSSoap
[01/01/2005|18:00] C:\Program Files\Fichiers communs\muvee Technologies
[29/10/2005|12:46] C:\Program Files\Fichiers communs\Nikon
[25/11/2004|05:26] C:\Program Files\Fichiers communs\ODBC
[01/02/2005|10:21] C:\Program Files\Fichiers communs\Services
[01/01/2005|17:51] C:\Program Files\Fichiers communs\Sonic Shared
[25/12/2007|21:00] C:\Program Files\Fichiers communs\Sony Shared
[25/11/2004|05:26] C:\Program Files\Fichiers communs\SpeechEngines
[01/01/2005|17:51] C:\Program Files\Fichiers communs\SureThing Shared
[13/06/2007|23:25] C:\Program Files\Fichiers communs\System
[01/01/2005|17:52] C:\Program Files\Fichiers communs\TiVo Shared
[11/02/2008|14:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller

---------------------------[ Process ]--------------------------

... 49

iexplore.exe ~ [3404]

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\RGIS~1\APPLIC~1\memobarbbias
C:\DOCUME~1\RGIS~1\Cookies\régis@www.adserver5[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@adultfriendfinder[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@adex.bigpoint[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@adin.bigpoint[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@bigpoint[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@bigpoint[3].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@www.bigpoint[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@banner.casinoking[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@casinoking[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@banner.cotedazurpalace[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@banner.cotedazurpalace[3].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@cotedazurpalace[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@adopt.euroclick[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@adopt.euroclick[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@pacificpoker[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@pacificpoker[3].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@partygaming.122.2o7[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@partypoker[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@seafight[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@32vegas[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@banner.32vegas[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@banner.casinolasvegas[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@vegas-millions[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@vegasred[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@www.vegas-millions[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@www.vegasaffiliates[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@www.vegasred[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@www.vegasslotcasino[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@2xmoinscher[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@www.2xmoinscher[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@img215.imageshack[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@sprice[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@888[1].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@888[2].txt
C:\DOCUME~1\RGIS~1\Cookies\régis@v8884.upd.maximumexperience[1].txt

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 13:23:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Documents and Settings\R‚gis\Application Data\Azureus\torrents\+{mininova.org}+_tracked_by_h33t_com_Football_Manager_2007_Razor1911_CRACKED_[h33t_PC_CD_IMAGE].torrent
=> C:\Documents and Settings\R‚gis\Application Data\Azureus\torrents\-'mininova.org'-_SpiderMan_2_Francais_+_Crack.rar.torrent
=> C:\Documents and Settings\R‚gis\Recent\Crack & Serial.lnk

[F:6998][D:572]-> C:\DOCUME~1\RGIS~1\LOCALS~1\Temp
[F:5108][D:0]-> C:\DOCUME~1\RGIS~1\Cookies
[F:2548][D:12]-> C:\DOCUME~1\RGIS~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 13:25:09,43 ]----------------------

Régis5680

Posté le 24/06/2008 13:30:41

Fichier PSEXESVC.EXE reçu le 2008.06.24 13:27:43 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.6.24.0 2008.06.24 -
AntiVir 7.8.0.59 2008.06.24 -
Authentium 5.1.0.4 2008.06.24 -
Avast 4.8.1195.0 2008.06.23 -
AVG 7.5.0.516 2008.06.24 -
BitDefender 7.2 2008.06.24 -
CAT-QuickHeal 9.50 2008.06.23 -
ClamAV 0.93.1 2008.06.24 -
DrWeb 4.44.0.09170 2008.06.24 -
eSafe 7.0.17.0 2008.06.24 -
eTrust-Vet 31.6.5900 2008.06.24 -
Ewido 4.0 2008.06.24 -
F-Prot 4.4.4.56 2008.06.23 -
F-Secure 7.60.13501.0 2008.06.20 -
Fortinet 3.14.0.0 2008.06.24 -
GData 2.0.7306.1023 2008.06.24 -
Ikarus T3.1.1.26.0 2008.06.24 -
Kaspersky 7.0.0.125 2008.06.24 -
McAfee 5323 2008.06.23 -
Microsoft None 2008.06.24 -
NOD32v2 3212 2008.06.24 -
Norman 5.80.02 2008.06.23 -
Panda 9.0.0.4 2008.06.23 Application/Psexec.A
Prevx1 V2 2008.06.24 -
Rising 20.50.10.00 2008.06.24 -
Sophos 4.30.0 2008.06.24 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.24 -
TheHacker 6.2.92.359 2008.06.24 -
TrendMicro 8.700.0.1004 2008.06.24 -
VBA32 3.12.6.8 2008.06.23 -
VirusBuster 4.5.11.0 2008.06.23 -
Webwasher-Gateway 6.6.2 2008.06.24 -

Information additionnelle
File size: 53248 bytes
MD5...: 34567437e1881533d582028e95456fbc
SHA1..: 6abfeb0dc2b4f60126a2b3355b1c9d8efbfa5f23
SHA256: 4fca6538c22d5d9a19302cdd19fdaa10a9cf6f389dabc842c9a2530598e30743
SHA512: ed806df335e29eaf48eb54ea6eb2cfb7dc02bf9cd3529238cc006ef1abde06e0 ec0095cb6d48b375be330243b69b93ab617646d45aa128cadc839dee019eb380
PEiD..: Armadillo v1.71
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4035f0 timedatestamp.....: 0x43ea5536 (Wed Feb 08 20:31:50 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6f82 0x7000 6.58 795e895b87146c8b28fa69cea3c0b84e .rdata 0x8000 0x1446 0x2000 3.94 c0ea42e1ee7d9dae25de550a83cd69ab .data 0xa000 0x2f04 0x2000 2.35 77598b9654c4de17cb7bc594dda8c374 .rsrc 0xd000 0x3e8 0x1000 1.02 40f8672c462e53485935e9788416b0d2 ( 5 imports ) > USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW > KERNEL32.dll: HeapFree, HeapAlloc, GetProcessHeap, SetProcessAffinityMask, GetProcAddress, LoadLibraryW, GetCurrentThread, GetExitCodeProcess, InterlockedDecrement, FlushFileBuffers, DisconnectNamedPipe, CreateNamedPipeW, OutputDebugStringA, ReadFile, InterlockedIncrement, SetHandleInformation, lstrlenW, SetThreadPriority, SetConsoleCtrlHandler, GetCommandLineW, FormatMessageW, SetStdHandle, SetFilePointer, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetModuleFileNameA, ConnectNamedPipe, SetEvent, GetModuleFileNameW, GetVersion, GetCurrentProcess, MultiByteToWideChar, WaitForSingleObject, GetStdHandle, WriteFile, LocalFree, CloseHandle, Sleep, SetLastError, GetLastError, LCMapStringA, LCMapStringW, GetCPInfo, GetACP, GetOEMCP, LoadLibraryA, GetStringTypeA, GetStringTypeW, CreateEventW, UnhandledExceptionFilter, TlsGetValue, EnterCriticalSection, LeaveCriticalSection, CreateThread, GetCurrentThreadId, TlsSetValue, ExitThread, RtlUnwind, ExitProcess, TerminateProcess, ResumeThread, GetCommandLineA, HeapDestroy, HeapCreate, VirtualFree, InitializeCriticalSection, DeleteCriticalSection, VirtualAlloc, HeapReAlloc, SetHandleCount, GetFileType, GetStartupInfoA, TlsAlloc > USER32.dll: CloseWindowStation, GetUserObjectSecurity, SetUserObjectSecurity, CloseDesktop, OpenDesktopW, SetProcessWindowStation, OpenWindowStationW, GetProcessWindowStation > ADVAPI32.dll: RegisterEventSourceW, ReportEventW, DeregisterEventSource, SetServiceStatus, RegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, LogonUserW, ImpersonateNamedPipeClient, OpenThreadToken, RevertToSelf, DuplicateTokenEx, LookupAccountSidW, CreateProcessAsUserW, SetEntriesInAclW, AddAccessAllowedAce, InitializeSecurityDescriptor, GetSecurityDescriptorDacl, GetAclInformation, InitializeAcl, GetAce, AddAce, EqualSid, SetSecurityDescriptorDacl, GetLengthSid, CopySid, OpenProcessToken, DeleteService, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CreateServiceW, CloseServiceHandle, AllocateAndInitializeSid, GetTokenInformation, FreeSid, LsaOpenPolicy, LsaEnumerateAccountRights, LsaClose, LookupPrivilegeValueW, LsaFreeMemory > SHELL32.dll: CommandLineToArgvW ( 0 exports )

Laddy

Posté le 24/06/2008 13:34:51

Nettoyage :

* Double-clique sur Scan.bat du repertoire Lop S&D.
(il est possible que l'extension .bat n'apparaisse pas suivant les options d'affichage définies).
* Tape S pour Suppression et valide ton choix par la touche Entrée.
* Laisse l'outil travailler, il va générer un rapport, poste le à la suite.

-------
Offrez vous une bonne protection avec Antivir.
Bibou0007.com

Régis5680

Posté le 24/06/2008 13:44:50

-----------------------[ Lop S&D 4.2.1-8 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : R‚gis ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 24/06/2008 | 13:42:34,25 ] [ PC : TOMMYGROIX ]
[ MAJ : 24-06-2008 | 11:00 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@www.adserver5[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@adultfriendfinder[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@adex.bigpoint[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@adin.bigpoint[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@bigpoint[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@bigpoint[3].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@fr1.seafight.bigpoint[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@www.bigpoint[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@banner.casinoking[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@casinoking[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@banner.cotedazurpalace[3].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@adopt.euroclick[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@pacificpoker[3].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@partygaming.122.2o7[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@partypoker[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@seafight[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@32vegas[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@banner.32vegas[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@banner.casinolasvegas[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@vegas-millions[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@vegasred[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@www.vegas-millions[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@www.vegasaffiliates[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@www.vegasred[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@www.vegasslotcasino[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@2xmoinscher[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@www.2xmoinscher[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@img215.imageshack[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@sprice[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@888[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@888[2].txt
Supprime! - C:\DOCUME~1\RGIS~1\Cookies\régis@v8884.upd.maximumexperience[1].txt
Supprime! - C:\DOCUME~1\RGIS~1\APPLIC~1\memobarbbias

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des dossiers dans APPLIC~1 ]------------

[01/01/2005|17:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[24/11/2004|00:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[25/11/2004|05:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[01/01/2005|17:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intervideo
[01/01/2005|18:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[01/01/2005|18:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView

[09/07/2006|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[27/05/2007|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[26/01/2007|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[13/05/2008|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[24/11/2004|00:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[06/08/2007|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Emjysoft
[23/09/2006|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/01/2005|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[25/12/2005|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[01/01/2005|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[28/10/2005|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[07/05/2008|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22/12/2005|23:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/12/2007|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[02/04/2008|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[12/09/2007|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[18/02/2008|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[28/01/2006|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2005|17:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[01/01/2005|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[03/11/2005|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[12/02/2008|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[24/01/2008|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[05/11/2005|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[01/01/2005|17:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[24/11/2004|00:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[25/11/2004|05:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2005|17:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[01/01/2005|18:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2005|18:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2005|18:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[11/02/2008|13:53] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[01/01/2005|17:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[01/01/2005|17:18] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[14/06/2008|12:44] C:\DOCUME~1\RGIS~1\APPLIC~1\Adobe
[11/06/2008|20:38] C:\DOCUME~1\RGIS~1\APPLIC~1\AdobeUM
[27/05/2007|14:25] C:\DOCUME~1\RGIS~1\APPLIC~1\Ahead
[26/01/2007|12:27] C:\DOCUME~1\RGIS~1\APPLIC~1\Apple Computer
[20/06/2008|22:25] C:\DOCUME~1\RGIS~1\APPLIC~1\Azureus
[09/05/2008|15:07] C:\DOCUME~1\RGIS~1\APPLIC~1\CDBurnerXP_Soft
[21/05/2007|19:58] C:\DOCUME~1\RGIS~1\APPLIC~1\DeepBurner
[24/11/2004|00:13] C:\DOCUME~1\RGIS~1\APPLIC~1\desktop.ini
[06/08/2007|15:42] C:\DOCUME~1\RGIS~1\APPLIC~1\Emjysoft
[29/11/2005|21:13] C:\DOCUME~1\RGIS~1\APPLIC~1\FotoWire
[21/09/2006|21:47] C:\DOCUME~1\RGIS~1\APPLIC~1\Google
[17/09/2007|22:16] C:\DOCUME~1\RGIS~1\APPLIC~1\Help
[19/12/2005|15:01] C:\DOCUME~1\RGIS~1\APPLIC~1\HP
[17/11/2005|18:15] C:\DOCUME~1\RGIS~1\APPLIC~1\HPQ
[18/06/2008|13:38] C:\DOCUME~1\RGIS~1\APPLIC~1\Icone
[25/11/2004|05:26] C:\DOCUME~1\RGIS~1\APPLIC~1\Identities
[22/03/2006|20:50] C:\DOCUME~1\RGIS~1\APPLIC~1\Intervideo
[08/06/2008|20:44] C:\DOCUME~1\RGIS~1\APPLIC~1\LimeWire
[05/03/2007|20:58] C:\DOCUME~1\RGIS~1\APPLIC~1\Macromedia
[20/06/2008|18:44] C:\DOCUME~1\RGIS~1\APPLIC~1\Malwarebytes
[11/06/2008|22:54] C:\DOCUME~1\RGIS~1\APPLIC~1\Microsoft
[18/06/2008|18:29] C:\DOCUME~1\RGIS~1\APPLIC~1\Mozilla
[24/12/2005|19:05] C:\DOCUME~1\RGIS~1\APPLIC~1\MSNInstaller
[10/05/2008|10:33] C:\DOCUME~1\RGIS~1\APPLIC~1\Nero
[22/05/2007|19:54] C:\DOCUME~1\RGIS~1\APPLIC~1\Nikon
[21/05/2007|21:11] C:\DOCUME~1\RGIS~1\APPLIC~1\pcouffin.cat
[21/05/2007|21:11] C:\DOCUME~1\RGIS~1\APPLIC~1\pcouffin.inf
[21/05/2007|21:11] C:\DOCUME~1\RGIS~1\APPLIC~1\pcouffin.log
[21/05/2007|21:11] C:\DOCUME~1\RGIS~1\APPLIC~1\pcouffin.sys
[23/06/2008|16:13] C:\DOCUME~1\RGIS~1\APPLIC~1\Pro Cycling Manager 2008
[01/01/2005|18:02] C:\DOCUME~1\RGIS~1\APPLIC~1\SampleView
[13/12/2007|22:16] C:\DOCUME~1\RGIS~1\APPLIC~1\SecuROM
[13/12/2007|22:20] C:\DOCUME~1\RGIS~1\APPLIC~1\Sports Interactive
[11/11/2005|21:10] C:\DOCUME~1\RGIS~1\APPLIC~1\Sun
[01/01/2005|18:12] C:\DOCUME~1\RGIS~1\APPLIC~1\Symantec
[14/06/2007|22:59] C:\DOCUME~1\RGIS~1\APPLIC~1\Talkback
[18/05/2006|22:24] C:\DOCUME~1\RGIS~1\APPLIC~1\Template
[27/06/2006|13:51] C:\DOCUME~1\RGIS~1\APPLIC~1\Update_HP_RedboxHprblog_HPSU.log
[14/07/2007|19:03] C:\DOCUME~1\RGIS~1\APPLIC~1\vlc
[21/05/2007|21:11] C:\DOCUME~1\RGIS~1\APPLIC~1\Vso
[21/06/2007|21:45] C:\DOCUME~1\RGIS~1\APPLIC~1\WinRAR
[22/05/2007|22:05] C:\DOCUME~1\RGIS~1\APPLIC~1\wklnhst.dat
[28/07/2006|10:58] C:\DOCUME~1\RGIS~1\APPLIC~1\XnView
[24/01/2008|15:37] C:\DOCUME~1\RGIS~1\APPLIC~1\Yahoo!
[03/02/2007|12:09] C:\DOCUME~1\RGIS~1\APPLIC~1\ZangoToolbar

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[20/06/2008 11:46][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[27/12/2005 18:43][--a------] C:\WINDOWS\tasks\Connexion facile … Internet.job
[24/06/2008 11:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 20:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[28/06/2006|17:15] C:\Program Files\[webwiz]
[01/01/2005|17:55] C:\Program Files\Adobe
[13/06/2008|11:46] C:\Program Files\Apple Software Update
[29/10/2005|12:41] C:\Program Files\ArcSoft
[21/05/2007|20:04] C:\Program Files\Astonsoft
[22/04/2006|13:44] C:\Program Files\Atari
[13/05/2008|22:26] C:\Program Files\Avira
[09/12/2007|17:10] C:\Program Files\Azureus
[25/12/2007|11:16] C:\Program Files\Common Files
[24/11/2004|03:37] C:\Program Files\ComPlus Applications
[21/06/2008|18:02] C:\Program Files\Cyanide
[13/12/2007|22:06] C:\Program Files\DAEMON Tools
[11/12/2005|20:37] C:\Program Files\directx
[06/08/2007|15:58] C:\Program Files\DivX
[21/01/2006|23:07] C:\Program Files\EA GAMES
[18/05/2008|17:38] C:\Program Files\EA SPORTS
[28/10/2005|18:13] C:\Program Files\Easy Internet signup
[21/06/2007|22:27] C:\Program Files\eMule
[08/05/2008|23:12] C:\Program Files\ERUNT
[15/05/2008|22:40] C:\Program Files\Fichiers communs
[26/11/2006|15:05] C:\Program Files\FireFly Studios
[28/05/2008|17:35] C:\Program Files\FreeUndelete
[07/05/2006|21:00] C:\Program Files\GameSpy Arcade
[02/02/2007|19:18] C:\Program Files\Google
[30/07/2007|23:08] C:\Program Files\Hannes Converter
[19/05/2006|21:17] C:\Program Files\Hattrick Buddy
[07/02/2006|18:05] C:\Program Files\Hattrick Forever
[01/01/2005|17:53] C:\Program Files\Hewlett-Packard
[01/01/2005|17:42] C:\Program Files\HP
[02/07/2007|10:57] C:\Program Files\HT-ScoreBoard
[05/05/2008|13:08] C:\Program Files\InstallShield Installation Information
[11/06/2008|11:47] C:\Program Files\Internet Explorer
[01/01/2005|17:54] C:\Program Files\InterVideo
[01/01/2005|17:57] C:\Program Files\iPod
[01/01/2005|17:57] C:\Program Files\iTunes
[04/02/2006|16:38] C:\Program Files\IZArc
[29/05/2008|19:41] C:\Program Files\Java
[18/02/2008|16:53] C:\Program Files\KONAMI
[23/09/2007|17:26] C:\Program Files\Lavasoft
[11/06/2008|22:55] C:\Program Files\LimeWire
[03/12/2005|20:26] C:\Program Files\Logitech
[27/04/2008|15:40] C:\Program Files\LucasArts
[15/06/2006|17:34] C:\Program Files\Macrogaming
[01/01/2005|17:54] C:\Program Files\Macrovision Corp
[20/06/2008|18:46] C:\Program Files\Malwarebytes' Anti-Malware
[20/01/2006|19:30] C:\Program Files\Maxis
[01/01/2005|17:33] C:\Program Files\Messenger
[11/02/2008|23:05] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[25/11/2004|05:27] C:\Program Files\microsoft frontpage
[19/12/2005|18:32] C:\Program Files\Microsoft Games
[01/01/2005|17:57] C:\Program Files\Microsoft Office
[01/01/2005|17:57] C:\Program Files\Microsoft Works
[25/11/2004|05:27] C:\Program Files\Movie Maker
[24/06/2008|13:35] C:\Program Files\Mozilla Firefox
[28/10/2005|19:05] C:\Program Files\MSN
[22/06/2006|17:10] C:\Program Files\MSN Apps
[25/11/2004|05:27] C:\Program Files\MSN Gaming Zone
[11/02/2008|12:57] C:\Program Files\MSN Messenger
[22/11/2006|21:48] C:\Program Files\MSXML 4.0
[01/01/2005|18:00] C:\Program Files\muvee Technologies
[15/05/2008|22:40] C:\Program Files\Nero
[23/10/2006|19:22] C:\Program Files\NetMeeting
[29/10/2005|12:42] C:\Program Files\Nikon
[25/11/2004|05:27] C:\Program Files\Online Services
[13/06/2007|23:25] C:\Program Files\Outlook Express
[23/06/2008|15:23] C:\Program Files\PalickSoft
[01/01/2005|18:11] C:\Program Files\PC-Doctor 5 for Windows
[13/01/2008|14:38] C:\Program Files\Picasa2
[26/01/2007|12:20] C:\Program Files\QuickTime
[28/10/2005|18:45] C:\Program Files\SAGEM
[28/10/2005|18:45] C:\Program Files\SAGEM Wi-Fi USB 802.11g
[01/01/2005|18:09] C:\Program Files\Services en ligne
[01/01/2005|17:52] C:\Program Files\Sonic
[25/12/2007|21:00] C:\Program Files\Sony
[05/05/2008|13:10] C:\Program Files\SopCast
[12/02/2008|18:03] C:\Program Files\Sports Interactive
[20/06/2008|16:10] C:\Program Files\Steam
[29/05/2008|19:42] C:\Program Files\Sun
[19/04/2008|16:01] C:\Program Files\TrackMania Nations ESWC
[24/06/2008|12:26] C:\Program Files\Trend Micro
[05/05/2008|13:10] C:\Program Files\TvAnts
[24/11/2004|03:37] C:\Program Files\Uninstall Information
[10/02/2008|19:31] C:\Program Files\Veoh Networks
[06/08/2007|15:43] C:\Program Files\VideoLAN
[21/05/2007|21:12] C:\Program Files\VSO
[28/06/2006|16:58] C:\Program Files\Webcam Surveyor
[31/01/2008|19:27] C:\Program Files\Webtarot
[03/11/2005|22:56] C:\Program Files\Windows Journal Viewer
[12/02/2008|18:37] C:\Program Files\Windows Live
[25/12/2007|11:19] C:\Program Files\Windows Media Connect 2
[25/12/2007|21:01] C:\Program Files\Windows Media Player
[01/02/2005|10:21] C:\Program Files\Windows NT
[24/11/2004|03:37] C:\Program Files\WindowsUpdate
[06/08/2007|18:13] C:\Program Files\WinRAR
[14/04/2006|13:45] C:\Program Files\WinZip
[25/11/2004|05:28] C:\Program Files\xerox
[03/11/2006|20:48] C:\Program Files\XnView
[24/01/2008|15:36] C:\Program Files\Yahoo!
[09/12/2007|17:44] C:\Program Files\YesMessenger
[13/12/2007|22:15] C:\Program Files\Zero G Registry
[01/06/2007|19:21] C:\Program Files\zimeloader

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[01/01/2005|17:55] C:\Program Files\Fichiers communs\Adobe
[01/11/2005|23:37] C:\Program Files\Fichiers communs\AOL
[29/11/2005|21:13] C:\Program Files\Fichiers communs\FotoWire
[01/01/2005|17:47] C:\Program Files\Fichiers communs\Hewlett-Packard
[01/01/2005|17:45] C:\Program Files\Fichiers communs\HP
[01/01/2005|17:57] C:\Program Files\Fichiers communs\InstallShield
[01/01/2005|17:54] C:\Program Files\Fichiers communs\InterVideo
[01/01/2005|17:29] C:\Program Files\Fichiers communs\Java
[28/10/2005|19:34] C:\Program Files\Fichiers communs\Logitech
[11/02/2008|12:58] C:\Program Files\Fichiers communs\Microsoft Shared
[25/11/2004|05:26] C:\Program Files\Fichiers communs\MSSoap
[01/01/2005|18:00] C:\Program Files\Fichiers communs\muvee Technologies
[29/10/2005|12:46] C:\Program Files\Fichiers communs\Nikon
[25/11/2004|05:26] C:\Program Files\Fichiers communs\ODBC
[01/02/2005|10:21] C:\Program Files\Fichiers communs\Services
[01/01/2005|17:51] C:\Program Files\Fichiers communs\Sonic Shared
[25/12/2007|21:00] C:\Program Files\Fichiers communs\Sony Shared
[25/11/2004|05:26] C:\Program Files\Fichiers communs\SpeechEngines
[01/01/2005|17:51] C:\Program Files\Fichiers communs\SureThing Shared
[13/06/2007|23:25] C:\Program Files\Fichiers communs\System
[01/01/2005|17:52] C:\Program Files\Fichiers communs\TiVo Shared
[11/02/2008|14:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller

---------------------------[ Process ]--------------------------

... 47

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 13:43:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Documents and Settings\R‚gis\Application Data\Azureus\torrents\+{mininova.org}+_tracked_by_h33t_com_Football_Manager_2007_Razor1911_CRACKED_[h33t_PC_CD_IMAGE].torrent
=> C:\Documents and Settings\R‚gis\Application Data\Azureus\torrents\-'mininova.org'-_SpiderMan_2_Francais_+_Crack.rar.torrent
=> C:\Documents and Settings\R‚gis\Recent\Crack & Serial.lnk

[F:7008][D:573]-> C:\DOCUME~1\RGIS~1\LOCALS~1\Temp
[F:5073][D:0]-> C:\DOCUME~1\RGIS~1\Cookies
[F:2539][D:12]-> C:\DOCUME~1\RGIS~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 13:44:23,14 ]----------------------

Laddy

Posté le 24/06/2008 13:52:19

Affichage des dossiers cachés:

Rend-toi à l'onglet affichage .

Menu "Outils"

" Option des dossiers"

onglet "Affichage"

Active la case "Afficher les fichiers et dossiers cachés".

Désactive la case "Masquer les extensions des fichiers dont le type est connu".

Désactive la case "Masquer les fichiers protégés du système d'exploitation".

Cliques sur "Appliquer à tous les dossiers".

Suppression des fichiers :
rends toi vers ses répertoires et supprime ce qui est en gras
C:\Documents and Settings\R‚gis\Application Data\Azureus\torrents\+{mininova.org}+_tracked_by_h33t_com_Football_Manager_2007_Razor1911_CRACKED_[h33t_PC_CD_IMAGE].torrent
=> C:\Documents and Settings\R‚gis\Application Data\Azureus\torrents\-'mininova.org'-_SpiderMan_2_Francais_+_Crack.rar.torrent
=> C:\Documents and Settings\R‚gis\Recent\Crack & Serial.lnk

Puis

Clean

Télécharger clean.zip (de Malekal_morte) :
Décompressez le fichier sur le bureau (clic droit / extraire tout), afin d’obtenir un dossier nommé clean.

- Ouvrez le dossier Clean qui se trouve sur ton bureau et faire un double-clic sur clean.cmd.
- Une fenêtre noire va apparaitre, choisissez l'option 1, un rapport sera crée sous la racine : C:\rapport_clean.txt

-------
Offrez vous une bonne protection avec Antivir.
Bibou0007.com

Régis5680

Posté le 24/06/2008 14:06:32

24/06/2008 a 14:04:39,62

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files

Laddy

Posté le 24/06/2008 14:10:15

MalwareByte's Anti-Malware

télécharge MalwareByte's Anti-Malware et installe le.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Assure toi qu'il se soit bien mis à jour avant de passer à la suite.

- Aide : Tutoriel MABM
Redémarre en mode sans échec :

o Redémarre ton ordinateur
o Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
o A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
o Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
o Choisis ton compte.

* Lance MBAM et sélectionne "Exécuter un examen complet". Patiente le temps du scan.

* Une fois le scan terminé,clique sur "Supprimer la sélection".

Si MBAM a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok. Enregistre le rapport sur ton Bureau lorsqu'il s'affichera

-------
Offrez vous une bonne protection avec Antivir.
Bibou0007.com

Régis5680

Posté le 24/06/2008 19:52:02

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 884

19:45:29 24/06/2008
mbam-log-6-24-2008 (19-45-29).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 173778
Temps écoulé: 5 hour(s), 0 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP825\A0342469.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Laddy

Posté le 25/06/2008 06:43:26