Sujet Précédent Sujet Suivant

Cheval de troie, rapport hijack

miczfr Messages postés 208 Statut Membre -  
 afideg -
Bonjour,
suite à un blocage de mon ordi infesté par des chevaux de troie, j'ai fait des nettoyages en passant par le mode sans echec, avec avast, spybot et mawarebytes
aprés de multiples redémarrages, je suis arrivé à avoir un ordi qui fonctionne à nouveau
mais pouvez vous me dire avec le rapport hijack si tout va bien. Un détail, je suis une bille en informatique
merci de votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:28, on 27/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\oopmagentts.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagentts.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [Pxoguz] rundll32.exe "C:\WINDOWS\Fdasiquyiwifa.dll",e
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\admin\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\admin\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\admin\LOCALS~1\Temp\csrssc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &T&élécharger &avec BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &T&élécharger tout avec BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &T&élécharger toute vidéo avec BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O20 - Winlogon Notify: offmmel - offmmel.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
A voir également:

97 réponses

Précédent
Réponse 41 / 97
miczfr Messages postés 208 Statut Membre
 
bonjour. J'ai fait 2 scan avec combofix. 1 avec celui déjà télécharger il y a qq jours et rebaptiser moi.exe, et un 2ème que je viens de télécharger en ayant modifier le nom AVANT télechargement.
sinon j'ai toujours le même trojan détecté par malwaresbyte, que je ne peux toujours pas mettre à jour (il est pourtant bien dans mes exceptions de mon par-feu)
voici le 1er rapport
ComboFix 09-01-21.04 - admin 2009-02-08 16:31:20.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.895.524 [GMT 1:00]
Lancé depuis: c:\documents and settings\admin\Bureau\moi.exe.exe
AV: avast! antivirus 4.8.1296 [VPS 090207-0] *On-access scanning disabled* (Updated)
.
- Mode FONCTIONNALITES REDUITES -
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-08 au 2009-02-08 ))))))))))))))))))))))))))))))))))))
.

2009-02-06 14:52 . 2009-02-06 14:52 <REP> d-------- c:\windows\LastGood
2009-02-06 14:36 . 2009-02-06 14:36 <REP> d-------- c:\program files\EsetOnlineScanner
2009-02-05 22:09 . 2009-02-05 22:09 <REP> d-------- C:\_OTMoveIt
2009-02-05 08:20 . 2009-02-05 08:20 <REP> d-------- C:\rsit
2009-02-02 08:42 . 2009-02-02 08:42 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-02 08:40 . 2009-02-02 08:40 <REP> d-------- c:\windows\ERUNT
2009-02-02 08:28 . 2009-02-02 09:33 <REP> d-------- C:\SDFix
2009-01-31 15:06 . 2009-01-31 15:06 <REP> d-------- c:\program files\Hamachi
2009-01-31 15:06 . 2009-01-31 15:06 10,345 --a------ c:\windows\system32\drivers\hamachi.sys
2009-01-31 09:28 . 2008-10-16 02:01 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-01-30 19:36 . 2009-02-01 16:36 <REP> d-------- c:\program files\FindyKill
2009-01-28 11:22 . 2009-01-28 11:22 230 --a------ c:\windows\system32\spupdsvc.inf
2009-01-28 10:52 . 2009-01-30 12:20 <REP> d-------- c:\windows\BDOSCAN8
2009-01-27 20:40 . 2009-01-27 20:40 137,856 --a------ c:\windows\system32\drivers\ati0hwxx.sys
2009-01-27 09:09 . 2009-01-27 09:09 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-01-24 16:17 . 2003-08-04 09:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-01-24 16:17 . 2003-08-04 09:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-24 16:17 . 2003-08-04 08:57 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-01-24 16:17 . 2003-08-04 11:22 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-24 16:17 . 2003-08-04 09:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-01-24 16:17 . 2003-08-04 09:01 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-24 16:17 . 2003-08-04 09:55 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-24 16:17 . 2003-08-04 09:27 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Symantec
2009-01-24 16:17 . 2003-08-04 11:22 <REP> d-------- c:\documents and settings\Administrateur\Application Data\InterTrust
2009-01-24 16:17 . 2009-01-24 16:17 <REP> d-------- c:\documents and settings\Administrateur
2009-01-23 00:26 . 2009-01-24 16:36 <REP> d-------- c:\documents and settings\cyril\Application Data\cogad
2009-01-22 16:49 . 2009-01-22 16:50 <REP> d-------- c:\documents and settings\cyril\Application Data\_6507f9ad470e757c264b0bc56a89ceed
2009-01-22 14:59 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-01-22 14:59 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-01-22 14:59 . 2009-01-22 14:59 43,008 --a------ c:\windows\system32\chert10-303361.exe
2009-01-22 14:58 . 2009-01-22 14:58 <REP> d-------- c:\program files\Outsim
2009-01-22 14:58 . 2009-01-22 15:01 <REP> d-------- c:\program files\Image-Line
2009-01-22 13:50 . 2009-01-22 13:50 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-01-22 13:34 . 2009-01-22 13:34 108,336 --a------ c:\windows\system32\mswinsck.ocx
2009-01-22 13:31 . 2009-01-22 13:33 <REP> d-------- c:\documents and settings\admin\Application Data\_6507f9ad470e757c264b0bc56a89ceed
2009-01-22 13:24 . 2009-01-22 13:24 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2009-01-16 10:10 . 2009-01-16 10:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-14 22:42 . 2008-04-14 03:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-14 22:42 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-14 22:42 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-14 22:42 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-13 20:16 . 2009-02-08 16:16 <REP> d-------- c:\program files\PeerGuardian2
2009-01-12 19:04 . 2009-01-12 19:04 <REP> d-------- c:\windows\system32\syncdb
2009-01-11 15:22 . 2009-01-11 15:22 <REP> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2009-01-11 15:21 . 2009-01-11 15:21 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-09 13:49 . 2009-01-09 13:50 <REP> d-------- c:\documents and settings\admin\Application Data\dvdcss
2009-01-09 09:47 . 2009-01-09 09:47 <REP> d-------- c:\documents and settings\admin\Application Data\Arcsoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 18:19 --------- d-----w c:\program files\Warcraft III
2009-02-02 10:03 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-01 15:54 --------- d-----w c:\documents and settings\admin\Application Data\OFFICEOne7
2009-01-22 12:44 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-16 09:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-09 14:51 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 1
2009-01-09 13:09 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-01-09 08:43 --------- d-----w c:\program files\Bonjour
2009-01-05 09:01 --------- d-----w c:\program files\Palm
2009-01-04 21:49 --------- d-----w c:\documents and settings\cyril\Application Data\vlc
2009-01-04 21:47 --------- d-----w c:\documents and settings\cyril\Application Data\Apple Computer
2008-12-31 12:56 --------- d-----w c:\documents and settings\admin\Application Data\Nokia
2008-12-19 10:30 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2008-12-19 10:30 --------- d-----w c:\program files\Veetle
2008-12-14 23:12 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 14:18 --------- d-----w c:\program files\Java
2008-12-09 13:25 --------- d-----w c:\documents and settings\admin\Application Data\BearShare
2008-12-09 07:29 --------- d-----w c:\documents and settings\admin\Application Data\MSN6
2008-12-08 20:42 --------- d-----w c:\documents and settings\admin\Application Data\Apple Computer
2008-11-22 17:20 2,829 ----a-w c:\windows\War3Unin.pif
2008-11-22 17:20 139,264 ----a-w c:\windows\War3Unin.exe
2008-11-18 15:48 54,272 ----a-w c:\windows\system32\epfb3cpl.dll
2008-11-18 15:48 45,056 ----a-w c:\windows\system32\essiscsi.dll
2008-11-17 18:37 16,384 ----a-w c:\windows\system32\DsrSleep.dll
2008-11-17 18:36 77,824 ----a-w c:\windows\system32\oopmdisp.exe
2008-11-17 18:36 624,128 ----a-w c:\windows\system32\PDFCreatorPilot2.dll
2008-11-17 18:35 69,632 ----a-w c:\windows\system32\oopmagentts.exe
2008-11-17 18:35 31,232 ----a-w c:\windows\system32\progress.exe
2008-11-17 18:35 26,112 ----a-w c:\windows\system32\oopmpm.dll
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-28_23.02.15,67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-02-02 07:40:51 8,073,216 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0/u0000001\NTUSER.DAT
+ 2009-02-02 07:40:51 315,392 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-02-02 07:40:35 8,073,216 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\NTUSER.DAT
+ 2009-02-02 07:40:35 315,392 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
+ 2007-07-27 13:49:02 196,683 ----a-w c:\windows\LastGood\system32\lnod32apiA.dll
+ 2007-07-27 13:49:02 225,355 ----a-w c:\windows\LastGood\system32\lnod32apiW.dll
+ 2005-12-05 18:25:22 139,264 ----a-w c:\windows\LastGood\system32\lnod32umc.dll
+ 2005-12-05 11:37:10 106,496 ----a-w c:\windows\LastGood\system32\lnod32upd.dll
+ 2008-02-11 08:39:26 253,952 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLA.dll
+ 2008-02-11 08:39:18 237,568 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLW.dll
+ 2008-02-08 12:53:46 110,592 ----a-w c:\windows\LastGood\system32\OnlineScannerLang.dll
+ 2008-02-05 07:48:04 77,824 ----a-w c:\windows\LastGood\system32\OnlineScannerUninstaller.exe
- 2008-08-20 05:37:21 3,081,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:02:12 3,088,896 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 05:37:16 617,984 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 01:01:38 620,544 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-20 05:37:15 663,552 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 01:01:38 670,208 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2009-01-16 09:25:28 636,352 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-06 08:02:21 636,352 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2007-07-27 13:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 13:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-05 18:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 11:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
- 2008-08-20 05:37:21 3,081,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:02:12 3,088,896 ----a-w c:\windows\system32\mshtml.dll
+ 2008-02-11 08:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 08:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 12:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 07:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
- 2008-12-09 13:23:18 40,836 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-01 20:47:28 40,836 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-09 13:23:18 49,494 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-02-01 20:47:28 49,494 ----a-w c:\windows\system32\perfc00C.dat
- 2008-12-09 13:23:18 314,508 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-01 20:47:28 314,508 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-09 13:23:18 370,414 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-02-01 20:47:28 370,414 ----a-w c:\windows\system32\perfh00C.dat
- 2008-04-14 02:33:41 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 01:01:37 1,499,648 ----a-w c:\windows\system32\shdocvw.dll
+ 2004-12-07 09:11:34 258,352 ----a-w c:\windows\system32\unicows.dll
- 2008-08-20 05:37:16 617,984 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 01:01:38 620,544 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-20 05:37:15 663,552 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 01:01:38 670,208 ----a-w c:\windows\system32\wininet.dll
+ 2009-02-06 08:02:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_398.dat
+ 2009-02-06 08:02:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_554.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"jsf8uiw3jnjgffght"="c:\docume~1\admin\LOCALS~1\Temp\winlogin.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-02 4616192]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"ooquickpdfv7"="c:\windows\system32\oopmagentts.exe" [2008-11-17 69632]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"nwiz"="nwiz.exe" [2003-04-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\admin\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-25 113664]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-10-14 299008]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-25 113664]
OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2008-11-17 713728]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0caxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0hwxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"g:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"g:\\Michel\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files\\SopCast\\SopCast.exe"=
"d:\\Program Files\\eChanblard\\emule.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\Warcraft III\\War3.exe"=
"d:\\Program Files\\Steam\\SteamApps\\yahas\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14620:TCP"= 14620:TCP:BitComet 14620 TCP
"14620:UDP"= 14620:UDP:BitComet 14620 UDP
"4662:TCP"= 4662:TCP:eChanblard
"4661:TCP"= 4661:TCP:Echanblard
"4672:TCP"= 4672:TCP:Echanblard
"4665:TCP"= 4665:TCP:Echanblard 4665 UDP
"6112:TCP"= 6112:TCP:cyril
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-14 111184]
R3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);c:\windows\system32\drivers\CamDrL20.sys [2008-11-17 245760]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-17 20560]
S0 ati0caxx;ati0caxx;c:\windows\system32\Drivers\ati0caxx.sys --> c:\windows\system32\Drivers\ati0caxx.sys [?]
S0 ati0hwxx;ati0hwxx;c:\windows\system32\drivers\ati0hwxx.sys [2009-01-27 137856]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-03 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-03 8320]
S3 scsiscan;Pilote de scanneur SCSI;c:\windows\system32\drivers\scsiscan.sys [2008-11-18 11520]
S4 Ipiihirviaw;Ipiihirviaw; [x]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ustart.org
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &T&élécharger &avec BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &T&élécharger tout avec BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &T&élécharger toute vidéo avec BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\
FF - prefs.js: browser.search.selectedEngine - uStart
FF - prefs.js: browser.startup.homepage - hxxp://www.ustart.org
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBitCometAgent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 16:31:57
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
Heure de fin: 2009-02-08 16:33:54
ComboFix-quarantined-files.txt 2009-02-08 15:33:52
ComboFix2.txt 2009-01-28 22:09:36
ComboFix3.txt 2009-01-28 22:03:24
ComboFix4.txt 2009-01-27 22:25:12
ComboFix5.txt 2009-02-08 15:30:52

Avant-CF: 4 495 114 240 octets libres
Après-CF: 4,489,306,112 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
310 --- E O F --- 2009-02-01 15:48:22
0
Réponse 42 / 97
miczfr Messages postés 208 Statut Membre
 
et voici le 2ème rapport comme expliqué ci dessus
ComboFix 09-02-07.01 - admin 2009-02-08 16:41:51.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.895.465 [GMT 1:00]
Lancé depuis: c:\documents and settings\admin\Bureau\meandme.exe
AV: avast! antivirus 4.8.1296 [VPS 090207-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-08 au 2009-02-08 ))))))))))))))))))))))))))))))))))))
.

2009-02-06 14:52 . 2009-02-06 14:52 <REP> d-------- c:\windows\LastGood
2009-02-06 14:36 . 2009-02-06 14:36 <REP> d-------- c:\program files\EsetOnlineScanner
2009-02-05 22:09 . 2009-02-05 22:09 <REP> d-------- C:\_OTMoveIt
2009-02-05 08:20 . 2009-02-05 08:20 <REP> d-------- C:\rsit
2009-02-02 08:42 . 2009-02-02 08:42 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-02 08:40 . 2009-02-02 08:40 <REP> d-------- c:\windows\ERUNT
2009-02-02 08:28 . 2009-02-02 09:33 <REP> d-------- C:\SDFix
2009-01-31 15:06 . 2009-01-31 15:06 <REP> d-------- c:\program files\Hamachi
2009-01-31 15:06 . 2009-01-31 15:06 10,345 --a------ c:\windows\system32\drivers\hamachi.sys
2009-01-31 09:28 . 2008-10-16 02:01 1,499,648 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-01-30 19:36 . 2009-02-01 16:36 <REP> d-------- c:\program files\FindyKill
2009-01-28 11:22 . 2009-01-28 11:22 230 --a------ c:\windows\system32\spupdsvc.inf
2009-01-28 10:52 . 2009-01-30 12:20 <REP> d-------- c:\windows\BDOSCAN8
2009-01-27 20:40 . 2009-01-27 20:40 137,856 --a------ c:\windows\system32\drivers\ati0hwxx.sys
2009-01-27 09:09 . 2009-01-27 09:09 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-01-24 16:17 . 2003-08-04 09:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-01-24 16:17 . 2003-08-04 09:55 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-24 16:17 . 2003-08-04 08:57 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-01-24 16:17 . 2003-08-04 11:22 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-24 16:17 . 2003-08-04 09:55 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-01-24 16:17 . 2003-08-04 09:01 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-24 16:17 . 2003-08-04 09:55 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-24 16:17 . 2003-08-04 09:27 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Symantec
2009-01-24 16:17 . 2003-08-04 11:22 <REP> d-------- c:\documents and settings\Administrateur\Application Data\InterTrust
2009-01-24 16:17 . 2009-01-24 16:17 <REP> d-------- c:\documents and settings\Administrateur
2009-01-23 00:26 . 2009-01-24 16:36 <REP> d-------- c:\documents and settings\cyril\Application Data\cogad
2009-01-22 16:49 . 2009-01-22 16:50 <REP> d-------- c:\documents and settings\cyril\Application Data\_6507f9ad470e757c264b0bc56a89ceed
2009-01-22 14:59 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-01-22 14:59 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-01-22 14:59 . 2009-01-22 14:59 43,008 --a------ c:\windows\system32\chert10-303361.exe
2009-01-22 14:58 . 2009-01-22 14:58 <REP> d-------- c:\program files\Outsim
2009-01-22 14:58 . 2009-01-22 15:01 <REP> d-------- c:\program files\Image-Line
2009-01-22 13:50 . 2009-01-22 13:50 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-01-22 13:34 . 2009-01-22 13:34 108,336 --a------ c:\windows\system32\mswinsck.ocx
2009-01-22 13:31 . 2009-01-22 13:33 <REP> d-------- c:\documents and settings\admin\Application Data\_6507f9ad470e757c264b0bc56a89ceed
2009-01-22 13:24 . 2009-01-22 13:24 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2009-01-16 10:10 . 2009-01-16 10:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-01-14 22:42 . 2008-04-14 03:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-14 22:42 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-14 22:42 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-14 22:42 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-13 20:16 . 2009-02-08 16:16 <REP> d-------- c:\program files\PeerGuardian2
2009-01-12 19:04 . 2009-01-12 19:04 <REP> d-------- c:\windows\system32\syncdb
2009-01-11 15:22 . 2009-01-11 15:22 <REP> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2009-01-11 15:21 . 2009-01-11 15:21 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-09 13:49 . 2009-01-09 13:50 <REP> d-------- c:\documents and settings\admin\Application Data\dvdcss
2009-01-09 09:47 . 2009-01-09 09:47 <REP> d-------- c:\documents and settings\admin\Application Data\Arcsoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 18:19 --------- d-----w c:\program files\Warcraft III
2009-02-02 10:03 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-01 15:54 --------- d-----w c:\documents and settings\admin\Application Data\OFFICEOne7
2009-01-22 12:44 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-16 09:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-09 14:51 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 1
2009-01-09 13:09 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-01-09 08:43 --------- d-----w c:\program files\Bonjour
2009-01-05 09:01 --------- d-----w c:\program files\Palm
2009-01-04 21:49 --------- d-----w c:\documents and settings\cyril\Application Data\vlc
2009-01-04 21:47 --------- d-----w c:\documents and settings\cyril\Application Data\Apple Computer
2008-12-31 12:56 --------- d-----w c:\documents and settings\admin\Application Data\Nokia
2008-12-19 10:30 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2008-12-19 10:30 --------- d-----w c:\program files\Veetle
2008-12-14 23:12 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 14:18 --------- d-----w c:\program files\Java
2008-12-09 13:25 --------- d-----w c:\documents and settings\admin\Application Data\BearShare
2008-12-09 07:29 --------- d-----w c:\documents and settings\admin\Application Data\MSN6
2008-12-08 20:42 --------- d-----w c:\documents and settings\admin\Application Data\Apple Computer
2008-11-22 17:20 2,829 ----a-w c:\windows\War3Unin.pif
2008-11-22 17:20 139,264 ----a-w c:\windows\War3Unin.exe
2008-11-18 15:48 54,272 ----a-w c:\windows\system32\epfb3cpl.dll
2008-11-18 15:48 45,056 ----a-w c:\windows\system32\essiscsi.dll
2008-11-17 18:37 16,384 ----a-w c:\windows\system32\DsrSleep.dll
2008-11-17 18:36 77,824 ----a-w c:\windows\system32\oopmdisp.exe
2008-11-17 18:36 624,128 ----a-w c:\windows\system32\PDFCreatorPilot2.dll
2008-11-17 18:35 69,632 ----a-w c:\windows\system32\oopmagentts.exe
2008-11-17 18:35 31,232 ----a-w c:\windows\system32\progress.exe
2008-11-17 18:35 26,112 ----a-w c:\windows\system32\oopmpm.dll
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-02 4616192]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"ooquickpdfv7"="c:\windows\system32\oopmagentts.exe" [2008-11-17 69632]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"nwiz"="nwiz.exe" [2003-04-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\admin\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-25 113664]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-10-14 299008]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-25 113664]
OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2008-11-17 713728]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0caxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0hwxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"g:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"g:\\Michel\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files\\SopCast\\SopCast.exe"=
"d:\\Program Files\\eChanblard\\emule.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"d:\\Program Files\\Warcraft III\\War3.exe"=
"d:\\Program Files\\Steam\\SteamApps\\yahas\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14620:TCP"= 14620:TCP:BitComet 14620 TCP
"14620:UDP"= 14620:UDP:BitComet 14620 UDP
"4662:TCP"= 4662:TCP:eChanblard
"4661:TCP"= 4661:TCP:Echanblard
"4672:TCP"= 4672:TCP:Echanblard
"4665:TCP"= 4665:TCP:Echanblard 4665 UDP
"6112:TCP"= 6112:TCP:cyril
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-14 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-17 20560]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-21 38496]
R3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);c:\windows\system32\drivers\CamDrL20.sys [2008-11-17 245760]
S0 ati0caxx;ati0caxx;c:\windows\system32\Drivers\ati0caxx.sys --> c:\windows\system32\Drivers\ati0caxx.sys [?]
S0 ati0hwxx;ati0hwxx;c:\windows\system32\drivers\ati0hwxx.sys [2009-01-27 137856]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-03 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-03 8320]
S3 scsiscan;Pilote de scanneur SCSI;c:\windows\system32\drivers\scsiscan.sys [2008-11-18 11520]
S4 Ipiihirviaw;Ipiihirviaw; [x]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ustart.org
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &T&élécharger &avec BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &T&élécharger tout avec BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &T&élécharger toute vidéo avec BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\
FF - prefs.js: browser.search.selectedEngine - uStart
FF - prefs.js: browser.startup.homepage - hxxp://www.ustart.org
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBitCometAgent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 16:43:18
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-02-08 16:45:01
ComboFix-quarantined-files.txt 2009-02-08 15:44:58
ComboFix2.txt 2009-02-08 15:33:56
ComboFix3.txt 2009-01-28 22:09:36
ComboFix4.txt 2009-01-28 22:03:24
ComboFix5.txt 2009-02-08 15:41:08

Avant-CF: 4 451 069 952 octets libres
Après-CF: 4,438,114,304 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
252 --- E O F --- 2009-02-01 15:48:22
0
Réponse 43 / 97
miczfr Messages postés 208 Statut Membre
 
voici pour mémoire (aprés les 2 rapports combofix postés ci-dessus) le virus ôté quatidiennement par malwarebytes:

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 44 / 97
Utilisateur anonyme
 
salut relance rsit stp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 97
miczfr Messages postés 208 Statut Membre
 
le rapport rsti
Logfile of random's system information tool 1.05 (written by random/random)
Run by admin at 2009-02-09 10:01:07
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 2 GB (8%) free of 29 GB
Total RAM: 895 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:25, on 09/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\oopmagentts.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Documents and Settings\admin\Bureau\RSIT.exe
C:\Documents and Settings\admin\Bureau\GenProc\outil\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagentts.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\admin\LOCALS~1\Temp\winlogin.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: &T&élécharger &avec BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &T&élécharger tout avec BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &T&élécharger toute vidéo avec BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 46 / 97
miczfr Messages postés 208 Statut Membre
 
voici le 2ème rapport mais daté différemment?!?!
info.txt logfile of random's system information tool 1.05 2009-02-05 08:20:50

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS4-->C:\Program Files\Fichiers communs\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Agere Systems AC'97 Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASIO4ALL-->D:\Program Files\ASIO4ALL v2\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BearShare-->D:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe D:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE /U D:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
BitComet 1.06-->D:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Ciel Devis Factures 6.0-->MsiExec.exe /I{F29DDAD0-447D-4BDB-80CB-4276B4D5C9A7}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Counter-Strike: Source-->"D:\Program Files\Steam\steam.exe" steam://uninstall/240
Enregistrement en ligne VAIO (Français)-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l1036
EPSON Personal Copy V2.01-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Epson\PCopyV20\DeIsL1.isu"
EPSON Scan! II-->C:\WINDOWS\uninst.exe -fD:\EPSCAN2\DeIsL1.isu
EPSON TWAIN-->C:\WINDOWS\unin040c.exe -fC:\WINDOWS\TWAIN_32\EPFB3\DeIsL4.isu
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
FL Studio 8-->D:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Hamachi 0.9.9.9-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
ISP Selector (Français)-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0E3F1A40-3104-4C76-8A2D-2CC2ED414BD1} /l1036
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010F0}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam-->MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.1b1)-->C:\Program Files\Mozilla Firefox 3.1 Beta 1\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero 7 Essentials-->MsiExec.exe /X{BC61F51E-8AF7-46B9-AF20-B33B5EE81036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{CBDE9C7D-CF52-4558-B23E-B66359CB586A}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_fre.exe
Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
Nokia Software Updater-->MsiExec.exe /X{0332234E-09D1-4B74-A5F3-73E34BA29F5B}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsy.inf
OFFICE One 150 Templates v7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA147801-8946-4BBE-BE17-A2199CE52C81}\setup.exe" -l0x40c -removeonly
OFFICE One 7.0-->MsiExec.exe /I{EA7D2E55-386E-488D-9880-F6B939534AAE}
OFFICE One BankPerfect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2AE949D0-89B5-479B-A2C3-3482F68C1E7E}\setup.exe" -l0x40c -removeonly
OFFICE One ClipArt v7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8F3555E-B918-445E-97D1-BC4861C4EF59}\setup.exe" -l0x40c -removeonly
OFFICE One Fonts v7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC0C788C-7C68-47A9-BFBF-0DF7B205B4CC}\setup.exe" -l0x40c -removeonly
OFFICE One Games - Bomberic 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4427003-AE4B-4D1E-A54A-E2F1E5D5B219}\setup.exe" -l0x40c -removeonly
OFFICE One Games - Pharaohs Curse-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6B10961-45A0-48AD-BB50-777A99286B39}\setup.exe" -l0x40c -removeonly
OFFICE One Games - Rainbow Islands Candyland-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3149B9A3-85FD-4E1C-8C20-2402863B36F0}\setup.exe" -l0x40c -removeonly
OFFICE One Games - Robots-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C42E03E9-E897-4D96-968F-24BFF2D693CF}\setup.exe" -l0x40c -removeonly
OFFICE One Games - The Postman-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80A88659-E13D-46C8-8BDC-312A8F1FE8A2}\setup.exe" -l0x40c -removeonly
OFFICE One Games - Water in Fire 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C78D647E-3895-4621-A1F7-BD62784B95B4}\setup.exe" -l0x40c -removeonly
OFFICE One License v7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1A7B28B-AA31-442C-A4FA-598B65A7F5DA}\setup.exe" -l0x40c -removeonly
OFFICE One Menu v7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85C5827E-106F-4497-8066-B7CFEBBEA91D}\setup.exe" -l0x40c -removeonly
OFFICE One Notes v7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D2683BE-2C44-4DB5-BECD-87B324077A7F}\setup.exe" -l0x40c -removeonly
OFFICE One QuickPDF v7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D85E64FE-A7F1-496B-858F-4D55A622C50D}\setup.exe" -l0x40c -removeonly
OFFICE One QuickZip v7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87DEF84E-51A5-4A0E-91C2-E012E92DE69B}\setup.exe" -l0x40c -removeonly
OFFICE One Safety-Box v7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B243ABE9-57C2-4B97-BA6B-37DF6C0208ED}\setup.exe" -l0x40c -removeonly
OFFICE One Startup v7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEC30F06-A382-47D1-B828-859AC641EB1D}\setup.exe" -l0x40c -removeonly
OFFICE One v7 Paint.net-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FE38EFA-06B3-4FC0-A06B-B173A3E3422E}\setup.exe" -l0x40c -removeonly
Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Package de pilotes Windows - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Package de pilotes Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Palm Desktop-->MsiExec.exe /X{99529516-4696-483A-A235-5D340A2B35EF}
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Presto! PageManager for EPSON-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL1.isu"
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sony DV Shared Library-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
SopCast 3.0.1-->D:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
VAIO BrightColor Wallpaper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\Setup.exe" -l0x9
VAIO Clock Screen Saver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D057E97-A116-4BF9-B307-83C3FBD86515}\Setup.exe" -l0x9
VAIO DeepSea Wallpaper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3147661C-2807-49EC-B971-3B0F23D95018}\Setup.exe" -l0x9
VAIO System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2366D960-F00F-11D3-99D3-00C04FCCB775}\Setup.exe" -l0x40c
Veetle TV Player 0.9.11-->C:\Program Files\Veetle\VLC\uninstall.exe
Veetle TV Player 0.9.11-->C:\WINDOWS\UninstVeetleTVPlayer.exe
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}

=====HijackThis Backups=====

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.vaio-link.com
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: EPSON Scanner Monitor.lnk = C:\WINDOWS\twain_32\EPEM\EPSONEM.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090204-0]

System event log

Computer Name: NOM-C8L554V1PLQ
Event Code: 7
Message: Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Record Number: 13384
Source Name: Disk
Time Written: 20090127085147.000000+060
Event Type: erreur
User:

Computer Name: NOM-C8L554V1PLQ
Event Code: 7
Message: Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Record Number: 13383
Source Name: Disk
Time Written: 20090127085144.000000+060
Event Type: erreur
User:

Computer Name: NOM-C8L554V1PLQ
Event Code: 7
Message: Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Record Number: 13382
Source Name: Disk
Time Written: 20090127085142.000000+060
Event Type: erreur
User:

Computer Name: NOM-C8L554V1PLQ
Event Code: 7
Message: Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Record Number: 13381
Source Name: Disk
Time Written: 20090127085140.000000+060
Event Type: erreur
User:

Computer Name: NOM-C8L554V1PLQ
Event Code: 7
Message: Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Record Number: 13380
Source Name: Disk
Time Written: 20090127085138.000000+060
Event Type: erreur
User:

Application event log

Computer Name: NOM-C8L554V1PLQ
Event Code: 11728
Message: Produit : Microsoft Office Professional Edition 2003 -- La configuration s'est terminée correctement.

Record Number: 183
Source Name: MsiInstaller
Time Written: 20081124132937.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: NOM-C8L554V1PLQ
Event Code: 1022
Message: Produit : Microsoft Office Professional Edition 2003 - La mise à jour 'Update for Outlook 2003: Junk E-mail Filter (KB957832): OUTLFLTR' a été installée.

Record Number: 182
Source Name: MsiInstaller
Time Written: 20081124132937.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: NOM-C8L554V1PLQ
Event Code: 11728
Message: Produit : Module de compatibilité pour Microsoft Office System 2007 -- La configuration s'est terminée correctement.

Record Number: 181
Source Name: MsiInstaller
Time Written: 20081124132922.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: NOM-C8L554V1PLQ
Event Code: 1022
Message: Produit : Module de compatibilité pour Microsoft Office System 2007 - La mise à jour 'Security Update for Microsoft Office system 2007 (KB951808)' a été installée.

Record Number: 180
Source Name: MsiInstaller
Time Written: 20081124132922.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: NOM-C8L554V1PLQ
Event Code: 11728
Message: Produit : Module de compatibilité pour Microsoft Office System 2007 -- La configuration s'est terminée correctement.

Record Number: 179
Source Name: MsiInstaller
Time Written: 20081124132918.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Adobe\AGL
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
0
Réponse 47 / 97
Utilisateur anonyme
 
télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau
Pour Vista : Désactive l'UAC jusqu'à la résolution du problème http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/desactiver-controle-utilisateurs-sujet_198996_1.htm
dézippe le dossier, double-clique sur GenProc.bat
et poste le contenu du rapport qui s'ouvre
0
Réponse 48 / 97
miczfr Messages postés 208 Statut Membre
 
Initialisation GenProc 2.361 [09/02/2009] à [14:28:20,46]

*** Liste des composants GenProc ***

C:\Documents and Settings\admin\Bureau\GenProc\Arguments
C:\Documents and Settings\admin\Bureau\GenProc\Canned
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog
C:\Documents and Settings\admin\Bureau\GenProc\GenProc.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil
C:\Documents and Settings\admin\Bureau\GenProc\Page
C:\Documents and Settings\admin\Bureau\GenProc\Arguments\Argument.txt
C:\Documents and Settings\admin\Bureau\GenProc\Arguments\Debug.txt
C:\Documents and Settings\admin\Bureau\GenProc\Arguments\design.css
C:\Documents and Settings\admin\Bureau\GenProc\Arguments\GenProc[2].txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\A-Squared.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Bagle2_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\bfu_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\CCleaner_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\FixWareOut_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\FixWebHancer_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\FixWebHancer_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Flash_Disinfector_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Flash_Disinfector_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\FxNdotN_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\FxNdotN_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Haxfix_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Look2me_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Look2me_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Lop_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Lop_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\MSE1.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\MSNfix_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\MSNfix_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Navilog1_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Navilog1_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Purity_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Purity_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\RemGAIN_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\RemGAIN_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\rustock_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\ScanAntivirusNod32.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\ScanAntivirusPanda.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\SDfix_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\SDfix_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\SmitfraudFix_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\SmitfraudFix_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\SpywareTerminator.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\TeaTimer.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\ToolbarSD_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\ToolbarSD_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\ToolCleaner.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Vundo_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Vundo_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Vundo_Recovery_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Winsoftware_bfu_Dl.txt
C:\Documents and Settings\admin\Bureau\GenProc\Canned\Winsoftware_bfu_Exec.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\BagleLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\FlashLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\HaxfixLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\LopLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\MSNFixLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\NaviLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\PurityLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\RemGainLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\SDfixLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\SmitLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\ToolbarSDLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\VundoLog.txt
C:\Documents and Settings\admin\Bureau\GenProc\ChangeLog\WinSoftware.txt
C:\Documents and Settings\admin\Bureau\GenProc\outil\1.txt
C:\Documents and Settings\admin\Bureau\GenProc\outil\admin.exe
C:\Documents and Settings\admin\Bureau\GenProc\outil\BlocageDate.vbs
C:\Documents and Settings\admin\Bureau\GenProc\outil\CCleanerOK.txt
C:\Documents and Settings\admin\Bureau\GenProc\outil\commandes.sed
C:\Documents and Settings\admin\Bureau\GenProc\outil\CompareDate.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil\curl.exe
C:\Documents and Settings\admin\Bureau\GenProc\outil\Curl_HJT.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil\DateInst.txt
C:\Documents and Settings\admin\Bureau\GenProc\outil\EnableWSH.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil\Exclusions.txt
C:\Documents and Settings\admin\Bureau\GenProc\outil\Excl_HJT.txt
C:\Documents and Settings\admin\Bureau\GenProc\outil\getmsiinfo.vbs
C:\Documents and Settings\admin\Bureau\GenProc\outil\Google.txt
C:\Documents and Settings\admin\Bureau\GenProc\outil\grep.exe
C:\Documents and Settings\admin\Bureau\GenProc\outil\HijackTHis.exe
C:\Documents and Settings\admin\Bureau\GenProc\outil\hijackthis.log
C:\Documents and Settings\admin\Bureau\GenProc\outil\HJT1.txt
C:\Documents and Settings\admin\Bureau\GenProc\outil\info.vbs
C:\Documents and Settings\admin\Bureau\GenProc\outil\Lancements.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil\libiconv2.dll
C:\Documents and Settings\admin\Bureau\GenProc\outil\libintl3.dll
C:\Documents and Settings\admin\Bureau\GenProc\outil\message.vbs
C:\Documents and Settings\admin\Bureau\GenProc\outil\Norton.vbs
C:\Documents and Settings\admin\Bureau\GenProc\outil\OSVers.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil\pcre3.dll
C:\Documents and Settings\admin\Bureau\GenProc\outil\regex2.dll
C:\Documents and Settings\admin\Bureau\GenProc\outil\sed.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil\sed.exe
C:\Documents and Settings\admin\Bureau\GenProc\outil\Son.vbs
C:\Documents and Settings\admin\Bureau\GenProc\outil\supprime.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil\swreg.exe
C:\Documents and Settings\admin\Bureau\GenProc\outil\tasklist.exe
C:\Documents and Settings\admin\Bureau\GenProc\outil\Termine.wav
C:\Documents and Settings\admin\Bureau\GenProc\outil\UAC.vbs
C:\Documents and Settings\admin\Bureau\GenProc\outil\Uninstall.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil\uniq.exe
C:\Documents and Settings\admin\Bureau\GenProc\outil\Var.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil\Web.bat
C:\Documents and Settings\admin\Bureau\GenProc\outil\[2].txt
C:\Documents and Settings\admin\Bureau\GenProc\Page\GenProcPage
C:\Documents and Settings\admin\Bureau\GenProc\Page\GenProc[1].html
C:\Documents and Settings\admin\Bureau\GenProc\Page\GenProc[2].html
C:\Documents and Settings\admin\Bureau\GenProc\Page\GenProcPage\1.gif
C:\Documents and Settings\admin\Bureau\GenProc\Page\GenProcPage\2.gif
C:\Documents and Settings\admin\Bureau\GenProc\Page\GenProcPage\4.gif
C:\Documents and Settings\admin\Bureau\GenProc\Page\GenProcPage\aide.gif
C:\Documents and Settings\admin\Bureau\GenProc\Page\GenProcPage\design.css
C:\Documents and Settings\admin\Bureau\GenProc\Page\GenProcPage\important.gif

*** Liste des étapes franchies avec succès ***

TeaTimer
Tests infections
Bagle
WareOut
Haxfix
lop
Navipromo
WinSoftware
ToolbarSD
Vundo
Smitfraud
SDfix
WebHancer
RemGain
NewDotNet
Purity
Look2Me
MSNFix
Flash
Bilan
cURL_HJT

ScanAntivirus
0
Réponse 49 / 97
Utilisateur anonyme
 
ce n est pas le rapport qui c est ouvert au moment de l analyse
0
Réponse 50 / 97
miczfr Messages postés 208 Statut Membre
 
je n'ai pas de rapport qui s'ouvre si ce n'est:

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

__________________________________________________________________________________________________________

Sites officiels GenProc : alt-shift-return.org et GenProc.com

ENSUITE LE SCAN EN LIGNE A ENFIN FONCTIONNE? PAR CONTRE JE NE TROUVE PAS DE RAPPORT ET LE SITE ME PROPOSE D'ACHETER ESET NOD32.IL A TROUVE 6 VIRUS
OU SE TROUVE LE RAPPORT? je crois l'avoir trouvé
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3839 (20090209)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=f96729ac3e23214a9cb41cbf746c4283
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2009-02-09 06:35:23
# local_time=2009-02-09 07:35:23 (+0100, Paris, Madrid)
# country="France"
# osver=5.1.2600 NT Service Pack 3
# scanned=361986
# found=6
# scan_time=3802
C:\Documents and Settings\admin\Application Data\_6507f9ad470e757c264b0bc56a89ceed\down\chimera.exe000 Win32/Spy.Banker.QFH trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\admin\Application Data\_6507f9ad470e757c264b0bc56a89ceed\down\chimera000.exe Win32/Delf.NYG trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\admin\Application Data\_6507f9ad470e757c264b0bc56a89ceed\down\im000.exe Win32/TrojanDownloader.Agent.OTF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\admin\Application Data\_6507f9ad470e757c264b0bc56a89ceed\down\__uptd2831.exe Win32/VB.NWF trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\cyril\Application Data\_6507f9ad470e757c264b0bc56a89ceed\down\chimera.exe000 Win32/Spy.Banker.QFH trojan (unable to clean - deleted) 00000000000000000000000000000000
0
Réponse 51 / 97
Utilisateur anonyme
 
salut apparement c est bon ils ont ete supprimé :)
0
Réponse 52 / 97
miczfr Messages postés 208 Statut Membre
 
ben non!!
malwarebytes en trouve toujours, cet aprés midi 2 et ce soir toujours le meme

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1742
Windows 5.1.2600 Service Pack 3

11/02/2009 00:48:41
mbam-log-2009-02-11 (00-48-33).txt

Type de recherche: Examen rapide
Eléments examinés: 62530
Temps écoulé: 3 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 53 / 97
Utilisateur anonyme
 
bien bonsoir et bien il est coriace celui la !!!!

on va tenter ceci et si on reste bredouille j'irai chercher de l'aide de superieurs car ce ne sera plus de mon ressort :

Télécharger Smitfraudfix par S!RI :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

Décompresser l'archive
Exécuter le en double cliquant sur Smitfraudfix.cmd
Appuyer sur une touche pour continuer
Arriver à l'invite de commande, saisir la lettre L afin de basculer le fix en langue française
Au menu, choisir l’option 4 puis 1 : Recherche
Poster le rapport ainsi généré
0
Réponse 54 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

---> Fais analyser ce fichier : c:\windows\system32\drivers\ati0hwxx.sys

---> Sur VirusTotal et poste le lien de l'analyse.
0
Réponse 55 / 97
miczfr Messages postés 208 Statut Membre
 
bonjour-soir
voilà pour la première de mande
SmitFraudFix v2.395

Rapport fait à 8:57:23,96, 11/02/2009
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\oopmagentts.exe
C:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\admin

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\admin\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\admin\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\admin\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C284F1E-DAF4-4C69-9A29-5A48B025165A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C284F1E-DAF4-4C69-9A29-5A48B025165A}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 56 / 97
Utilisateur anonyme
 
ok bonjour tu peux suivre ce que t a demande Destrio5 stp ?
0
Réponse 57 / 97
miczfr Messages postés 208 Statut Membre
 
et voici pour virus total et le fichier

Fichier ati0hwxx.sys reçu le 2009.02.11 10:04:50 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.11 -
AhnLab-V3 5.0.0.2 2009.02.11 -
AntiVir 7.9.0.76 2009.02.11 TR/Rootkit.Gen
Authentium 5.1.0.4 2009.02.11 W32/SpamAgent.B.gen!Eldorado
Avast 4.8.1335.0 2009.02.10 -
AVG 8.0.0.229 2009.02.10 Win32/Rustock.G
BitDefender 7.2 2009.02.11 -
CAT-QuickHeal 10.00 2009.02.11 -
ClamAV 0.94.1 2009.02.11 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.11 -
eSafe 7.0.17.0 2009.02.09 -
eTrust-Vet 31.6.6349 2009.02.11 -
F-Prot 4.4.4.56 2009.02.10 W32/SpamAgent.B.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.11 -
Fortinet 3.117.0.0 2009.02.11 -
GData 19 2009.02.11 -
Ikarus T3.1.1.45.0 2009.02.11 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.11 -
McAfee 5522 2009.02.10 -
McAfee+Artemis 5522 2009.02.10 -
Microsoft 1.4306 2009.02.11 Spammer:Win32/Rlsloup.B
NOD32 3844 2009.02.11 -
Norman 6.00.02 2009.02.11 -
nProtect 2009.1.8.0 2009.02.11 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.11 -
Rising 21.16.21.00 2009.02.11 -
SecureWeb-Gateway 6.7.6 2009.02.11 Trojan.Rootkit.Gen
Sophos 4.38.0 2009.02.11 -
Sunbelt 3.2.1851.2 2009.02.10 -
Symantec 10 2009.02.11 -
TheHacker 6.3.1.85.252 2009.02.11 -
TrendMicro 8.700.0.1004 2009.02.11 -
VBA32 3.12.8.12 2009.02.11 -
ViRobot 2009.2.10.1599 2009.02.11 -
VirusBuster 4.5.11.0 2009.02.10 -
Information additionnelle
File size: 137856 bytes
MD5...: d2f73c7478e4c7d5f631ee2a39023932
SHA1..: 355b151e2c23ce4b0311a3f5f869a347477c2c1b
SHA256: 34f00ff084755833d59c6474143073097767839ecae8fed3f4685519cf66c591
SHA512: e764f5d4d1263316ce01d77f639f39e183f97c9eedb2470a5ef94eb2e8f3f9ea<br>0638995d1ba3dbcfea52a161c3761e2ce8344041531aa99b69bc7cdd68334997<br>
ssdeep: 3072:JWw2ATIN9QQzDO/0UdHr9yK5XYB24mm5GRPE1hPK8Vo:v2ATvQ3QAKVa24w<br>RM28<br>
PEiD..: -
TrID..: File type identification<br>Generic Win/DOS Executable (49.6%)<br>DOS Executable Generic (49.5%)<br>VXD Driver (0.7%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x21400<br>timedatestamp.....: 0x497f4773 (Tue Jan 27 17:42:11 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.data 0x220 0x211df 0x211e0 7.96 eeb990979eb6b8f137802212bcd9747c<br>.text 0x21400 0x283 0x2a0 5.60 d8485e074a1404fa5c582ee9217fede7<br>.idata 0x216a0 0x320 0x320 4.92 2b183e86437bb45590a913b314d0e1b5<br>.reloc 0x219c0 0xb4 0xc0 5.06 13ae5d86c15be5a6fadf857ebd32ddc0<br><br>( 1 imports ) <br>> ntoskrnl.exe: RtlInitializeUnicodePrefix, ZwQuerySystemInformation, ExAllocatePoolWithTag, KeTickCount, KeQueryTimeIncrement, PsDereferenceImpersonationToken, strncpy, ObfReferenceObject, InbvDisplayString, PsLookupThreadByThreadId, ZwCreateKey, strncmp, IoGetDeviceInterfaces, NtOpenProcessToken, KeBugCheckEx, MmMapLockedPagesSpecifyCache, IoGetCurrentProcess, RtlAnsiCharToUnicodeChar, _except_handler3, ObReferenceObjectByHandle, DbgPrint, strstr, wcsncpy, IoCheckQuerySetVolumeInformation, ExFreePoolWithTag<br><br>( 0 exports ) <br>

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.11 -
AhnLab-V3 5.0.0.2 2009.02.11 -
AntiVir 7.9.0.76 2009.02.11 TR/Rootkit.Gen
Authentium 5.1.0.4 2009.02.11 W32/SpamAgent.B.gen!Eldorado
Avast 4.8.1335.0 2009.02.10 -
AVG 8.0.0.229 2009.02.10 Win32/Rustock.G
BitDefender 7.2 2009.02.11 -
CAT-QuickHeal 10.00 2009.02.11 -
ClamAV 0.94.1 2009.02.11 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.11 -
eSafe 7.0.17.0 2009.02.09 -
eTrust-Vet 31.6.6349 2009.02.11 -
F-Prot 4.4.4.56 2009.02.10 W32/SpamAgent.B.gen!Eldorado
F-Secure 8.0.14470.0 2009.02.11 -
Fortinet 3.117.0.0 2009.02.11 -
GData 19 2009.02.11 -
Ikarus T3.1.1.45.0 2009.02.11 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.11 -
McAfee 5522 2009.02.10 -
McAfee+Artemis 5522 2009.02.10 -
Microsoft 1.4306 2009.02.11 Spammer:Win32/Rlsloup.B
NOD32 3844 2009.02.11 -
Norman 6.00.02 2009.02.11 -
nProtect 2009.1.8.0 2009.02.11 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.11 -
Rising 21.16.21.00 2009.02.11 -
SecureWeb-Gateway 6.7.6 2009.02.11 Trojan.Rootkit.Gen
Sophos 4.38.0 2009.02.11 -
Sunbelt 3.2.1851.2 2009.02.10 -
Symantec 10 2009.02.11 -
TheHacker 6.3.1.85.252 2009.02.11 -
TrendMicro 8.700.0.1004 2009.02.11 -
VBA32 3.12.8.12 2009.02.11 -
ViRobot 2009.2.10.1599 2009.02.11 -
VirusBuster 4.5.11.0 2009.02.10 -

Information additionnelle
File size: 137856 bytes
MD5...: d2f73c7478e4c7d5f631ee2a39023932
SHA1..: 355b151e2c23ce4b0311a3f5f869a347477c2c1b
SHA256: 34f00ff084755833d59c6474143073097767839ecae8fed3f4685519cf66c591
SHA512: e764f5d4d1263316ce01d77f639f39e183f97c9eedb2470a5ef94eb2e8f3f9ea<br>0638995d1ba3dbcfea52a161c3761e2ce8344041531aa99b69bc7cdd68334997<br>
ssdeep: 3072:JWw2ATIN9QQzDO/0UdHr9yK5XYB24mm5GRPE1hPK8Vo:v2ATvQ3QAKVa24w<br>RM28<br>
PEiD..: -
TrID..: File type identification<br>Generic Win/DOS Executable (49.6%)<br>DOS Executable Generic (49.5%)<br>VXD Driver (0.7%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x21400<br>timedatestamp.....: 0x497f4773 (Tue Jan 27 17:42:11 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.data 0x220 0x211df 0x211e0 7.96 eeb990979eb6b8f137802212bcd9747c<br>.text 0x21400 0x283 0x2a0 5.60 d8485e074a1404fa5c582ee9217fede7<br>.idata 0x216a0 0x320 0x320 4.92 2b183e86437bb45590a913b314d0e1b5<br>.reloc 0x219c0 0xb4 0xc0 5.06 13ae5d86c15be5a6fadf857ebd32ddc0<br><br>( 1 imports ) <br>> ntoskrnl.exe: RtlInitializeUnicodePrefix, ZwQuerySystemInformation, ExAllocatePoolWithTag, KeTickCount, KeQueryTimeIncrement, PsDereferenceImpersonationToken, strncpy, ObfReferenceObject, InbvDisplayString, PsLookupThreadByThreadId, ZwCreateKey, strncmp, IoGetDeviceInterfaces, NtOpenProcessToken, KeBugCheckEx, MmMapLockedPagesSpecifyCache, IoGetCurrentProcess, RtlAnsiCharToUnicodeChar, _except_handler3, ObReferenceObjectByHandle, DbgPrint, strstr, wcsncpy, IoCheckQuerySetVolumeInformation, ExFreePoolWithTag<br><br>( 0 exports ) <br>
0
Réponse 58 / 97
Utilisateur anonyme
 
bon ok il avait raison c est bien un sale rootkit :

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
Ipiihirviaw
ati0caxx
ati0hwxx

:files
C:\WINDOWS\system32\chert10-303361.exe
c:\windows\system32\drivers\ati0hwxx.sys
c:\windows\system32\Drivers\ati0caxx.sys
C:\DOCUME~1\admin\LOCALS~1\Temp\winlogin.exe

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0caxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0hwxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0caxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0hwxx.sys]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"jsf8uiw3jnjgffght"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 59 / 97
miczfr Messages postés 208 Statut Membre
 
voici le rapport
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service Ipiihirviaw stopped successfully.
Service Ipiihirviaw deleted successfully.
Service ati0caxx stopped successfully.
Service ati0caxx deleted successfully.
Service ati0hwxx stopped successfully.
Service ati0hwxx deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\chert10-303361.exe moved successfully.
c:\windows\system32\drivers\ati0hwxx.sys moved successfully.
File/Folder c:\windows\system32\Drivers\ati0caxx.sys not found.
File/Folder C:\DOCUME~1\admin\LOCALS~1\Temp\winlogin.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0caxx.sys\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0hwxx.sys\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0caxx.sys\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0hwxx.sys\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jsf8uiw3jnjgffght deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\etilqs_P2cH47CGhm8a9raHfPKD scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\NGLALog.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02112009_111350

Files moved on Reboot...
File C:\DOCUME~1\admin\LOCALS~1\Temp\etilqs_P2cH47CGhm8a9raHfPKD not found!
C:\DOCUME~1\admin\LOCALS~1\Temp\NGLALog.txt moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6c.dat not found!
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hai7f4oq.default\XUL.mfl moved successfully.
0
Réponse 60 / 97
Utilisateur anonyme
 
ok vide tes quarantaines s il y a lieu et relance MBAM apres redemarrage et mise a jour
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses