Sujet Précédent Sujet Suivant

Infections multiples

Rockfr -  
 Rockfr -
Bonjour,
J'ai un très gros problème : je possède antivir et j'avais déja un ou deux virus qui revenaient de temps en temps que je bloquais automatiquement. Mais là, j'ai un trojan nommé crypt.xdr.gen qui apparait environ toutes les 45 secondes. Quoi que je fasse, il revient ayant infecté un différent fichier du system 32 et une fois sur 4 après la detection, un message apparait me disant que je dois enregistrer mes données car mon ordi va s'éteindre dans 10 secondes (provoqué par AUTORITéNT\system ou un truc comme ca). Au bout de la 2eme extinction, j'ai créer un executable (shutdown.exe -a) afin de stopper l'arrêt de mon ordinateur. Mais je ne peut plus rien faire car car le cheval de troie surgit en permanence. Aidez moi svp ; j'ai scanné mon pc avec antivir et spybot, mais rien n'y fait...

18 réponses

Réponse 1 / 18
Rockfr
 
up svp
(dsl pour le double post mais c'est urgent)
0
Réponse 2 / 18
Utilisateur anonyme
 
• Télécharge : http://images.malwareremoval.com/random/RSIT.exe

/!\ Important (Sous Vista) /!\
Vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur 'Continue' à l'écran Disclaimer.
• Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
• CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
• tuto: : https://www.androidworld.fr/

0
Réponse 3 / 18
Rockfr
 
info.txt logfile of random's system information tool 1.06 2009-06-28 16:13:19

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"F:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AssaultCube v1.0-->"F:\Program Files\AssaultCube_v1.0\uninstall.exe"
ATI - Software Uninstall Utility-->F:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 F:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->F:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"F:\Program Files\CCleaner\uninst.exe"
Coffret de pilotes Logitech QuickCam-->"F:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"F:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Counter-Strike Source LAN Edition-->F:\WINDOWS\Counter-Strike Source LAN Edition Uninstaller.exe
Cube-->"F:\Program Files\Cube\uninstall.exe"
Edimax Wireless LAN-->F:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe -runfromtemp -l0x0009 -removeonly
Female Voice Pack-->MsiExec.exe /I{59A614F6-27DE-4F65-A173-554A26DA2DEE}
Garena-->F:\Program Files\Garena\uninst.exe
GIMP 2.6.6-->"F:\Program Files\GIMP-2.0\setup\unins000.exe"
High Definition Audio Driver Package - KB888111-->"F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"F:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Install(US)2-->F:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
IZArc 4.0 beta 1-->"F:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
JMB36X Raid Configurer-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x40c -removeonly
Keycraft (remove only)-->"F:\Program Files\Warcraft III\Keycraft\uninstall.exe"
Le Seigneur des anneaux Online : Les Ombres d'Angmar v01.04.00.-->"F:\Program Files\Codemasters\Le Seigneur des anneaux Online\unins000.exe"
LG PC Suite II-->F:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->F:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->f:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MorphVOX Junior-->MsiExec.exe /I{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}
MorphVOX Pro-->MsiExec.exe /I{10C6EB34-4423-4DBA-AECA-76540029FF83}
Mozilla Firefox (3.0.11)-->F:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Card Reader-->F:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645}
OpenAL-->"F:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC}
Realtek High Definition Audio Driver-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
S4 League_EU-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\setup.exe" -l0x9
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2-->"F:\Program Files\Teamspeak2_RC2\unins000.exe"
VLC media player 0.9.9-->F:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III-->F:\Program Files\Fichiers communs\Blizzard Entertainment\Warcraft III\Uninstall.exe
Warkeys 1.13.1.0b-->F:\Program Files\Warkeys\uninst.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"F:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
XML Paper Specification Shared Components Language Pack 1.0-->"F:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yu-Gi-Oh Virtual Battle 5.20-->F:\Program Files\Yu-Gi-Oh Virtual Battle 5\Uninstal.exe
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: XPSP2-9A0D958F9
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 3448
Source Name: Service Control Manager
Time Written: 20090615171717.000000+120
Event Type: Informations
User: XPSP2-9A0D958F9\Rockfr

Computer Name: XPSP2-9A0D958F9
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 3447
Source Name: Service Control Manager
Time Written: 20090615171717.000000+120
Event Type: Informations
User:

Computer Name: XPSP2-9A0D958F9
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{71CF33D4-1F48-4B35-832C-AE24D6C47809} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 3446
Source Name: Tcpip
Time Written: 20090615171230.000000+120
Event Type: Informations
User:

Computer Name: XPSP2-9A0D958F9
Event Code: 17
Message: AVGNTFLT successfully loaded

Record Number: 3445
Source Name: avgntflt
Time Written: 20090615171230.000000+120
Event Type: Informations
User:

Computer Name: XPSP2-9A0D958F9
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{71CF33D4-1F48-4B35-832C-AE24D6C47809} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 3444
Source Name: Tcpip
Time Written: 20090615171230.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: XPSP2-9A0D958F9
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090508135922.000000+120
Event Type: Informations
User:

Computer Name: XPSP2-9A0D958F9
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090508135919.000000+120
Event Type: Informations
User:

Computer Name: XPSP2-9A0D958F9
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090508135835.000000+120
Event Type: Informations
User:

Computer Name: XPSP2-9A0D958F9
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090508135819.000000+120
Event Type: Informations
User:

Computer Name: XPSP2-9A0D958F9
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090508135809.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;F:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rockfr at 2009-06-28 16:13:10
Microsoft Windows XP Professionnel Service Pack 2
System drive F: has 59 GB (59%) free of 100 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:18, on 28/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Multimedia Card Reader\shwicon2k.exe
F:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
F:\Documents and Settings\Rockfr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\EDIMAX\Common\RaUI.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\no6.exe
F:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
F:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system\msdct.exe
F:\WINDOWS\system\msdct.exe
F:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
F:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
F:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\WINDOWS\System32\svchost.exe
F:\Documents and Settings\Rockfr\Bureau\RSIT.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\trend micro\Rockfr.exe
F:\Documents and Settings\LocalService\LocalService.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Data Serivce] no6.exe
O4 - HKLM\..\Run: [Sunkist2k] F:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "F:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Rockfr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "F:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [LocalService] F:\Documents and Settings\LocalService\LocalService.exe /i (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LocalService] F:\Documents and Settings\LocalService\LocalService.exe /i (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = F:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = F:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = F:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: Wireless Utility.lnk = F:\Program Files\EDIMAX\Common\RaUI.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - F:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - F:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - f:\windows\system32\vhosts.exe (file missing)
O23 - Service: MYS Mutex Algorithm Service - Unknown owner - F:\WINDOWS\system\mysmas.exe (file missing)
O23 - Service: WM System Decode Application - Unknown owner - F:\WINDOWS\system\msdct.exe
0
Réponse 4 / 18
Utilisateur anonyme
 
Tu est bien infecté.Je te prépare un script pour la désinfection.a+
Fait la manip qui suit pour avancer.
1- Avoir accès aux fichiers cachés :

Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
Utilisateur anonyme
 
* Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de OldTimer) sur ton Bureau
* Double-clique sur OTMoveIt.exe pour le lancer.
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
* Copie la liste qui se trouve ici et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.
* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre "Results".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
Réponse 6 / 18
Rockfr
 
Je crois que ca n'a pas très bien marché : le processus explorer.exe s'est fermé donc je n'avais plus accès la barre des taches, mon bureau etc... Mon disque où est installé windows, c'est F:\. et j'ai vu le dossier nommé otm en en allant dans tout les sous-dossiers j'ai vu msdct.exe (F:\_OTM\MovedFiles\06292009_112425\windows\system). J'ai du fermé ma session avec le gestionnaire des taches afin de pouvoir réaccéder a mes fichiers.
j'ai aussi vu, pendant le plantage, la moitié de ce qu'il y avait écrit dans "results" et il y avait environ 7 ou 8 errors. Merci beaucoup pour ton aide.

PS:avant de faire ca, j'avais installé le sp3 de windows.
0
Réponse 7 / 18
Utilisateur anonyme
 
Ok Fait la même chose mais en mode sans échec.
Redémarre en mode sans échec
(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
0
Réponse 8 / 18
Rockfr
 
Ca ne marche pas...ca bug, et otm ne répond pas, plus de barres des taches. J'ai essayer de prendre un screen mais ca ferme paint lors du "moveiT".
0
Réponse 9 / 18
Utilisateur anonyme
 
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
0
Réponse 10 / 18
Rockfr
 
voila, c'est fait. Je te joint le rapport :

ComboFix 09-06-28.04 - Rockfr 29/06/2009 15:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1632 [GMT 2:00]
Lancé depuis: f:\documents and settings\Rockfr\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\system32\ATIODCLI.exe
f:\windows\system32\ATIODE.exe
f:\windows\system32\i
f:\windows\system32\msvcrt2.dll
f:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSDRV32
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_acpi32
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_netsik
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_securentm
-------\Service_sysdrv32
-------\Service_systemntmi
-------\Service_ws2_32sik

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-06-29 ))))))))))))))))))))))))))))))))))))
.

2009-06-28 14:50 . 2008-04-13 17:33 4255 ------w- f:\windows\system32\drivers\adv01nt5.dll
2009-06-28 14:33 . 2009-06-28 14:33 41216 ----a-w- f:\windows\system32\drivers\systemntmi.VIR
2009-06-28 14:13 . 2009-06-28 14:13 -------- d-----w- F:\rsit
2009-06-28 14:13 . 2009-06-28 14:13 -------- d-----w- f:\program files\trend micro
2009-06-28 10:34 . 2009-06-28 10:53 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-28 10:34 . 2009-06-28 10:34 -------- d-----w- f:\program files\Spybot - Search & Destroy
2009-06-28 10:03 . 2009-06-28 10:05 -------- d-----w- f:\program files\Counter-Strike Source LAN Edition
2009-06-28 09:59 . 2009-06-28 09:59 21673 ---h--w- f:\documents and settings\LocalService\LocalService.exe
2009-06-27 21:09 . 2009-06-27 21:09 1052672 ----a-w- f:\windows\system32\51.scr
2009-06-27 20:55 . 2009-06-27 20:55 176164 --sh--r- f:\windows\no6.exe
2009-06-27 20:53 . 2009-06-27 20:55 176164 ----a-w- f:\windows\system32\no6.exe
2009-06-27 13:24 . 2009-06-27 13:24 -------- d-----w- f:\documents and settings\Rockfr\Application Data\Leadertech
2009-06-27 13:22 . 2009-06-28 14:30 -------- d-----w- f:\documents and settings\All Users\Application Data\Logishrd
2009-06-27 13:22 . 2009-06-27 13:22 -------- d-----w- f:\documents and settings\All Users\Application Data\Logitech
2009-06-27 13:22 . 2009-06-27 13:22 -------- d-----w- f:\program files\Logitech
2009-06-26 16:54 . 2009-06-26 16:54 -------- d-----w- f:\windows\Sun
2009-06-26 16:14 . 2009-06-27 18:49 163880 --sh--r- f:\windows\mpupd.exe
2009-06-26 16:14 . 2009-06-27 18:49 163880 ----a-w- f:\windows\system32\mpupd.exe
2009-06-26 16:13 . 2009-06-29 09:12 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
2009-06-24 13:39 . 2009-06-24 13:39 1632105 ----a-w- f:\windows\Counter-Strike Source LAN Edition Uninstaller.exe
2009-06-24 10:57 . 2009-06-29 13:17 -------- d-----w- f:\program files\Steam
2009-06-23 10:40 . 2009-06-28 10:26 -------- d-----w- f:\program files\Garena
2009-06-21 19:53 . 2009-06-21 19:54 -------- d-----w- f:\program files\Yu-Gi-Oh Virtual Battle 5
2009-06-18 19:00 . 2009-06-27 21:34 -------- d-----w- f:\documents and settings\Rockfr\Application Data\dvdcss
2009-06-18 14:33 . 2009-06-18 14:33 -------- d-----w- f:\program files\Cube
2009-06-16 18:28 . 2009-06-16 18:28 -------- d-----w- f:\program files\Multimedia Card Reader
2009-06-16 18:28 . 2009-06-16 18:28 -------- d-----w- f:\windows\Downloaded Installations
2009-06-16 17:36 . 2009-06-29 10:36 -------- d-----w- f:\windows\system32\NtmsData
2009-06-14 09:55 . 2009-06-14 09:55 413696 ----a-w- f:\windows\system32\wrap_oal.dll
2009-06-14 09:55 . 2009-06-14 09:55 110592 ----a-w- f:\windows\system32\OpenAL32.dll
2009-06-14 09:55 . 2009-06-14 09:55 -------- d-----w- f:\program files\OpenAL
2009-06-14 09:55 . 2009-06-14 09:55 -------- d-----w- f:\program files\AssaultCube_v1.0
2009-06-12 17:13 . 2009-06-12 17:13 8478 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}\_6FEFF9B68218417F98F549.exe
2009-06-12 17:13 . 2009-06-12 17:13 8478 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}\_4F170B61CB00A7A4234D88.exe
2009-06-12 17:13 . 2009-06-12 17:13 8478 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}\_26AF075A84C2886D026ECB.exe
2009-06-12 16:53 . 2009-06-12 16:53 -------- d-----w- f:\documents and settings\Rockfr\Application Data\Screaming Bee
2009-06-12 16:53 . 2009-06-12 16:53 104470 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{10C6EB34-4423-4DBA-AECA-76540029FF83}\_6FEFF9B68218417F98F549.exe
2009-06-12 16:53 . 2009-06-12 16:53 104470 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{10C6EB34-4423-4DBA-AECA-76540029FF83}\_41028F12A1974CC7604D2B.exe
2009-06-12 16:53 . 2009-06-12 16:53 104470 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{10C6EB34-4423-4DBA-AECA-76540029FF83}\_23CEE41CC0D19EFD8A71F4.exe
2009-06-12 16:53 . 2009-06-29 10:23 -------- d-----w- f:\documents and settings\All Users\Application Data\Screaming Bee
2009-06-12 16:53 . 2009-06-12 17:24 -------- d-----w- f:\program files\Screaming Bee
2009-06-11 16:57 . 2009-06-11 16:58 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\Google
2009-06-11 16:57 . 2009-06-11 16:57 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\Deployment
2009-06-10 21:04 . 2009-06-10 21:04 -------- d-----w- F:\Maps
2009-06-10 21:04 . 2009-06-10 21:04 -------- d-----w- F:\replay
2009-06-10 13:17 . 2009-06-10 13:17 410984 ----a-w- f:\windows\system32\deploytk.dll
2009-06-10 13:17 . 2009-06-10 13:17 -------- d-----w- f:\program files\Java
2009-06-10 13:17 . 2009-06-10 13:17 152576 ----a-w- f:\documents and settings\Rockfr\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-10 11:29 . 2009-06-10 11:30 -------- d-----w- f:\program files\Warkeys
2009-06-09 16:03 . 2009-06-09 16:03 -------- d-s---w- f:\documents and settings\Ota-icecream\UserData
2009-06-09 16:03 . 2009-06-09 16:03 17840 ----a-w- f:\documents and settings\Ota-icecream\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 16:03 . 2009-06-09 16:03 -------- d-----w- f:\documents and settings\Ota-icecream\Local Settings\Application Data\ATI
2009-06-09 16:03 . 2009-06-09 16:03 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\ATI
2009-06-01 07:45 . 2009-06-01 07:45 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\Turbine
2009-06-01 07:44 . 2009-06-01 07:44 129 ----a-w- f:\documents and settings\Rockfr\Local Settings\Application Data\fusioncache.dat
2009-06-01 07:44 . 2009-06-26 14:05 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\ApplicationHistory
2009-06-01 07:43 . 2009-06-01 07:43 -------- d-----w- f:\windows\system32\URTTEMP
2009-06-01 07:28 . 2009-06-01 07:28 -------- d-----w- f:\documents and settings\Rockfr\Application Data\OpenArena
2009-06-01 07:27 . 2009-06-01 07:27 -------- d-----w- f:\program files\Codemasters
2009-05-31 09:26 . 2009-05-31 09:26 -------- d-----w- F:\Sounds
2009-05-31 09:12 . 2008-11-11 11:42 24832 ----a-w- f:\windows\system32\drivers\lgusbmodem.sys
2009-05-31 09:12 . 2008-11-11 11:41 19968 ----a-w- f:\windows\system32\drivers\lgusbdiag.sys
2009-05-31 09:12 . 2008-11-11 11:41 13056 ----a-w- f:\windows\system32\drivers\lgusbbus.sys
2009-05-31 09:12 . 2009-05-31 09:12 -------- d-----w- f:\program files\LG Electronics
2009-05-31 09:12 . 2007-11-08 14:26 1164728 ----a-w- f:\windows\system32\NMSDVDXU.dll
2009-05-31 09:11 . 2009-05-31 09:11 -------- d-----w- f:\documents and settings\Rockfr\Application Data\LG Electronics
2009-05-31 09:11 . 2009-06-06 19:49 -------- d-----w- f:\program files\LG PC Suite II

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 12:46 . 2009-05-15 14:05 -------- d-----w- f:\program files\Warcraft III
2009-06-29 10:53 . 2009-06-29 10:53 -------- d-----w- f:\program files\Fichiers communs\Logitech
2009-06-28 15:02 . 2001-10-02 16:17 84956 ----a-w- f:\windows\system32\perfc00C.dat
2009-06-28 15:02 . 2001-10-02 16:17 509844 ----a-w- f:\windows\system32\perfh00C.dat
2009-06-28 15:02 . 2009-05-27 14:04 17840 ----a-w- f:\documents and settings\Rockfr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 14:57 . 2009-05-08 12:01 86331 ----a-w- f:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-27 13:23 . 2009-06-27 13:21 -------- d-----w- f:\program files\Fichiers communs\logishrd
2009-06-25 12:06 . 2009-05-11 17:01 -------- d-----w- f:\documents and settings\Rockfr\Application Data\gtk-2.0
2009-06-16 18:28 . 2009-05-08 12:41 -------- d-----w- f:\program files\Fichiers communs\InstallShield
2009-06-12 16:47 . 2009-05-08 12:30 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-06-09 15:18 . 2009-05-13 09:59 -------- d-----w- f:\documents and settings\Rockfr\Application Data\teamspeak2
2009-05-27 14:04 . 2009-05-27 14:04 -------- d-----w- f:\documents and settings\Rockfr\Application Data\ATI
2009-05-27 14:04 . 2009-05-27 14:04 -------- d-----w- f:\documents and settings\All Users\Application Data\ATI
2009-05-27 10:03 . 2009-05-27 10:03 69024 ----a-w- f:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-27 10:03 . 2009-05-27 10:03 -------- d-----w- f:\program files\MSBuild
2009-05-27 10:03 . 2009-05-27 10:03 -------- d-----w- f:\program files\Reference Assemblies
2009-05-27 10:01 . 2009-05-27 10:01 -------- d-----w- f:\program files\MSXML 6.0
2009-05-18 18:04 . 2009-05-18 18:04 -------- d-----w- f:\program files\LimeWire
2009-05-15 14:10 . 2009-05-15 14:05 -------- d-----w- f:\program files\Fichiers communs\Blizzard Entertainment
2009-05-13 14:26 . 2009-05-13 14:26 -------- d-----w- f:\program files\Common Files
2009-05-13 09:59 . 2009-05-13 09:59 -------- d-----w- f:\program files\Teamspeak2_RC2
2009-05-10 18:29 . 2009-05-10 18:29 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\gtk-2.0
2009-05-10 18:17 . 2009-05-10 18:17 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\vlc
2009-05-10 18:08 . 2009-05-10 18:08 1 ----a-w- f:\documents and settings\Ota-icecream\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-10 18:07 . 2009-05-10 18:07 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\OpenOffice.org
2009-05-10 18:07 . 2009-05-10 18:07 -------- d-----w- f:\program files\OpenOffice.org 3
2009-05-08 15:12 . 2009-05-08 15:12 -------- d-----w- f:\program files\CCleaner
2009-05-08 15:11 . 2009-05-08 15:11 96 ---ha-w- f:\windows\system32\HsInfo.dat
2009-05-08 15:05 . 2009-05-08 15:05 -------- d-----w- f:\program files\alaplaya
2009-05-08 14:46 . 2009-05-08 14:46 0 ----a-w- f:\windows\nsreg.dat
2009-05-08 14:11 . 2009-05-08 13:22 -------- d-----w- f:\program files\ATI
2009-05-08 13:28 . 2009-05-08 13:28 0 ----a-w- f:\windows\ativpsrm.bin
2009-05-08 13:21 . 2009-05-08 13:21 -------- d-----w- f:\program files\ATI Technologies
2009-05-08 13:06 . 2009-05-08 13:06 -------- d-----w- f:\program files\Avira
2009-05-08 13:06 . 2009-05-08 13:06 -------- d-----w- f:\documents and settings\All Users\Application Data\Avira
2009-05-08 13:03 . 2009-05-08 13:03 -------- d-----w- f:\program files\GIMP-2.0
2009-05-08 13:00 . 2009-05-08 13:00 -------- d-----w- f:\documents and settings\Rockfr\Application Data\vlc
2009-05-08 13:00 . 2009-05-08 13:00 -------- d-----w- f:\program files\VideoLAN
2009-05-08 13:00 . 2009-05-08 13:00 -------- d-----w- f:\program files\IZArc
2009-05-08 12:53 . 2009-05-08 12:53 1915520 ----a-w- f:\documents and settings\Rockfr\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-08 12:41 . 2009-05-08 12:41 -------- d-----w- f:\program files\Realtek
2009-05-08 12:41 . 2009-05-08 12:41 315392 ----a-w- f:\windows\HideWin.exe
2009-05-08 12:36 . 2009-05-08 12:36 -------- d-----w- f:\program files\Intel
2009-05-08 12:31 . 2009-05-08 12:31 376832 ----a-w- f:\windows\system32\AegisI5Installer.exe
2009-05-08 12:31 . 2009-05-08 12:31 21361 ----a-w- f:\windows\system32\drivers\AegisP.sys
2009-05-08 12:30 . 2009-05-08 12:30 -------- d-----w- f:\program files\EDIMAX
2009-05-08 12:30 . 2009-05-08 12:30 -------- d-----w- f:\documents and settings\Rockfr\Application Data\InstallShield
2009-05-08 12:03 . 2009-05-08 12:03 -------- d-----w- f:\program files\microsoft frontpage
2009-05-08 12:01 . 2009-05-08 12:01 -------- d-----w- f:\program files\Services en ligne
2009-05-08 11:59 . 2009-05-08 11:59 21892 ----a-w- f:\windows\system32\emptyregdb.dat
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- f:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- f:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="f:\documents and settings\Rockfr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]
"Steam"="f:\program files\Steam\Steam.exe" [2009-06-24 1217784]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="f:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="f:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-06-10 148888]
"Sunkist2k"="f:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 139264]
"LogitechCommunicationsManager"="f:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="f:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"RTHDCPL"="RTHDCPL.EXE" - f:\windows\RTHDCPL.exe [2008-02-13 16857600]
"Windows Data Serivce"="no6.exe" - f:\windows\system32\no6.exe [2009-06-27 176164]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="f:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="f:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

f:\documents and settings\Rockfr\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - f:\program files\Logitech\QuickCam\eReg.exe [2008-2-13 493832]

f:\documents and settings\Ota-icecream\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - f:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

f:\documents and settings\Rockfr\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - f:\program files\Logitech\QuickCam\eReg.exe [2008-2-13 493832]

f:\documents and settings\Rockfr\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - f:\program files\Logitech\QuickCam\eReg.exe [2008-2-13 493832]

f:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Wireless Utility.lnk - f:\program files\EDIMAX\Common\RaUI.exe [2009-5-8 716800]

f:\documents and settings\Rockfr\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - f:\program files\Logitech\QuickCam\eReg.exe [2008-2-13 493832]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\System32\\51.scr"=
"f:\\WINDOWS\\system32\\spoolsv.exe"=
"f:\\WINDOWS\\system32\\Ati2evxx.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"f:\\Program Files\\Fichiers communs\\logishrd\\LVMVFM\\LVPrcSrv.exe"=
"f:\\Program Files\\Fichiers communs\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
"f:\\WINDOWS\\RTHDCPL.EXE"=
"f:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"f:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"f:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"=
"f:\\Program Files\\Fichiers communs\\logishrd\\LComMgr\\Communications_Helper.exe"=
"f:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe"=
"f:\\Documents and Settings\\Rockfr\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"f:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"f:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe"=
"f:\\Program Files\\EDIMAX\\Common\\RaUI.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Fichiers communs\\logishrd\\LQCVFX\\COCIManager.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;f:\program files\Avira\AntiVir Desktop\sched.exe [08/05/2009 15:06 108289]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;f:\windows\system32\drivers\ScreamingBAudio.sys [27/03/2009 14:23 23064]
S2 amd64si;amd64si;\??\f:\windows\system32\drivers\amd64si.sys --> f:\windows\system32\drivers\amd64si.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\f:\docume~1\Rockfr\LOCALS~1\Temp\XOI18.tmp --> f:\docume~1\Rockfr\LOCALS~1\Temp\XOI18.tmp [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2009-06-28 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1563985344-725345543-1003.job
- f:\documents and settings\Rockfr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 16:57]
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-dllcache
SafeBoot-MYS Mutex Algorithm Service
SafeBoot-WM System Decode Application

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearch Page = hxxp://www.google.fr
uSearch Bar = hxxp://www.google.fr/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
mSearchAssistant = hxxp://www.google.fr/ie
FF - ProfilePath - f:\documents and settings\Rockfr\Application Data\Mozilla\Firefox\Profiles\k2jjqp9l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: f:\documents and settings\Rockfr\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 15:17
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\f:\docume~1\Rockfr\LOCALS~1\Temp\XOI18.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(828)
f:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6244)
f:\windows\TEMP\logishrd\LVPrcInj01.dll
f:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
f:\windows\system32\ati2evxx.exe
f:\program files\Avira\AntiVir Desktop\avguard.exe
f:\windows\system32\ati2evxx.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
f:\program files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
f:\windows\system32\WdfMgr.exe
f:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
f:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
f:\windows\no6.exe
f:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
f:\program files\Fichiers communs\logishrd\LQCVFX\COCIManager.exe
f:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-29 15:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-29 13:19

Avant-CF: 60 150 276 096 octets libres
Après-CF: 60 312 825 856 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

315
0
Réponse 11 / 18
Utilisateur anonyme
 
Super Maintenant post moi un nouveau rapport rsit.Je sais c'est ralant tous ces post, mais comme tu vois ca me permet de continuer a travailler et d'avancer.
Une petite question.As tu désactiver l'uac ?
0
Réponse 12 / 18
Rockfr
 
Je ne sais pas ce qu'est l'u ac mais voila les rapports :

info.txt logfile of random's system information tool 1.06 2009-06-29 16:10:37

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"F:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AssaultCube v1.0-->"F:\Program Files\AssaultCube_v1.0\uninstall.exe"
ATI - Software Uninstall Utility-->F:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 F:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->F:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"F:\Program Files\CCleaner\uninst.exe"
Coffret de pilotes Logitech QuickCam-->"F:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"F:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Counter-Strike Source LAN Edition-->F:\WINDOWS\Counter-Strike Source LAN Edition Uninstaller.exe
Cube-->"F:\Program Files\Cube\uninstall.exe"
Edimax Wireless LAN-->F:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe -runfromtemp -l0x0009 -removeonly
Female Voice Pack-->MsiExec.exe /I{59A614F6-27DE-4F65-A173-554A26DA2DEE}
Garena-->F:\Program Files\Garena\uninst.exe
GIMP 2.6.6-->"F:\Program Files\GIMP-2.0\setup\unins000.exe"
High Definition Audio Driver Package - KB888111-->"F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"F:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Install(US)2-->F:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
IZArc 4.0 beta 1-->"F:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
JMB36X Raid Configurer-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x40c -removeonly
Keycraft (remove only)-->"F:\Program Files\Warcraft III\Keycraft\uninstall.exe"
Le Seigneur des anneaux Online : Les Ombres d'Angmar v01.04.00.-->"F:\Program Files\Codemasters\Le Seigneur des anneaux Online\unins000.exe"
LG PC Suite II-->F:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->F:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->f:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MorphVOX Junior-->MsiExec.exe /I{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}
MorphVOX Pro-->MsiExec.exe /I{10C6EB34-4423-4DBA-AECA-76540029FF83}
Mozilla Firefox (3.0.11)-->F:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Card Reader-->F:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645}
OpenAL-->"F:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC}
Realtek High Definition Audio Driver-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
S4 League_EU-->RunDll32 F:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\setup.exe" -l0x9
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2-->"F:\Program Files\Teamspeak2_RC2\unins000.exe"
VLC media player 0.9.9-->F:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III-->F:\Program Files\Fichiers communs\Blizzard Entertainment\Warcraft III\Uninstall.exe
Warkeys 1.13.1.0b-->F:\Program Files\Warkeys\uninst.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"F:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"F:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
XML Paper Specification Shared Components Language Pack 1.0-->"F:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yu-Gi-Oh Virtual Battle 5.20-->F:\Program Files\Yu-Gi-Oh Virtual Battle 5\Uninstal.exe
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: AntiVir Desktop (outdated)

======System event log======

Computer Name: XPSP2-9A0D958F9
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

Record Number: 4037
Source Name: Service Control Manager
Time Written: 20090617231953.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-9A0D958F9
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP.

Record Number: 4036
Source Name: Service Control Manager
Time Written: 20090617231953.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-9A0D958F9
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 4035
Source Name: Service Control Manager
Time Written: 20090617231953.000000+120
Event Type: Informations
User:

Computer Name: XPSP2-9A0D958F9
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

Record Number: 4034
Source Name: Service Control Manager
Time Written: 20090617231953.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-9A0D958F9
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 4033
Source Name: Service Control Manager
Time Written: 20090617231953.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: XPSP2-9A0D958F9
Event Code: 11707
Message: Product: Catalyst Control Center HydraVision Full -- Installation operation completed successfully.

Record Number: 58
Source Name: MsiInstaller
Time Written: 20090508152147.000000+120
Event Type: Informations
User: XPSP2-9A0D958F9\Rockfr

Computer Name: XPSP2-9A0D958F9
Event Code: 11707
Message: Product: Catalyst Control Center Graphics Full Existing -- Installation operation completed successfully.

Record Number: 57
Source Name: MsiInstaller
Time Written: 20090508152147.000000+120
Event Type: Informations
User: XPSP2-9A0D958F9\Rockfr

Computer Name: XPSP2-9A0D958F9
Event Code: 11707
Message: Product: Catalyst Control Center Graphics Light -- Installation operation completed successfully.

Record Number: 56
Source Name: MsiInstaller
Time Written: 20090508152144.000000+120
Event Type: Informations
User: XPSP2-9A0D958F9\Rockfr

Computer Name: XPSP2-9A0D958F9
Event Code: 11707
Message: Product: Catalyst Control Center Core Implementation -- Installation operation completed successfully.

Record Number: 55
Source Name: MsiInstaller
Time Written: 20090508152143.000000+120
Event Type: Informations
User: XPSP2-9A0D958F9\Rockfr

Computer Name: XPSP2-9A0D958F9
Event Code: 11707
Message: Product: Catalyst Control Center - Branding -- Installation operation completed successfully.

Record Number: 54
Source Name: MsiInstaller
Time Written: 20090508152142.000000+120
Event Type: Informations
User: XPSP2-9A0D958F9\Rockfr

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;F:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rockfr at 2009-06-29 16:10:32
Microsoft Windows XP Professionnel Service Pack 3
System drive F: has 58 GB (58%) free of 100 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:36, on 29/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
F:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Multimedia Card Reader\shwicon2k.exe
F:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
F:\Program Files\Logitech\QuickCam\Quickcam.exe
F:\Documents and Settings\Rockfr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\EDIMAX\Common\RaUI.exe
F:\WINDOWS\no6.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
F:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Documents and Settings\Rockfr\Bureau\RSIT.exe
F:\Program Files\trend micro\Rockfr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Data Serivce] no6.exe
O4 - HKLM\..\Run: [Sunkist2k] F:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "F:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Rockfr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "F:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: Wireless Utility.lnk = F:\Program Files\EDIMAX\Common\RaUI.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - F:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - F:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
0
Réponse 13 / 18
Utilisateur anonyme
 
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour rockfr, il n'est pas transposable sur un autre ordinateur !
• Télécharge ce dossier:rockfr.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.
• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe
comme ceci :http://img155.imageshack.us/img155/4837/cfscriptop0.gif
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt
0
Réponse 14 / 18
Rockfr
 
ComboFix 09-06-28.04 - Rockfr 29/06/2009 17:16.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1630 [GMT 2:00]
Lancé depuis: f:\documents and settings\Rockfr\Bureau\ComboFix.exe
Commutateurs utilisés :: f:\documents and settings\Rockfr\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\system32\i
f:\windows\TEMP\logishrd\LVPrcInj02.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-06-29 ))))))))))))))))))))))))))))))))))))
.

2009-06-28 14:50 . 2008-04-13 17:33 4255 ------w- f:\windows\system32\drivers\adv01nt5.dll
2009-06-28 14:33 . 2009-06-28 14:33 41216 ----a-w- f:\windows\system32\drivers\systemntmi.VIR
2009-06-28 14:13 . 2009-06-29 14:10 -------- d-----w- F:\rsit
2009-06-28 14:13 . 2009-06-29 14:10 -------- d-----w- f:\program files\trend micro
2009-06-28 10:34 . 2009-06-28 10:53 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-28 10:34 . 2009-06-28 10:34 -------- d-----w- f:\program files\Spybot - Search & Destroy
2009-06-28 10:03 . 2009-06-28 10:05 -------- d-----w- f:\program files\Counter-Strike Source LAN Edition
2009-06-28 09:59 . 2009-06-28 09:59 21673 ---h--w- f:\documents and settings\LocalService\LocalService.exe
2009-06-27 21:09 . 2009-06-27 21:09 1052672 ----a-w- f:\windows\system32\51.scr
2009-06-27 20:55 . 2009-06-27 20:55 176164 --sh--r- f:\windows\no6.exe
2009-06-27 20:53 . 2009-06-27 20:55 176164 ----a-w- f:\windows\system32\no6.exe
2009-06-27 13:24 . 2009-06-27 13:24 -------- d-----w- f:\documents and settings\Rockfr\Application Data\Leadertech
2009-06-27 13:22 . 2009-06-28 14:30 -------- d-----w- f:\documents and settings\All Users\Application Data\Logishrd
2009-06-27 13:22 . 2009-06-27 13:22 -------- d-----w- f:\documents and settings\All Users\Application Data\Logitech
2009-06-27 13:22 . 2009-06-27 13:22 -------- d-----w- f:\program files\Logitech
2009-06-26 16:54 . 2009-06-26 16:54 -------- d-----w- f:\windows\Sun
2009-06-26 16:14 . 2009-06-27 18:49 163880 --sh--r- f:\windows\mpupd.exe
2009-06-26 16:14 . 2009-06-27 18:49 163880 ----a-w- f:\windows\system32\mpupd.exe
2009-06-26 16:13 . 2009-06-29 09:12 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
2009-06-24 13:39 . 2009-06-24 13:39 1632105 ----a-w- f:\windows\Counter-Strike Source LAN Edition Uninstaller.exe
2009-06-24 10:57 . 2009-06-29 15:21 -------- d-----w- f:\program files\Steam
2009-06-23 10:40 . 2009-06-28 10:26 -------- d-----w- f:\program files\Garena
2009-06-21 19:53 . 2009-06-21 19:54 -------- d-----w- f:\program files\Yu-Gi-Oh Virtual Battle 5
2009-06-18 19:00 . 2009-06-27 21:34 -------- d-----w- f:\documents and settings\Rockfr\Application Data\dvdcss
2009-06-18 14:33 . 2009-06-18 14:33 -------- d-----w- f:\program files\Cube
2009-06-16 18:28 . 2009-06-16 18:28 -------- d-----w- f:\program files\Multimedia Card Reader
2009-06-16 18:28 . 2009-06-16 18:28 -------- d-----w- f:\windows\Downloaded Installations
2009-06-16 17:36 . 2009-06-29 10:36 -------- d-----w- f:\windows\system32\NtmsData
2009-06-14 09:55 . 2009-06-14 09:55 413696 ----a-w- f:\windows\system32\wrap_oal.dll
2009-06-14 09:55 . 2009-06-14 09:55 110592 ----a-w- f:\windows\system32\OpenAL32.dll
2009-06-14 09:55 . 2009-06-14 09:55 -------- d-----w- f:\program files\OpenAL
2009-06-14 09:55 . 2009-06-14 09:55 -------- d-----w- f:\program files\AssaultCube_v1.0
2009-06-12 17:13 . 2009-06-12 17:13 8478 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}\_6FEFF9B68218417F98F549.exe
2009-06-12 17:13 . 2009-06-12 17:13 8478 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}\_4F170B61CB00A7A4234D88.exe
2009-06-12 17:13 . 2009-06-12 17:13 8478 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}\_26AF075A84C2886D026ECB.exe
2009-06-12 16:53 . 2009-06-12 16:53 -------- d-----w- f:\documents and settings\Rockfr\Application Data\Screaming Bee
2009-06-12 16:53 . 2009-06-12 16:53 104470 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{10C6EB34-4423-4DBA-AECA-76540029FF83}\_6FEFF9B68218417F98F549.exe
2009-06-12 16:53 . 2009-06-12 16:53 104470 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{10C6EB34-4423-4DBA-AECA-76540029FF83}\_41028F12A1974CC7604D2B.exe
2009-06-12 16:53 . 2009-06-12 16:53 104470 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{10C6EB34-4423-4DBA-AECA-76540029FF83}\_23CEE41CC0D19EFD8A71F4.exe
2009-06-12 16:53 . 2009-06-29 10:23 -------- d-----w- f:\documents and settings\All Users\Application Data\Screaming Bee
2009-06-12 16:53 . 2009-06-12 17:24 -------- d-----w- f:\program files\Screaming Bee
2009-06-11 16:57 . 2009-06-11 16:58 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\Google
2009-06-11 16:57 . 2009-06-11 16:57 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\Deployment
2009-06-10 21:04 . 2009-06-10 21:04 -------- d-----w- F:\Maps
2009-06-10 21:04 . 2009-06-10 21:04 -------- d-----w- F:\replay
2009-06-10 13:17 . 2009-06-10 13:17 410984 ----a-w- f:\windows\system32\deploytk.dll
2009-06-10 13:17 . 2009-06-10 13:17 -------- d-----w- f:\program files\Java
2009-06-10 13:17 . 2009-06-10 13:17 152576 ----a-w- f:\documents and settings\Rockfr\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-10 11:29 . 2009-06-10 11:30 -------- d-----w- f:\program files\Warkeys
2009-06-09 16:03 . 2009-06-09 16:03 -------- d-s---w- f:\documents and settings\Ota-icecream\UserData
2009-06-09 16:03 . 2009-06-09 16:03 17840 ----a-w- f:\documents and settings\Ota-icecream\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 16:03 . 2009-06-09 16:03 -------- d-----w- f:\documents and settings\Ota-icecream\Local Settings\Application Data\ATI
2009-06-09 16:03 . 2009-06-09 16:03 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\ATI
2009-06-01 07:45 . 2009-06-01 07:45 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\Turbine
2009-06-01 07:44 . 2009-06-01 07:44 129 ----a-w- f:\documents and settings\Rockfr\Local Settings\Application Data\fusioncache.dat
2009-06-01 07:44 . 2009-06-29 14:51 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\ApplicationHistory
2009-06-01 07:43 . 2009-06-01 07:43 -------- d-----w- f:\windows\system32\URTTEMP
2009-06-01 07:28 . 2009-06-01 07:28 -------- d-----w- f:\documents and settings\Rockfr\Application Data\OpenArena
2009-06-01 07:27 . 2009-06-01 07:27 -------- d-----w- f:\program files\Codemasters
2009-05-31 09:26 . 2009-05-31 09:26 -------- d-----w- F:\Sounds
2009-05-31 09:12 . 2008-11-11 11:42 24832 ----a-w- f:\windows\system32\drivers\lgusbmodem.sys
2009-05-31 09:12 . 2008-11-11 11:41 19968 ----a-w- f:\windows\system32\drivers\lgusbdiag.sys
2009-05-31 09:12 . 2008-11-11 11:41 13056 ----a-w- f:\windows\system32\drivers\lgusbbus.sys
2009-05-31 09:12 . 2009-05-31 09:12 -------- d-----w- f:\program files\LG Electronics
2009-05-31 09:12 . 2007-11-08 14:26 1164728 ----a-w- f:\windows\system32\NMSDVDXU.dll
2009-05-31 09:11 . 2009-05-31 09:11 -------- d-----w- f:\documents and settings\Rockfr\Application Data\LG Electronics
2009-05-31 09:11 . 2009-06-06 19:49 -------- d-----w- f:\program files\LG PC Suite II

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 14:50 . 2009-05-15 14:05 -------- d-----w- f:\program files\Warcraft III
2009-06-29 10:53 . 2009-06-29 10:53 -------- d-----w- f:\program files\Fichiers communs\Logitech
2009-06-28 15:02 . 2001-10-02 16:17 84956 ----a-w- f:\windows\system32\perfc00C.dat
2009-06-28 15:02 . 2001-10-02 16:17 509844 ----a-w- f:\windows\system32\perfh00C.dat
2009-06-28 15:02 . 2009-05-27 14:04 17840 ----a-w- f:\documents and settings\Rockfr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 14:57 . 2009-05-08 12:01 86331 ----a-w- f:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-27 13:23 . 2009-06-27 13:21 -------- d-----w- f:\program files\Fichiers communs\logishrd
2009-06-25 12:06 . 2009-05-11 17:01 -------- d-----w- f:\documents and settings\Rockfr\Application Data\gtk-2.0
2009-06-16 18:28 . 2009-05-08 12:41 -------- d-----w- f:\program files\Fichiers communs\InstallShield
2009-06-12 16:47 . 2009-05-08 12:30 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-06-09 15:18 . 2009-05-13 09:59 -------- d-----w- f:\documents and settings\Rockfr\Application Data\teamspeak2
2009-05-27 14:04 . 2009-05-27 14:04 -------- d-----w- f:\documents and settings\Rockfr\Application Data\ATI
2009-05-27 14:04 . 2009-05-27 14:04 -------- d-----w- f:\documents and settings\All Users\Application Data\ATI
2009-05-27 10:03 . 2009-05-27 10:03 69024 ----a-w- f:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-27 10:03 . 2009-05-27 10:03 -------- d-----w- f:\program files\MSBuild
2009-05-27 10:03 . 2009-05-27 10:03 -------- d-----w- f:\program files\Reference Assemblies
2009-05-27 10:01 . 2009-05-27 10:01 -------- d-----w- f:\program files\MSXML 6.0
2009-05-18 18:04 . 2009-05-18 18:04 -------- d-----w- f:\program files\LimeWire
2009-05-15 14:10 . 2009-05-15 14:05 -------- d-----w- f:\program files\Fichiers communs\Blizzard Entertainment
2009-05-13 14:26 . 2009-05-13 14:26 -------- d-----w- f:\program files\Common Files
2009-05-13 09:59 . 2009-05-13 09:59 -------- d-----w- f:\program files\Teamspeak2_RC2
2009-05-10 18:29 . 2009-05-10 18:29 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\gtk-2.0
2009-05-10 18:17 . 2009-05-10 18:17 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\vlc
2009-05-10 18:08 . 2009-05-10 18:08 1 ----a-w- f:\documents and settings\Ota-icecream\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-10 18:07 . 2009-05-10 18:07 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\OpenOffice.org
2009-05-10 18:07 . 2009-05-10 18:07 -------- d-----w- f:\program files\OpenOffice.org 3
2009-05-08 15:12 . 2009-05-08 15:12 -------- d-----w- f:\program files\CCleaner
2009-05-08 15:11 . 2009-05-08 15:11 96 ---ha-w- f:\windows\system32\HsInfo.dat
2009-05-08 15:05 . 2009-05-08 15:05 -------- d-----w- f:\program files\alaplaya
2009-05-08 14:46 . 2009-05-08 14:46 0 ----a-w- f:\windows\nsreg.dat
2009-05-08 14:11 . 2009-05-08 13:22 -------- d-----w- f:\program files\ATI
2009-05-08 13:28 . 2009-05-08 13:28 0 ----a-w- f:\windows\ativpsrm.bin
2009-05-08 13:21 . 2009-05-08 13:21 -------- d-----w- f:\program files\ATI Technologies
2009-05-08 13:06 . 2009-05-08 13:06 -------- d-----w- f:\program files\Avira
2009-05-08 13:06 . 2009-05-08 13:06 -------- d-----w- f:\documents and settings\All Users\Application Data\Avira
2009-05-08 13:03 . 2009-05-08 13:03 -------- d-----w- f:\program files\GIMP-2.0
2009-05-08 13:00 . 2009-05-08 13:00 -------- d-----w- f:\documents and settings\Rockfr\Application Data\vlc
2009-05-08 13:00 . 2009-05-08 13:00 -------- d-----w- f:\program files\VideoLAN
2009-05-08 13:00 . 2009-05-08 13:00 -------- d-----w- f:\program files\IZArc
2009-05-08 12:53 . 2009-05-08 12:53 1915520 ----a-w- f:\documents and settings\Rockfr\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-08 12:41 . 2009-05-08 12:41 -------- d-----w- f:\program files\Realtek
2009-05-08 12:41 . 2009-05-08 12:41 315392 ----a-w- f:\windows\HideWin.exe
2009-05-08 12:36 . 2009-05-08 12:36 -------- d-----w- f:\program files\Intel
2009-05-08 12:31 . 2009-05-08 12:31 376832 ----a-w- f:\windows\system32\AegisI5Installer.exe
2009-05-08 12:31 . 2009-05-08 12:31 21361 ----a-w- f:\windows\system32\drivers\AegisP.sys
2009-05-08 12:30 . 2009-05-08 12:30 -------- d-----w- f:\program files\EDIMAX
2009-05-08 12:30 . 2009-05-08 12:30 -------- d-----w- f:\documents and settings\Rockfr\Application Data\InstallShield
2009-05-08 12:03 . 2009-05-08 12:03 -------- d-----w- f:\program files\microsoft frontpage
2009-05-08 12:01 . 2009-05-08 12:01 -------- d-----w- f:\program files\Services en ligne
2009-05-08 11:59 . 2009-05-08 11:59 21892 ----a-w- f:\windows\system32\emptyregdb.dat
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- f:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- f:\windows\system32\msvcr71.dll
.

------- Sigcheck -------

[-] 2004-08-19 14:10 14336 2979B03D5382A602623C0535B16AB9C0 f:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-13 17:34 14336 E4BDF223CD75478BF44567B4D5C2634D f:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-13 17:34 14336 E4BDF223CD75478BF44567B4D5C2634D f:\windows\system32\svchost.exe
[-] 2008-04-13 17:34 14336 E4BDF223CD75478BF44567B4D5C2634D f:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-07-26 13:01 578048 0DF75FB73F705B011630159A43D7C354 f:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-13 17:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 f:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-13 17:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 f:\windows\system32\user32.dll
[-] 2008-04-13 17:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 f:\windows\system32\dllcache\cache\user32.dll

[-] 2004-08-19 14:09 82944 EED74B969B2CA1ACC558FF60FB420E28 f:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-13 17:33 82432 FB836F9E62D82904C983AD21296A5D9C f:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-13 17:33 82432 FB836F9E62D82904C983AD21296A5D9C f:\windows\system32\ws2_32.dll
[-] 2008-04-13 17:33 82432 FB836F9E62D82904C983AD21296A5D9C f:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2005-12-14 11:12 662528 E41E8FDF62CF20F2E2B16D800D96EB51 f:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2008-04-13 17:33 670208 4A6E04EA20F48D750D9BFED8600D516B f:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-13 17:33 670208 4A6E04EA20F48D750D9BFED8600D516B f:\windows\system32\wininet.dll
[-] 2008-04-13 17:33 670208 4A6E04EA20F48D750D9BFED8600D516B f:\windows\system32\dllcache\cache\wininet.dll

[-] 2006-02-14 19:56 359808 667192A11DB19F36624119C0DD4DE4F2 f:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 10:20 361344 93EA8D04EC73A85DB02EB8805988F733 f:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 10:20 361344 93EA8D04EC73A85DB02EB8805988F733 f:\windows\system32\dllcache\cache\tcpip.sys
[-] 2008-04-13 10:20 361344 93EA8D04EC73A85DB02EB8805988F733 f:\windows\system32\drivers\tcpip.sys

[-] 2004-08-19 14:10 506368 123EEA158F74D0F67A51DCDF065D1091 f:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-13 17:34 512000 DD73D6B9F6B4CB630CF35B438B540174 f:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 17:34 512000 DD73D6B9F6B4CB630CF35B438B540174 f:\windows\system32\winlogon.exe
[-] 2008-04-13 17:34 512000 DD73D6B9F6B4CB630CF35B438B540174 f:\windows\system32\dllcache\cache\winlogon.exe

[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E f:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 10:20 182656 1DF7F42665C94B825322FAE71721130D f:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 10:20 182656 1DF7F42665C94B825322FAE71721130D f:\windows\system32\dllcache\cache\ndis.sys
[-] 2008-04-13 10:20 182656 1DF7F42665C94B825322FAE71721130D f:\windows\system32\drivers\ndis.sys

[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 f:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 09:53 36608 3BB22519A194418D5FEC05D800A19AD0 f:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 09:53 36608 3BB22519A194418D5FEC05D800A19AD0 f:\windows\system32\dllcache\cache\ip6fw.sys
[-] 2008-04-13 09:53 36608 3BB22519A194418D5FEC05D800A19AD0 f:\windows\system32\drivers\ip6fw.sys

[-] 2006-01-09 11:34 2017280 50B3A210B6FA8D3089A36A32E7D8B21F f:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-04-13 17:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F f:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 17:07 2025984 92E82482CDB39929CF7B541A9648AFAE f:\windows\system32\ntkrnlpa.exe
[-] 2008-04-13 17:07 2025984 92E82482CDB39929CF7B541A9648AFAE f:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-07-26 13:01 2137600 E75F7AA5A33479F29C636FD0890F5762 f:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-04-13 17:08 2191104 099D639DA1EF6968D4E41795BB507E6B f:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 17:07 2147328 B10C36956EB7A8B1586DBE3B43875280 f:\windows\system32\ntoskrnl.exe
[-] 2008-04-13 17:07 2147328 B10C36956EB7A8B1586DBE3B43875280 f:\windows\system32\dllcache\cache\ntoskrnl.exe

[-] 2008-04-13 17:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD f:\windows\explorer.exe
[-] 2005-07-26 13:01 1036288 0BEE3B07ACE3303EE57698808E1D2DE3 f:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-13 17:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD f:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-13 17:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD f:\windows\system32\dllcache\cache\explorer.exe

[-] 2004-08-19 14:10 108544 63DCDE1A0D86EEB8924D6738FF616EAD f:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-13 17:34 109056 54CB50058851D95E56EC70D09F70857F f:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-13 17:34 109056 54CB50058851D95E56EC70D09F70857F f:\windows\system32\services.exe
[-] 2008-04-13 17:34 109056 54CB50058851D95E56EC70D09F70857F f:\windows\system32\dllcache\cache\services.exe

[-] 2004-08-19 14:09 13312 259AF82A0932EEA4F316F92DB94707B6 f:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-13 17:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB f:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-13 17:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB f:\windows\system32\lsass.exe
[-] 2008-04-13 17:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB f:\windows\system32\dllcache\cache\lsass.exe

[-] 2004-08-19 14:09 15360 64E41E8FEE655B03E3F19DED21BA5118 f:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-13 17:34 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 f:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-13 17:34 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 f:\windows\system32\ctfmon.exe
[-] 2008-04-13 17:34 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 f:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2005-08-10 10:15 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F f:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2008-04-13 17:34 57856 460E4CE148BD07218DA0B6A3D31885A9 f:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-13 17:34 57856 460E4CE148BD07218DA0B6A3D31885A9 f:\windows\system32\spoolsv.exe
[-] 2008-04-13 17:34 57856 460E4CE148BD07218DA0B6A3D31885A9 f:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2004-08-19 14:10 112640 FC21787F32E3793A4C7C02D2BFAA5AE0 f:\windows\$NtServicePackUninstall$\wuauclt.exe
[-] 2008-04-13 17:34 112640 7E3DEFE771CB451B0FF630BFA435417E f:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2008-04-13 17:34 112640 7E3DEFE771CB451B0FF630BFA435417E f:\windows\system32\wuauclt.exe
[-] 2008-04-13 17:34 112640 7E3DEFE771CB451B0FF630BFA435417E f:\windows\system32\dllcache\cache\wuauclt.exe

[-] 2004-08-19 14:10 25088 84717891F0734C611721F56C60B5FBC3 f:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-13 17:34 26624 E74DDB12188C2FF57A78624DBF7332FC f:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-13 17:34 26624 E74DDB12188C2FF57A78624DBF7332FC f:\windows\system32\userinit.exe
[-] 2008-04-13 17:34 26624 E74DDB12188C2FF57A78624DBF7332FC f:\windows\system32\dllcache\cache\userinit.exe

[-] 2004-08-19 14:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 f:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-13 17:33 297984 710BC85A8C22626EE094439E3EA0D38C f:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-13 17:33 297984 710BC85A8C22626EE094439E3EA0D38C f:\windows\system32\termsrv.dll
[-] 2008-04-13 17:33 297984 710BC85A8C22626EE094439E3EA0D38C f:\windows\system32\dllcache\cache\termsrv.dll

[-] 2004-08-19 14:09 1048576 C88F74591579DBDE273C61312B2D3886 f:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2008-04-13 17:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E f:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-13 17:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E f:\windows\system32\kernel32.dll
[-] 2008-04-13 17:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E f:\windows\system32\dllcache\cache\kernel32.dll

[-] 2004-08-19 14:09 17408 29D5E58FB089C41898A81BD4C8970F22 f:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-13 17:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 f:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-13 17:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 f:\windows\system32\powrprof.dll
[-] 2008-04-13 17:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 f:\windows\system32\dllcache\cache\powrprof.dll

[-] 2004-08-19 14:09 110080 E55DAFA1A354BD5CB69151563DC9748A f:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-13 17:33 110080 0469B73DB32E5520F342C5E163AA3CCA f:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-13 17:33 110080 0469B73DB32E5520F342C5E163AA3CCA f:\windows\system32\imm32.dll
[-] 2008-04-13 17:33 110080 0469B73DB32E5520F342C5E163AA3CCA f:\windows\system32\dllcache\cache\imm32.dll

[-] 2005-08-20 09:24 1548288 7FE89B78B561F9D32630EC2EC3D11590 f:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-13 17:33 1571840 E17C85D5B5CF477638433B851A98499E f:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-13 17:33 1571840 E17C85D5B5CF477638433B851A98499E f:\windows\system32\sfcfiles.dll
[-] 2008-04-13 17:33 1571840 E17C85D5B5CF477638433B851A98499E f:\windows\system32\dllcache\cache\sfcfiles.dll

[-] 2004-08-19 14:09 176640 7E9D138DC991BCCE6E6026CD74E69CC4 f:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-13 17:33 176640 F36C9F78FC902C8DCE4D3B576BB0435A f:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-13 17:33 176640 F36C9F78FC902C8DCE4D3B576BB0435A f:\windows\system32\appmgmts.dll
[-] 2008-04-13 17:33 176640 F36C9F78FC902C8DCE4D3B576BB0435A f:\windows\system32\dllcache\cache\appmgmts.dll

[-] 2004-08-19 14:00 25216 E798705E8DC7FAB596EF6BFDF167E007 f:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 17:05 25216 16813155807C6881F4BFBF6657424659 f:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 17:05 25216 16813155807C6881F4BFBF6657424659 f:\windows\system32\dllcache\cache\kbdclass.sys
[-] 2008-04-13 17:05 25216 16813155807C6881F4BFBF6657424659 f:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-29_13.17.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-29 15:20 . 2009-06-29 15:20 16384 f:\windows\Temp\Perflib_Perfdata_7c.dat
+ 2009-06-29 15:20 . 2008-07-26 06:25 109080 f:\windows\Temp\logishrd\LVPrcInj01.dll
- 2009-06-29 13:16 . 2009-06-29 13:17 109080 f:\windows\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="f:\documents and settings\Rockfr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]
"Steam"="f:\program files\Steam\Steam.exe" [2009-06-24 1217784]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="f:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="f:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-06-10 148888]
"Sunkist2k"="f:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 139264]
"LogitechCommunicationsManager"="f:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="f:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"RTHDCPL"="RTHDCPL.EXE" - f:\windows\RTHDCPL.exe [2008-02-13 16857600]
"Windows Data Serivce"="no6.exe" - f:\windows\system32\no6.exe [2009-06-27 176164]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="f:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="f:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

f:\documents and settings\Ota-icecream\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - f:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

f:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Wireless Utility.lnk - f:\program files\EDIMAX\Common\RaUI.exe [2009-5-8 716800]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dllcache]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MYS Mutex Algorithm Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WM System Decode Application]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\System32\\51.scr"=
"f:\\WINDOWS\\system32\\spoolsv.exe"=
"f:\\WINDOWS\\system32\\Ati2evxx.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"f:\\Program Files\\Fichiers communs\\logishrd\\LVMVFM\\LVPrcSrv.exe"=
"f:\\Program Files\\Fichiers communs\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
"f:\\WINDOWS\\RTHDCPL.EXE"=
"f:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"f:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"f:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"=
"f:\\Program Files\\Fichiers communs\\logishrd\\LComMgr\\Communications_Helper.exe"=
"f:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe"=
"f:\\Documents and Settings\\Rockfr\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"f:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"f:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe"=
"f:\\Program Files\\EDIMAX\\Common\\RaUI.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Fichiers communs\\logishrd\\LQCVFX\\COCIManager.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;f:\program files\Avira\AntiVir Desktop\sched.exe [08/05/2009 15:06 108289]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;f:\windows\system32\drivers\ScreamingBAudio.sys [27/03/2009 14:23 23064]
S2 amd64si;amd64si;\??\f:\windows\system32\drivers\amd64si.sys --> f:\windows\system32\drivers\amd64si.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\f:\docume~1\Rockfr\LOCALS~1\Temp\XOI18.tmp --> f:\docume~1\Rockfr\LOCALS~1\Temp\XOI18.tmp [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2009-06-28 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1563985344-725345543-1003.job
- f:\documents and settings\Rockfr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 16:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearch Page = hxxp://www.google.fr
uSearch Bar = hxxp://www.google.fr/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
mSearchAssistant = hxxp://www.google.fr/ie
FF - ProfilePath - f:\documents and settings\Rockfr\Application Data\Mozilla\Firefox\Profiles\k2jjqp9l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: f:\documents and settings\Rockfr\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 17:21
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\f:\docume~1\Rockfr\LOCALS~1\Temp\XOI18.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(828)
f:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5032)
f:\windows\TEMP\logishrd\LVPrcInj01.dll
f:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
f:\windows\system32\ati2evxx.exe
f:\program files\Avira\AntiVir Desktop\avguard.exe
f:\windows\system32\ati2evxx.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
f:\program files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
f:\windows\system32\WdfMgr.exe
f:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
f:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
f:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
f:\windows\no6.exe
f:\program files\Fichiers communs\logishrd\LQCVFX\COCIManager.exe
f:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-29 17:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-29 15:23
ComboFix2.txt 2009-06-29 13:19

Avant-CF: 60 320 727 040 octets libres
Après-CF: 60 311 379 968 octets libres

379
0
Réponse 15 / 18
Utilisateur anonyme
 
refait le car le fichier n'a pas été supprimer.Cette fois éxécute le en mode sans echec Je t'ai mis un nouveau script.
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour rockfr, il n'est pas transposable sur un autre ordinateur !
• Télécharge ce dossier:rockfr.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.
• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe
comme ceci :http://img155.imageshack.us/img155/4837/cfscriptop0.gif
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt
0
Réponse 16 / 18
Rockfr
 
Pendant le mode sans echec, antivir était désactivé mais combofix le voyait comme actif. J'ai démarré antivir qui m'affichait que antivir guard était désactivé, comme les autres fois.
Voila le rapport :

ComboFix 09-06-28.04 - Rockfr 29/06/2009 19:06.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1818 [GMT 2:00]
Lancé depuis: f:\documents and settings\Rockfr\Bureau\ComboFix.exe
Commutateurs utilisés :: f:\documents and settings\Rockfr\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-06-29 ))))))))))))))))))))))))))))))))))))
.

2009-06-28 14:50 . 2008-04-13 17:33 4255 ------w- f:\windows\system32\drivers\adv01nt5.dll
2009-06-28 14:33 . 2009-06-28 14:33 41216 ----a-w- f:\windows\system32\drivers\systemntmi.VIR
2009-06-28 14:13 . 2009-06-29 14:10 -------- d-----w- F:\rsit
2009-06-28 14:13 . 2009-06-29 14:10 -------- d-----w- f:\program files\trend micro
2009-06-28 10:34 . 2009-06-28 10:53 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-28 10:34 . 2009-06-28 10:34 -------- d-----w- f:\program files\Spybot - Search & Destroy
2009-06-28 10:03 . 2009-06-28 10:05 -------- d-----w- f:\program files\Counter-Strike Source LAN Edition
2009-06-28 09:59 . 2009-06-28 09:59 21673 ---h--w- f:\documents and settings\LocalService\LocalService.exe
2009-06-27 21:09 . 2009-06-27 21:09 1052672 ----a-w- f:\windows\system32\51.scr
2009-06-27 20:55 . 2009-06-27 20:55 176164 --sh--r- f:\windows\no6.exe
2009-06-27 20:53 . 2009-06-27 20:55 176164 ----a-w- f:\windows\system32\no6.exe
2009-06-27 13:24 . 2009-06-27 13:24 -------- d-----w- f:\documents and settings\Rockfr\Application Data\Leadertech
2009-06-27 13:22 . 2009-06-28 14:30 -------- d-----w- f:\documents and settings\All Users\Application Data\Logishrd
2009-06-27 13:22 . 2009-06-27 13:22 -------- d-----w- f:\documents and settings\All Users\Application Data\Logitech
2009-06-27 13:22 . 2009-06-27 13:22 -------- d-----w- f:\program files\Logitech
2009-06-26 16:54 . 2009-06-26 16:54 -------- d-----w- f:\windows\Sun
2009-06-26 16:14 . 2009-06-27 18:49 163880 --sh--r- f:\windows\mpupd.exe
2009-06-26 16:14 . 2009-06-27 18:49 163880 ----a-w- f:\windows\system32\mpupd.exe
2009-06-26 16:13 . 2009-06-29 09:12 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
2009-06-24 13:39 . 2009-06-24 13:39 1632105 ----a-w- f:\windows\Counter-Strike Source LAN Edition Uninstaller.exe
2009-06-24 10:57 . 2009-06-29 16:58 -------- d-----w- f:\program files\Steam
2009-06-23 10:40 . 2009-06-28 10:26 -------- d-----w- f:\program files\Garena
2009-06-21 19:53 . 2009-06-21 19:54 -------- d-----w- f:\program files\Yu-Gi-Oh Virtual Battle 5
2009-06-18 19:00 . 2009-06-27 21:34 -------- d-----w- f:\documents and settings\Rockfr\Application Data\dvdcss
2009-06-18 14:33 . 2009-06-18 14:33 -------- d-----w- f:\program files\Cube
2009-06-16 18:28 . 2009-06-16 18:28 -------- d-----w- f:\program files\Multimedia Card Reader
2009-06-16 18:28 . 2009-06-16 18:28 -------- d-----w- f:\windows\Downloaded Installations
2009-06-16 17:36 . 2009-06-29 10:36 -------- d-----w- f:\windows\system32\NtmsData
2009-06-14 09:55 . 2009-06-14 09:55 413696 ----a-w- f:\windows\system32\wrap_oal.dll
2009-06-14 09:55 . 2009-06-14 09:55 110592 ----a-w- f:\windows\system32\OpenAL32.dll
2009-06-14 09:55 . 2009-06-14 09:55 -------- d-----w- f:\program files\OpenAL
2009-06-14 09:55 . 2009-06-14 09:55 -------- d-----w- f:\program files\AssaultCube_v1.0
2009-06-12 17:13 . 2009-06-12 17:13 8478 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}\_6FEFF9B68218417F98F549.exe
2009-06-12 17:13 . 2009-06-12 17:13 8478 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}\_4F170B61CB00A7A4234D88.exe
2009-06-12 17:13 . 2009-06-12 17:13 8478 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}\_26AF075A84C2886D026ECB.exe
2009-06-12 16:53 . 2009-06-12 16:53 -------- d-----w- f:\documents and settings\Rockfr\Application Data\Screaming Bee
2009-06-12 16:53 . 2009-06-12 16:53 104470 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{10C6EB34-4423-4DBA-AECA-76540029FF83}\_6FEFF9B68218417F98F549.exe
2009-06-12 16:53 . 2009-06-12 16:53 104470 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{10C6EB34-4423-4DBA-AECA-76540029FF83}\_41028F12A1974CC7604D2B.exe
2009-06-12 16:53 . 2009-06-12 16:53 104470 ----a-r- f:\documents and settings\Rockfr\Application Data\Microsoft\Installer\{10C6EB34-4423-4DBA-AECA-76540029FF83}\_23CEE41CC0D19EFD8A71F4.exe
2009-06-12 16:53 . 2009-06-29 10:23 -------- d-----w- f:\documents and settings\All Users\Application Data\Screaming Bee
2009-06-12 16:53 . 2009-06-12 17:24 -------- d-----w- f:\program files\Screaming Bee
2009-06-11 16:57 . 2009-06-11 16:58 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\Google
2009-06-11 16:57 . 2009-06-11 16:57 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\Deployment
2009-06-10 21:04 . 2009-06-10 21:04 -------- d-----w- F:\Maps
2009-06-10 21:04 . 2009-06-10 21:04 -------- d-----w- F:\replay
2009-06-10 13:17 . 2009-06-10 13:17 410984 ----a-w- f:\windows\system32\deploytk.dll
2009-06-10 13:17 . 2009-06-10 13:17 -------- d-----w- f:\program files\Java
2009-06-10 13:17 . 2009-06-10 13:17 152576 ----a-w- f:\documents and settings\Rockfr\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-10 11:29 . 2009-06-10 11:30 -------- d-----w- f:\program files\Warkeys
2009-06-09 16:03 . 2009-06-09 16:03 -------- d-s---w- f:\documents and settings\Ota-icecream\UserData
2009-06-09 16:03 . 2009-06-09 16:03 17840 ----a-w- f:\documents and settings\Ota-icecream\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 16:03 . 2009-06-09 16:03 -------- d-----w- f:\documents and settings\Ota-icecream\Local Settings\Application Data\ATI
2009-06-09 16:03 . 2009-06-09 16:03 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\ATI
2009-06-01 07:45 . 2009-06-01 07:45 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\Turbine
2009-06-01 07:44 . 2009-06-01 07:44 129 ----a-w- f:\documents and settings\Rockfr\Local Settings\Application Data\fusioncache.dat
2009-06-01 07:44 . 2009-06-29 14:51 -------- d-----w- f:\documents and settings\Rockfr\Local Settings\Application Data\ApplicationHistory
2009-06-01 07:43 . 2009-06-01 07:43 -------- d-----w- f:\windows\system32\URTTEMP
2009-06-01 07:28 . 2009-06-01 07:28 -------- d-----w- f:\documents and settings\Rockfr\Application Data\OpenArena
2009-06-01 07:27 . 2009-06-01 07:27 -------- d-----w- f:\program files\Codemasters
2009-05-31 09:26 . 2009-05-31 09:26 -------- d-----w- F:\Sounds
2009-05-31 09:12 . 2008-11-11 11:42 24832 ----a-w- f:\windows\system32\drivers\lgusbmodem.sys
2009-05-31 09:12 . 2008-11-11 11:41 19968 ----a-w- f:\windows\system32\drivers\lgusbdiag.sys
2009-05-31 09:12 . 2008-11-11 11:41 13056 ----a-w- f:\windows\system32\drivers\lgusbbus.sys
2009-05-31 09:12 . 2009-05-31 09:12 -------- d-----w- f:\program files\LG Electronics
2009-05-31 09:12 . 2007-11-08 14:26 1164728 ----a-w- f:\windows\system32\NMSDVDXU.dll
2009-05-31 09:11 . 2009-05-31 09:11 -------- d-----w- f:\documents and settings\Rockfr\Application Data\LG Electronics
2009-05-31 09:11 . 2009-06-06 19:49 -------- d-----w- f:\program files\LG PC Suite II

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 16:48 . 2009-05-15 14:05 -------- d-----w- f:\program files\Warcraft III
2009-06-29 10:53 . 2009-06-29 10:53 -------- d-----w- f:\program files\Fichiers communs\Logitech
2009-06-28 15:02 . 2001-10-02 16:17 84956 ----a-w- f:\windows\system32\perfc00C.dat
2009-06-28 15:02 . 2001-10-02 16:17 509844 ----a-w- f:\windows\system32\perfh00C.dat
2009-06-28 15:02 . 2009-05-27 14:04 17840 ----a-w- f:\documents and settings\Rockfr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-28 14:57 . 2009-05-08 12:01 86331 ----a-w- f:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-27 13:23 . 2009-06-27 13:21 -------- d-----w- f:\program files\Fichiers communs\logishrd
2009-06-25 12:06 . 2009-05-11 17:01 -------- d-----w- f:\documents and settings\Rockfr\Application Data\gtk-2.0
2009-06-16 18:28 . 2009-05-08 12:41 -------- d-----w- f:\program files\Fichiers communs\InstallShield
2009-06-12 16:47 . 2009-05-08 12:30 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-06-09 15:18 . 2009-05-13 09:59 -------- d-----w- f:\documents and settings\Rockfr\Application Data\teamspeak2
2009-05-27 14:04 . 2009-05-27 14:04 -------- d-----w- f:\documents and settings\Rockfr\Application Data\ATI
2009-05-27 14:04 . 2009-05-27 14:04 -------- d-----w- f:\documents and settings\All Users\Application Data\ATI
2009-05-27 10:03 . 2009-05-27 10:03 69024 ----a-w- f:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-27 10:03 . 2009-05-27 10:03 -------- d-----w- f:\program files\MSBuild
2009-05-27 10:03 . 2009-05-27 10:03 -------- d-----w- f:\program files\Reference Assemblies
2009-05-27 10:01 . 2009-05-27 10:01 -------- d-----w- f:\program files\MSXML 6.0
2009-05-18 18:04 . 2009-05-18 18:04 -------- d-----w- f:\program files\LimeWire
2009-05-15 14:10 . 2009-05-15 14:05 -------- d-----w- f:\program files\Fichiers communs\Blizzard Entertainment
2009-05-13 14:26 . 2009-05-13 14:26 -------- d-----w- f:\program files\Common Files
2009-05-13 09:59 . 2009-05-13 09:59 -------- d-----w- f:\program files\Teamspeak2_RC2
2009-05-10 18:29 . 2009-05-10 18:29 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\gtk-2.0
2009-05-10 18:17 . 2009-05-10 18:17 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\vlc
2009-05-10 18:08 . 2009-05-10 18:08 1 ----a-w- f:\documents and settings\Ota-icecream\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-10 18:07 . 2009-05-10 18:07 -------- d-----w- f:\documents and settings\Ota-icecream\Application Data\OpenOffice.org
2009-05-10 18:07 . 2009-05-10 18:07 -------- d-----w- f:\program files\OpenOffice.org 3
2009-05-08 15:12 . 2009-05-08 15:12 -------- d-----w- f:\program files\CCleaner
2009-05-08 15:11 . 2009-05-08 15:11 96 ---ha-w- f:\windows\system32\HsInfo.dat
2009-05-08 15:05 . 2009-05-08 15:05 -------- d-----w- f:\program files\alaplaya
2009-05-08 14:46 . 2009-05-08 14:46 0 ----a-w- f:\windows\nsreg.dat
2009-05-08 14:11 . 2009-05-08 13:22 -------- d-----w- f:\program files\ATI
2009-05-08 13:28 . 2009-05-08 13:28 0 ----a-w- f:\windows\ativpsrm.bin
2009-05-08 13:21 . 2009-05-08 13:21 -------- d-----w- f:\program files\ATI Technologies
2009-05-08 13:06 . 2009-05-08 13:06 -------- d-----w- f:\program files\Avira
2009-05-08 13:06 . 2009-05-08 13:06 -------- d-----w- f:\documents and settings\All Users\Application Data\Avira
2009-05-08 13:03 . 2009-05-08 13:03 -------- d-----w- f:\program files\GIMP-2.0
2009-05-08 13:00 . 2009-05-08 13:00 -------- d-----w- f:\documents and settings\Rockfr\Application Data\vlc
2009-05-08 13:00 . 2009-05-08 13:00 -------- d-----w- f:\program files\VideoLAN
2009-05-08 13:00 . 2009-05-08 13:00 -------- d-----w- f:\program files\IZArc
2009-05-08 12:53 . 2009-05-08 12:53 1915520 ----a-w- f:\documents and settings\Rockfr\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-08 12:41 . 2009-05-08 12:41 -------- d-----w- f:\program files\Realtek
2009-05-08 12:41 . 2009-05-08 12:41 315392 ----a-w- f:\windows\HideWin.exe
2009-05-08 12:36 . 2009-05-08 12:36 -------- d-----w- f:\program files\Intel
2009-05-08 12:31 . 2009-05-08 12:31 376832 ----a-w- f:\windows\system32\AegisI5Installer.exe
2009-05-08 12:31 . 2009-05-08 12:31 21361 ----a-w- f:\windows\system32\drivers\AegisP.sys
2009-05-08 12:30 . 2009-05-08 12:30 -------- d-----w- f:\program files\EDIMAX
2009-05-08 12:30 . 2009-05-08 12:30 -------- d-----w- f:\documents and settings\Rockfr\Application Data\InstallShield
2009-05-08 12:03 . 2009-05-08 12:03 -------- d-----w- f:\program files\microsoft frontpage
2009-05-08 12:01 . 2009-05-08 12:01 -------- d-----w- f:\program files\Services en ligne
2009-05-08 11:59 . 2009-05-08 11:59 21892 ----a-w- f:\windows\system32\emptyregdb.dat
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- f:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- f:\windows\system32\msvcr71.dll
.

------- Sigcheck -------

[-] 2004-08-19 14:10 14336 2979B03D5382A602623C0535B16AB9C0 f:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-13 17:34 14336 E4BDF223CD75478BF44567B4D5C2634D f:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-13 17:34 14336 E4BDF223CD75478BF44567B4D5C2634D f:\windows\system32\svchost.exe
[-] 2008-04-13 17:34 14336 E4BDF223CD75478BF44567B4D5C2634D f:\windows\system32\dllcache\cache\svchost.exe

[-] 2005-07-26 13:01 578048 0DF75FB73F705B011630159A43D7C354 f:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-13 17:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 f:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-13 17:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 f:\windows\system32\user32.dll
[-] 2008-04-13 17:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 f:\windows\system32\dllcache\cache\user32.dll

[-] 2004-08-19 14:09 82944 EED74B969B2CA1ACC558FF60FB420E28 f:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-13 17:33 82432 FB836F9E62D82904C983AD21296A5D9C f:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-13 17:33 82432 FB836F9E62D82904C983AD21296A5D9C f:\windows\system32\ws2_32.dll
[-] 2008-04-13 17:33 82432 FB836F9E62D82904C983AD21296A5D9C f:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2005-12-14 11:12 662528 E41E8FDF62CF20F2E2B16D800D96EB51 f:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2008-04-13 17:33 670208 4A6E04EA20F48D750D9BFED8600D516B f:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-13 17:33 670208 4A6E04EA20F48D750D9BFED8600D516B f:\windows\system32\wininet.dll
[-] 2008-04-13 17:33 670208 4A6E04EA20F48D750D9BFED8600D516B f:\windows\system32\dllcache\cache\wininet.dll

[-] 2006-02-14 19:56 359808 667192A11DB19F36624119C0DD4DE4F2 f:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 10:20 361344 93EA8D04EC73A85DB02EB8805988F733 f:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 10:20 361344 93EA8D04EC73A85DB02EB8805988F733 f:\windows\system32\dllcache\cache\tcpip.sys
[-] 2008-04-13 10:20 361344 93EA8D04EC73A85DB02EB8805988F733 f:\windows\system32\drivers\tcpip.sys

[-] 2004-08-19 14:10 506368 123EEA158F74D0F67A51DCDF065D1091 f:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-13 17:34 512000 DD73D6B9F6B4CB630CF35B438B540174 f:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-13 17:34 512000 DD73D6B9F6B4CB630CF35B438B540174 f:\windows\system32\winlogon.exe
[-] 2008-04-13 17:34 512000 DD73D6B9F6B4CB630CF35B438B540174 f:\windows\system32\dllcache\cache\winlogon.exe

[-] 2004-08-03 21:14 182912 558635D3AF1C7546D26067D5D9B6959E f:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 10:20 182656 1DF7F42665C94B825322FAE71721130D f:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 10:20 182656 1DF7F42665C94B825322FAE71721130D f:\windows\system32\dllcache\cache\ndis.sys
[-] 2008-04-13 10:20 182656 1DF7F42665C94B825322FAE71721130D f:\windows\system32\drivers\ndis.sys

[-] 2004-08-03 21:00 29056 4448006B6BC60E6C027932CFC38D6855 f:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 09:53 36608 3BB22519A194418D5FEC05D800A19AD0 f:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 09:53 36608 3BB22519A194418D5FEC05D800A19AD0 f:\windows\system32\dllcache\cache\ip6fw.sys
[-] 2008-04-13 09:53 36608 3BB22519A194418D5FEC05D800A19AD0 f:\windows\system32\drivers\ip6fw.sys

[-] 2006-01-09 11:34 2017280 50B3A210B6FA8D3089A36A32E7D8B21F f:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-04-13 17:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F f:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2008-04-13 17:07 2025984 92E82482CDB39929CF7B541A9648AFAE f:\windows\system32\ntkrnlpa.exe
[-] 2008-04-13 17:07 2025984 92E82482CDB39929CF7B541A9648AFAE f:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-07-26 13:01 2137600 E75F7AA5A33479F29C636FD0890F5762 f:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-04-13 17:08 2191104 099D639DA1EF6968D4E41795BB507E6B f:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 17:07 2147328 B10C36956EB7A8B1586DBE3B43875280 f:\windows\system32\ntoskrnl.exe
[-] 2008-04-13 17:07 2147328 B10C36956EB7A8B1586DBE3B43875280 f:\windows\system32\dllcache\cache\ntoskrnl.exe

[-] 2008-04-13 17:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD f:\windows\explorer.exe
[-] 2005-07-26 13:01 1036288 0BEE3B07ACE3303EE57698808E1D2DE3 f:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-13 17:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD f:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-13 17:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD f:\windows\system32\dllcache\cache\explorer.exe

[-] 2004-08-19 14:10 108544 63DCDE1A0D86EEB8924D6738FF616EAD f:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-13 17:34 109056 54CB50058851D95E56EC70D09F70857F f:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-13 17:34 109056 54CB50058851D95E56EC70D09F70857F f:\windows\system32\services.exe
[-] 2008-04-13 17:34 109056 54CB50058851D95E56EC70D09F70857F f:\windows\system32\dllcache\cache\services.exe

[-] 2004-08-19 14:09 13312 259AF82A0932EEA4F316F92DB94707B6 f:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-13 17:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB f:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-13 17:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB f:\windows\system32\lsass.exe
[-] 2008-04-13 17:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB f:\windows\system32\dllcache\cache\lsass.exe

[-] 2004-08-19 14:09 15360 64E41E8FEE655B03E3F19DED21BA5118 f:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-13 17:34 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 f:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-13 17:34 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 f:\windows\system32\ctfmon.exe
[-] 2008-04-13 17:34 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 f:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2005-08-10 10:15 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F f:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2008-04-13 17:34 57856 460E4CE148BD07218DA0B6A3D31885A9 f:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-13 17:34 57856 460E4CE148BD07218DA0B6A3D31885A9 f:\windows\system32\spoolsv.exe
[-] 2008-04-13 17:34 57856 460E4CE148BD07218DA0B6A3D31885A9 f:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2004-08-19 14:10 112640 FC21787F32E3793A4C7C02D2BFAA5AE0 f:\windows\$NtServicePackUninstall$\wuauclt.exe
[-] 2008-04-13 17:34 112640 7E3DEFE771CB451B0FF630BFA435417E f:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2008-04-13 17:34 112640 7E3DEFE771CB451B0FF630BFA435417E f:\windows\system32\wuauclt.exe
[-] 2008-04-13 17:34 112640 7E3DEFE771CB451B0FF630BFA435417E f:\windows\system32\dllcache\cache\wuauclt.exe

[-] 2004-08-19 14:10 25088 84717891F0734C611721F56C60B5FBC3 f:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-13 17:34 26624 E74DDB12188C2FF57A78624DBF7332FC f:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-13 17:34 26624 E74DDB12188C2FF57A78624DBF7332FC f:\windows\system32\userinit.exe
[-] 2008-04-13 17:34 26624 E74DDB12188C2FF57A78624DBF7332FC f:\windows\system32\dllcache\cache\userinit.exe

[-] 2004-08-19 14:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 f:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-13 17:33 297984 710BC85A8C22626EE094439E3EA0D38C f:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-13 17:33 297984 710BC85A8C22626EE094439E3EA0D38C f:\windows\system32\termsrv.dll
[-] 2008-04-13 17:33 297984 710BC85A8C22626EE094439E3EA0D38C f:\windows\system32\dllcache\cache\termsrv.dll

[-] 2004-08-19 14:09 1048576 C88F74591579DBDE273C61312B2D3886 f:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2008-04-13 17:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E f:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-13 17:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E f:\windows\system32\kernel32.dll
[-] 2008-04-13 17:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E f:\windows\system32\dllcache\cache\kernel32.dll

[-] 2004-08-19 14:09 17408 29D5E58FB089C41898A81BD4C8970F22 f:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-13 17:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 f:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-13 17:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 f:\windows\system32\powrprof.dll
[-] 2008-04-13 17:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 f:\windows\system32\dllcache\cache\powrprof.dll

[-] 2004-08-19 14:09 110080 E55DAFA1A354BD5CB69151563DC9748A f:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-13 17:33 110080 0469B73DB32E5520F342C5E163AA3CCA f:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-13 17:33 110080 0469B73DB32E5520F342C5E163AA3CCA f:\windows\system32\imm32.dll
[-] 2008-04-13 17:33 110080 0469B73DB32E5520F342C5E163AA3CCA f:\windows\system32\dllcache\cache\imm32.dll

[-] 2005-08-20 09:24 1548288 7FE89B78B561F9D32630EC2EC3D11590 f:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-13 17:33 1571840 E17C85D5B5CF477638433B851A98499E f:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-13 17:33 1571840 E17C85D5B5CF477638433B851A98499E f:\windows\system32\sfcfiles.dll
[-] 2008-04-13 17:33 1571840 E17C85D5B5CF477638433B851A98499E f:\windows\system32\dllcache\cache\sfcfiles.dll

[-] 2004-08-19 14:09 176640 7E9D138DC991BCCE6E6026CD74E69CC4 f:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-13 17:33 176640 F36C9F78FC902C8DCE4D3B576BB0435A f:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-13 17:33 176640 F36C9F78FC902C8DCE4D3B576BB0435A f:\windows\system32\appmgmts.dll
[-] 2008-04-13 17:33 176640 F36C9F78FC902C8DCE4D3B576BB0435A f:\windows\system32\dllcache\cache\appmgmts.dll

[-] 2004-08-19 14:00 25216 E798705E8DC7FAB596EF6BFDF167E007 f:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 17:05 25216 16813155807C6881F4BFBF6657424659 f:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 17:05 25216 16813155807C6881F4BFBF6657424659 f:\windows\system32\dllcache\cache\kbdclass.sys
[-] 2008-04-13 17:05 25216 16813155807C6881F4BFBF6657424659 f:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="f:\documents and settings\Rockfr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104]
"Steam"="f:\program files\Steam\Steam.exe" [2009-06-24 1217784]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="f:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="f:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-06-10 148888]
"Sunkist2k"="f:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 139264]
"LogitechCommunicationsManager"="f:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="f:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"RTHDCPL"="RTHDCPL.EXE" - f:\windows\RTHDCPL.exe [2008-02-13 16857600]
"Windows Data Serivce"="no6.exe" - f:\windows\system32\no6.exe [2009-06-27 176164]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="f:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="f:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

f:\documents and settings\Ota-icecream\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - f:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

f:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Wireless Utility.lnk - f:\program files\EDIMAX\Common\RaUI.exe [2009-5-8 716800]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dllcache]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MYS Mutex Algorithm Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WM System Decode Application]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\System32\\51.scr"=
"f:\\WINDOWS\\system32\\spoolsv.exe"=
"f:\\WINDOWS\\system32\\Ati2evxx.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"f:\\Program Files\\Fichiers communs\\logishrd\\LVMVFM\\LVPrcSrv.exe"=
"f:\\Program Files\\Fichiers communs\\LogiShrd\\LVCOMSER\\LVComSer.exe"=
"f:\\WINDOWS\\RTHDCPL.EXE"=
"f:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"f:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
"f:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"=
"f:\\Program Files\\Fichiers communs\\logishrd\\LComMgr\\Communications_Helper.exe"=
"f:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe"=
"f:\\Documents and Settings\\Rockfr\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"f:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"f:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe"=
"f:\\Program Files\\EDIMAX\\Common\\RaUI.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Fichiers communs\\logishrd\\LQCVFX\\COCIManager.exe"=

S2 amd64si;amd64si;\??\f:\windows\system32\drivers\amd64si.sys --> f:\windows\system32\drivers\amd64si.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;f:\program files\Avira\AntiVir Desktop\sched.exe [08/05/2009 15:06 108289]
S3 GarenaPEngine;GarenaPEngine;\??\f:\docume~1\Rockfr\LOCALS~1\Temp\XOI18.tmp --> f:\docume~1\Rockfr\LOCALS~1\Temp\XOI18.tmp [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;f:\windows\system32\drivers\ScreamingBAudio.sys [27/03/2009 14:23 23064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2009-06-28 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1563985344-725345543-1003.job
- f:\documents and settings\Rockfr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 16:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
FF - ProfilePath - f:\documents and settings\Rockfr\Application Data\Mozilla\Firefox\Profiles\k2jjqp9l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: f:\documents and settings\Rockfr\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 19:11
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\f:\docume~1\Rockfr\LOCALS~1\Temp\XOI18.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(260)
f:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1756)
f:\windows\system32\eappprxy.dll
.
Heure de fin: 2009-06-29 19:14
ComboFix-quarantined-files.txt 2009-06-29 17:14
ComboFix2.txt 2009-06-29 15:23
ComboFix3.txt 2009-06-29 13:19

Avant-CF: 60 392 108 032 octets libres
Après-CF: 60 376 944 640 octets libres

347
0
Réponse 17 / 18
Utilisateur anonyme
 
• Télécharge et installe Malwarebytes' Anti-Malware
• (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste le rapport de scan après la suppression ici
• Si tu as besoin d’aide regarde ce tutorial
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 18 / 18
Rockfr
 
Salut, j'ai reformaté mon ordinateur, et le probleme est réglé. En tout cas merci beaucoup pour ton aide . a+
0

Discussions similaires

Comment associer 1 produit sur plusieurs EAN dans Prestashop?
pinetclaude409 -
dallemarre2 -

1 réponse
Prestashop pack à choix multiples
plop78 -
Ndkdesign -

11 réponses
prestashop ne veut pas marcher
ComradeCat -
CCMBot -

1 réponse
Prestashop : Produits phares non visibles
douloulup -
123 -

13 réponses
Paris multiple : explications de 2/3, 3/4, 2/4, 2/5, etc.
florent.c -
Aide -

85 réponses