Infection au spyware !!! AIDE-SVP !!

Spychiclo -  
darkpoet Messages postés 1696 Statut Contributeur sécurité -
Bonjour,

j'ai un gros problème avec un spyware du nom de ... je sais pas en fait, mais l'infection c'est home anti-virus 2010 ! J'ai déja fait des scan avec avira, superanti spyware et malawarebytes.

Merci d'avance pour votre aide !!
Spychiclo
A voir également:

35 réponses

Précédent
  • 1
  • 2
Réponse 21 / 35
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
tu peux coller un rapport hijackthis(ca mange pas de pain!)

ensuite fais le poste 13(combofix)
0
Réponse 22 / 35
Spychiclo
 
Voici donc le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:31:06, on 2009-07-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ms18_word.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pierre\ms18_word.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntbackup.exe
C:\WINDOWS\system32\rsmsink.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ms18_word] C:\WINDOWS\system32\ms18_word.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Home Antivirus 2010] "C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ms18_word] C:\Documents and Settings\Pierre\ms18_word.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1993962763-73586283-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: rncsys32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: rncsys32.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: rncsys32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\devenum32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: bcaf0ce9620 - C:\WINDOWS\System32\devenum32.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
0
Réponse 23 / 35
Spychiclo
 
pour le moment je ne peut pas faire combofix je suis en train de faire une sauvegarde de mon ordi !
0
Réponse 24 / 35
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
tu sauvegardes quoi?
faut pas tout sauvegarder car tu vas sauvegarder les virus avec!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 35
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
home antivirus est un rogue
je pense pas que tu parviendras a tout dégommer en manuel
il y a beaucoup trop de ligne a retirer
de plus d'avoir cutwail tu as daurso...t'es vachement bien infecté;ton pc sert de botnet,j'espère qu'il ne va pas y avoir de casse
passe a combofix
0
Réponse 26 / 35
Spychiclo
 
Voici le rapport de combofix :

ComboFix 09-07-25.04 - Pierre 2009-07-26 4:57.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.2047.1564 [GMT -4:00]
Running from: c:\documents and settings\Pierre\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Pierre\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Pierre\Application Data\020000002c665e2a620C.manifest
c:\documents and settings\Pierre\Application Data\020000002c665e2a620O.manifest
c:\documents and settings\Pierre\Application Data\020000002c665e2a620P.manifest
c:\documents and settings\Pierre\Application Data\020000002c665e2a620S.manifest
c:\documents and settings\Pierre\Application Data\wiaserva.log
c:\documents and settings\Pierre\Local Settings\Temp\IadHide4.dll
c:\documents and settings\Pierre\Local Settings\Temporary Internet Files\nisawu._dl
c:\documents and settings\Pierre\Local Settings\Temporary Internet Files\nudosuwina.pif
c:\documents and settings\Pierre\Local Settings\Temporary Internet Files\omegeqeri.exe
c:\documents and settings\Pierre\Local Settings\Temporary Internet Files\vizi.dat
c:\documents and settings\Pierre\ms18_word.exe
c:\documents and settings\Pierre\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\GnuHashes.ini
c:\windows\system32\drivers\netsik.sys
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\ms18_word.exe
c:\windows\system32\SystemX86
c:\windows\system32\SystemX86\181.crack.zip
c:\windows\system32\SystemX86\181.crack.zip.kwd
c:\windows\system32\SystemX86\182.keygen.zip
c:\windows\system32\SystemX86\182.keygen.zip.kwd
c:\windows\system32\SystemX86\183.serial.zip
c:\windows\system32\SystemX86\183.serial.zip.kwd
c:\windows\system32\SystemX86\184.setup.zip
c:\windows\system32\SystemX86\184.setup.zip.kwd
c:\windows\system32\SystemX86\185.music.au
c:\windows\system32\SystemX86\185.music.au.kwd
c:\windows\system32\SystemX86\186.music.mp3
c:\windows\system32\SystemX86\186.music.mp3.kwd
c:\windows\system32\SystemX86\187.music2.au
c:\windows\system32\SystemX86\187.music2.au.kwd
c:\windows\system32\SystemX86\188.music.snd
c:\windows\system32\SystemX86\188.music.snd.kwd
c:\windows\system32\tmp.reg
c:\windows\system32\wisdstr.exe
c:\windows\system32\yFJyT.vbs
D:\AUTORUN.INF


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI64SI
-------\Legacy_BOONTY_GAMES
-------\Legacy_FIPS32CUP
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SYSTEMNTMI
-------\Service_ati64si
-------\Service_Boonty Games
-------\Service_fips32cup
-------\Service_ksi32sk
-------\Service_netsik
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_systemntmi


((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 08:07 . 2009-07-26 08:41 -------- d-----w- c:\windows\system32\NtmsData
2009-07-26 06:18 . 2009-07-26 08:30 -------- d-----w- c:\program files\trend micro
2009-07-26 06:18 . 2009-07-26 06:18 -------- d-----w- C:\rsit
2009-07-25 05:57 . 2009-07-25 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-07-25 05:54 . 2008-09-04 20:11 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-07-25 05:54 . 2009-07-25 05:54 10134 ------r- c:\documents and settings\Pierre\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-25 05:54 . 2009-07-25 05:54 -------- d-----w- c:\program files\Microsoft WSE
2009-07-25 05:53 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-07-25 05:53 . 2009-07-25 05:53 -------- d-----w- c:\windows\Logs
2009-07-25 02:21 . 2009-07-25 02:21 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-07-25 02:21 . 2009-07-25 02:21 117760 ------w- c:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-25 02:20 . 2009-07-25 02:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-07-25 02:20 . 2009-07-25 02:20 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-07-23 15:37 . 2009-07-26 07:23 117760 ------w- c:\documents and settings\Pierre\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-23 15:36 . 2009-07-23 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-23 15:36 . 2009-07-23 15:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-23 15:36 . 2009-07-23 15:36 -------- d-----w- c:\documents and settings\Pierre\Application Data\SUPERAntiSpyware.com
2009-07-23 15:35 . 2009-07-23 15:35 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-23 10:54 . 2009-07-23 10:54 19217 ----a-w- c:\windows\wytegyb.dat
2009-07-23 10:54 . 2009-07-23 10:54 14567 ------w- c:\documents and settings\Pierre\Application Data\ibesuq.bat
2009-07-23 10:54 . 2009-07-23 10:54 17208 ----a-w- c:\windows\system32\kelefuw.bin
2009-07-23 10:54 . 2009-07-23 10:54 16339 ------w- c:\documents and settings\Pierre\Application Data\aribikaz.exe
2009-07-23 10:54 . 2009-07-23 10:54 14914 ----a-w- c:\documents and settings\Pierre\Local Settings\Application Data\ixalarypy.pif
2009-07-23 10:54 . 2009-07-23 10:54 14229 ----a-w- c:\program files\Fichiers communs\ojam.com
2009-07-23 10:54 . 2009-07-23 10:54 12406 ----a-w- c:\windows\ezecu.scr
2009-07-23 10:54 . 2009-07-23 10:54 10738 ----a-w- c:\program files\Fichiers communs\tecut.reg
2009-07-23 10:54 . 2009-07-23 10:54 10274 ------w- c:\documents and settings\Pierre\Application Data\jodet.exe
2009-07-23 02:54 . 2009-07-23 02:54 -------- d-----w- c:\documents and settings\Pierre\Application Data\Malwarebytes
2009-07-23 02:54 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 02:53 . 2009-07-23 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-23 02:53 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 02:53 . 2009-07-23 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 01:56 . 2009-07-23 01:56 19794 ------w- c:\documents and settings\Pierre\Application Data\qewucejoge.bat
2009-07-23 01:56 . 2009-07-23 01:56 19772 ----a-w- c:\documents and settings\Pierre\Local Settings\Application Data\utabaz.bin
2009-07-23 01:56 . 2009-07-23 01:56 18460 ------w- c:\documents and settings\Pierre\Application Data\ityqe.pif
2009-07-23 01:56 . 2009-07-23 01:56 18068 ----a-w- c:\program files\Fichiers communs\gasagyh.dat
2009-07-23 01:56 . 2009-07-23 01:56 13314 ----a-w- c:\program files\Fichiers communs\javabof.reg
2009-07-23 01:56 . 2009-07-23 01:56 12044 ----a-w- c:\windows\system32\gedyqena.exe
2009-07-23 01:56 . 2009-07-23 01:56 10532 ----a-w- c:\windows\system32\yzam.sys
2009-07-23 01:56 . 2009-07-23 01:56 10305 ----a-w- c:\program files\Fichiers communs\ocevaq.com
2009-07-23 01:56 . 2009-07-23 01:56 19090 ----a-w- c:\program files\Fichiers communs\oduzacywa.reg
2009-07-23 01:56 . 2009-07-23 01:56 11432 ----a-w- c:\documents and settings\Pierre\Local Settings\Application Data\gafaxuvab.pif
2009-07-23 01:56 . 2009-07-23 01:56 11228 ----a-w- c:\documents and settings\Pierre\Local Settings\Application Data\paru.dat
2009-07-23 01:56 . 2009-07-23 01:56 10668 ----a-w- c:\documents and settings\Pierre\Local Settings\Application Data\tagekive.vbs
2009-07-23 00:08 . 2009-07-23 00:08 19493 ------w- c:\documents and settings\Pierre\Application Data\awomuje.com
2009-07-23 00:08 . 2009-07-23 00:08 19283 ------w- c:\documents and settings\Pierre\Application Data\piryza.exe
2009-07-23 00:08 . 2009-07-23 00:08 17175 ----a-w- c:\windows\yfyxod.dat
2009-07-23 00:08 . 2009-07-23 00:08 16368 ----a-w- c:\windows\system32\welulyga.vbs
2009-07-23 00:08 . 2009-07-23 00:08 16148 ----a-w- c:\windows\system32\ekysu.dll
2009-07-23 00:08 . 2009-07-23 00:08 16016 ----a-w- c:\documents and settings\Pierre\Local Settings\Application Data\ecewypiza.vbs
2009-07-23 00:08 . 2009-07-23 00:08 14772 ----a-w- c:\program files\Fichiers communs\lateda.sys
2009-07-23 00:08 . 2009-07-23 00:08 12930 ----a-w- c:\windows\tefap.scr
2009-07-23 00:08 . 2009-07-23 00:08 11955 ----a-w- c:\documents and settings\Pierre\Local Settings\Application Data\oviqivu.com
2009-07-22 23:58 . 2009-07-23 10:55 -------- d-----w- c:\program files\HomeAntivirus2010
2009-07-22 23:31 . 2009-07-22 23:31 152 ------w- c:\documents and settings\Pierre\delself.bat
2009-07-22 17:16 . 2009-07-22 17:16 1914000 ------w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-07-11 20:18 . 2009-07-11 20:18 -------- d-sh--w- c:\documents and settings\Pierre\IECompatCache
2009-07-10 13:44 . 2009-07-10 13:44 -------- d-sh--w- c:\documents and settings\Pierre\PrivacIE
2009-07-10 12:36 . 2009-07-10 12:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-10 12:35 . 2009-07-10 12:35 -------- d-sh--w- c:\documents and settings\Pierre\IETldCache
2009-07-10 12:33 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-10 12:33 . 2009-07-10 12:33 -------- d-----w- c:\windows\ie8updates
2009-07-10 12:33 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-10 12:33 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-10 12:30 . 2009-07-10 12:33 -------- dc-h--w- c:\windows\ie8
2009-07-05 04:18 . 2009-07-26 07:23 -------- d-----w- c:\documents and settings\Pierre\Tracing
2009-07-05 04:16 . 2009-07-05 04:16 -------- d-----w- c:\program files\Microsoft
2009-07-04 02:27 . 2009-07-04 02:27 -------- d-----w- c:\program files\DivX
2009-07-04 02:27 . 2009-07-04 02:27 -------- d-----w- c:\program files\Fichiers communs\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 09:08 . 2008-08-27 00:08 -------- d-----w- c:\documents and settings\Pierre\Application Data\OpenOffice.org2
2009-07-26 09:06 . 2008-07-26 01:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-25 05:55 . 2009-02-20 21:00 -------- d-----w- c:\program files\Electronic Arts
2009-07-25 05:38 . 2008-07-22 17:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 10:54 . 2009-07-23 10:54 11805 ------w- c:\documents and settings\All Users\Application Data\fova.bin
2009-07-23 10:54 . 2009-07-23 10:54 16249 ------w- c:\documents and settings\All Users\Application Data\daxe.bin
2009-07-23 01:56 . 2009-07-23 01:56 15749 ------w- c:\documents and settings\Pierre\Application Data\udyjofagy.dat
2009-07-23 00:08 . 2009-07-23 00:08 14339 ------w- c:\documents and settings\All Users\Application Data\iwin.vbs
2009-07-23 00:08 . 2009-07-23 00:08 13557 ----a-w- c:\program files\Fichiers communs\licoxij._dl
2009-07-23 00:08 . 2009-07-23 00:08 10296 ----a-w- c:\program files\Fichiers communs\ypop.lib
2009-07-22 23:32 . 2008-09-08 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-22 22:03 . 2008-09-08 17:45 -------- d-----w- c:\program files\NOS
2009-07-20 17:10 . 2008-08-27 00:08 1 ------w- c:\documents and settings\Pierre\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-07 06:18 . 2009-02-20 22:15 -------- d-----w- c:\documents and settings\Pierre\Application Data\SPORE
2009-07-05 04:16 . 2008-07-23 01:27 -------- d-----w- c:\program files\Windows Live
2009-06-22 03:01 . 2008-09-27 22:01 -------- d-----w- c:\documents and settings\Pierre\Application Data\LimeWire
2009-06-19 21:42 . 2009-06-19 21:42 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-19 19:44 . 2009-06-19 19:44 -------- d-----w- c:\documents and settings\Pierre\Application Data\Media Player Classic
2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 20:01 . 2006-03-02 12:00 87910 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-11 20:01 . 2006-03-02 12:00 517154 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-11 12:37 . 2008-07-22 18:50 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-03 22:18 . 2008-07-23 14:38 -------- d-----w- c:\program files\Lx_cats
2009-06-03 19:10 . 2006-03-02 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 19:17 . 2009-06-01 19:07 -------- d-----w- c:\documents and settings\Pierre\Application Data\Autodesk
2009-06-01 19:15 . 2008-07-22 19:17 51456 ----a-w- c:\documents and settings\Pierre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 19:13 . 2009-06-01 19:07 -------- d-----w- c:\program files\Fichiers communs\Autodesk Shared
2009-06-01 19:13 . 2009-06-01 19:07 -------- d-----w- c:\program files\AutoCAD 2009
2009-06-01 19:07 . 2009-06-01 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-05-25 04:24 . 2008-05-27 02:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-13 05:04 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2006-03-02 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-07-15 22:31 . 2009-07-23 15:32 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-07-23 20480]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"IMC"="c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe" [2008-01-14 4053102]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-10-05 190024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-03-31 53248]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-03-31 114688]
"LXBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 69632]
"lxbxmon.exe"="c:\program files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 196608]
"FaxCenterServer4_in_1"="c:\program files\Lexmark 7100 Series\fm3032.exe" [2004-12-06 286720]
"EzPrint"="c:\program files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 61440]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-10-05 190024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Home Antivirus 2010"="c:\program files\HomeAntivirus2010\HomeAntivirus2010.exe" [2009-07-22 555027]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2004-06-08 29696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Pierre\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
rncsys32.exe [2008-4-13 22528]

c:\documents and settings\Pierre\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
rncsys32.exe [2008-4-13 22528]

c:\documents and settings\Pierre\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
rncsys32.exe [2008-4-13 22528]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-7-22 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2008-7-22 581632]

c:\documents and settings\Pierre\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
rncsys32.exe [2008-4-13 22528]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-06-23 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S3 s3chipid;s3chipid;\??\c:\docume~1\Pierre\LOCALS~1\Temp\s3chipid.sys --> c:\docume~1\Pierre\LOCALS~1\Temp\s3chipid.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-26 c:\windows\Tasks\User_Feed_Synchronization-{9F3DBDAE-0671-4F47-B63D-99D162E63AD6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
- - - - ORPHANS REMOVED - - - -

Notify-bcaf0ce9620 - c:\windows\System32\devenum32.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Pierre\Application Data\Mozilla\Firefox\Profiles\qy5c57l4.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 05:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-73586283-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,95,03,86,01,18,06,e5,52,55,a3,cd,a5,f4,d9,0c,83,fd,49,38,3c,
09,5b,df,9f,a1,7a,87,78,8d,80,d1,39,77,dc,a0,c4,13,dd,98,69,98,24,89,c9,3a,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3308)
c:\docume~1\Pierre\LOCALS~1\Temp\IadHide4.dll
c:\program files\MessengerPlus! 3\MsgPlusLoader.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msls31.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\searchindexer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\lxbxcoms.exe
c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-07-26 5:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-26 09:09

Pre-Run: 54 620 676 096 octets libres
Post-Run: 56 621 969 408 octets libres

386 --- E O F --- 2009-07-21 19:02
0
Réponse 27 / 35
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
re,
déso mais un de mes mess est tombé aux oubliettes

poste moi un rapport rsit stp
log.txt pas besoin de info.txt
0
Réponse 28 / 35
Spychiclo
 
Et voici le nouveau rapport rsit :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pierre at 2009-07-26 18:40:24
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 56 GB (70%) free of 80 GB
Total RAM: 2047 MB (73% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{9F3DBDAE-0671-4F47-B63D-99D162E63AD6}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-18 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-02-12 262401]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-06-08 29696]
"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2004-03-31 53248]
"MMTray"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2004-03-31 114688]
"LXBXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16 []
"lxbxmon.exe"=C:\Program Files\Lexmark 7100 Series\lxbxmon.exe [2005-01-18 196608]
"FaxCenterServer4_in_1"=C:\Program Files\Lexmark 7100 Series\fm3032.exe [2004-12-06 286720]
"EzPrint"=C:\Program Files\Lexmark 7100 Series\ezprint.exe [2004-09-17 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-23 2652056]
"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2008-10-05 190024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2008-07-22 20480]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"IMC"=C:\Program Files\FriendFinder\FriendFinder Messenger 4\imc.exe [2008-01-14 4053102]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-01 39408]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Pierre\Menu Démarrer\Programmes\Démarrage
rncsys32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-03 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d74d8893-57ed-11dd-9892-806d6172696f}]
shell\AutoRun\command - E:\Autorun.exe


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2009-07-26 18:32:41 ----D---- C:\Program Files\WinRAR
2009-07-26 06:07:45 ----SHD---- C:\RECYCLER
2009-07-26 05:21:37 ----D---- C:\Documents and Settings\Pierre\Application Data\PCToolsFirewallPlus
2009-07-26 05:16:39 ----D---- C:\Program Files\PC Tools Firewall Plus
2009-07-26 05:14:27 ----D---- C:\Program Files\Fichiers communs\PC Tools
2009-07-26 05:14:22 ----D---- C:\Program Files\Spyware Doctor
2009-07-26 05:09:51 ----A---- C:\ComboFix.txt
2009-07-26 04:54:51 ----A---- C:\WINDOWS\zip.exe
2009-07-26 04:54:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-26 04:54:51 ----A---- C:\WINDOWS\SWSC.exe
2009-07-26 04:54:51 ----A---- C:\WINDOWS\SWREG.exe
2009-07-26 04:54:51 ----A---- C:\WINDOWS\sed.exe_RenameGenProc
2009-07-26 04:54:51 ----A---- C:\WINDOWS\PEV.exe
2009-07-26 04:54:51 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-26 04:54:51 ----A---- C:\WINDOWS\grep.exe_RenameGenProc
2009-07-26 04:54:48 ----D---- C:\WINDOWS\ERDNT
2009-07-26 04:54:45 ----D---- C:\Qoobox
2009-07-26 04:07:25 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-26 02:44:28 ----A---- C:\WINDOWS\system32\tmp.txt
2009-07-26 02:44:26 ----N---- C:\rapport.txt
2009-07-26 02:18:32 ----D---- C:\rsit
2009-07-26 02:18:32 ----D---- C:\Program Files\trend micro
2009-07-25 01:57:02 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-07-25 01:54:41 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-07-25 01:54:39 ----D---- C:\Program Files\Microsoft WSE
2009-07-25 01:53:40 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-07-25 01:53:37 ----D---- C:\WINDOWS\Logs
2009-07-24 22:18:45 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-23 11:36:38 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-23 11:36:09 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-23 11:36:09 ----D---- C:\Documents and Settings\Pierre\Application Data\SUPERAntiSpyware.com
2009-07-23 06:54:26 ----N---- C:\Documents and Settings\Pierre\Application Data\ibesuq.bat
2009-07-23 06:54:25 ----N---- C:\Documents and Settings\Pierre\Application Data\jodet.exe
2009-07-23 06:54:25 ----N---- C:\Documents and Settings\Pierre\Application Data\aribikaz.exe
2009-07-23 06:54:25 ----A---- C:\Program Files\Fichiers communs\ojam.com
2009-07-22 22:54:07 ----D---- C:\Documents and Settings\Pierre\Application Data\Malwarebytes
2009-07-22 22:53:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-22 22:53:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-22 21:56:20 ----N---- C:\Documents and Settings\Pierre\Application Data\qewucejoge.bat
2009-07-22 21:56:20 ----A---- C:\WINDOWS\system32\gedyqena.exe
2009-07-22 21:56:20 ----A---- C:\Program Files\Fichiers communs\ocevaq.com
2009-07-22 20:08:05 ----N---- C:\Documents and Settings\Pierre\Application Data\piryza.exe
2009-07-22 20:08:05 ----N---- C:\Documents and Settings\Pierre\Application Data\awomuje.com
2009-07-22 20:08:05 ----N---- C:\Documents and Settings\All Users\Application Data\iwin.vbs
2009-07-22 20:08:05 ----A---- C:\WINDOWS\system32\welulyga.vbs
2009-07-22 20:08:05 ----A---- C:\WINDOWS\system32\ekysu.dll
2009-07-22 19:58:18 ----D---- C:\Program Files\HomeAntivirus2010
2009-07-21 15:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-21 15:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-21 15:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-10 08:33:29 ----D---- C:\WINDOWS\ie8updates
2009-07-10 08:30:13 ----HDC---- C:\WINDOWS\ie8
2009-07-07 15:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-05 00:16:43 ----D---- C:\Program Files\Microsoft
2009-07-03 22:27:26 ----D---- C:\Program Files\Fichiers communs\DivX Shared
2009-07-03 22:27:26 ----D---- C:\Program Files\DivX
2009-06-19 17:42:30 ----D---- C:\Program Files\Combined Community Codec Pack
2009-06-19 15:52:15 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-19 15:44:13 ----D---- C:\Documents and Settings\Pierre\Application Data\Media Player Classic
2009-06-11 08:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 08:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 08:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-06-11 08:35:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 08:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-01 15:07:40 ----D---- C:\Program Files\Fichiers communs\Autodesk Shared
2009-06-01 15:07:40 ----D---- C:\Program Files\AutoCAD 2009
2009-06-01 15:07:40 ----D---- C:\Documents and Settings\Pierre\Application Data\Autodesk
2009-06-01 15:07:40 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2009-06-01 15:07:01 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-06-01 15:06:47 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-06-01 15:06:14 ----D---- C:\Program Files\Fichiers communs\Designer
2009-06-01 15:06:06 ----D---- C:\Program Files\Microsoft Office
2009-06-01 15:05:22 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$

======List of files/folders modified in the last 2 months======

2009-07-26 18:39:55 ----D---- C:\WINDOWS\Prefetch
2009-07-26 18:39:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-26 18:34:00 ----D---- C:\WINDOWS
2009-07-26 18:32:41 ----RD---- C:\Program Files
2009-07-26 18:23:27 ----D---- C:\Program Files\Mozilla Firefox
2009-07-26 17:58:37 ----D---- C:\WINDOWS\Temp
2009-07-26 08:44:05 ----D---- C:\Documents and Settings\Pierre\Application Data\OpenOffice.org2
2009-07-26 06:04:28 ----D---- C:\WINDOWS\system32\drivers
2009-07-26 06:02:32 ----A---- C:\WINDOWS\win.ini
2009-07-26 06:02:32 ----A---- C:\WINDOWS\system.ini
2009-07-26 06:02:30 ----D---- C:\WINDOWS\pss
2009-07-26 06:02:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-26 06:01:09 ----SHD---- C:\Config.Msi
2009-07-26 05:18:52 ----SHD---- C:\WINDOWS\Installer
2009-07-26 05:18:52 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-26 05:18:52 ----D---- C:\Program Files\Fichiers communs
2009-07-26 05:16:52 ----HD---- C:\WINDOWS\inf
2009-07-26 05:09:53 ----D---- C:\WINDOWS\system32
2009-07-26 05:09:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-26 05:03:22 ----D---- C:\WINDOWS\system32\config
2009-07-26 05:00:51 ----D---- C:\WINDOWS\AppPatch
2009-07-26 04:57:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-26 04:20:17 ----D---- C:\WINDOWS\repair
2009-07-26 04:20:15 ----D---- C:\WINDOWS\Registration
2009-07-26 04:07:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-25 01:55:40 ----D---- C:\Program Files\Electronic Arts
2009-07-25 01:54:39 ----RSD---- C:\WINDOWS\assembly
2009-07-25 01:53:47 ----D---- C:\WINDOWS\system32\DirectX
2009-07-25 01:38:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-24 22:19:26 ----D---- C:\Documents and Settings
2009-07-22 19:32:44 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-22 18:03:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-22 18:03:00 ----D---- C:\Program Files\NOS
2009-07-21 15:02:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-21 15:02:02 ----A---- C:\WINDOWS\imsins.BAK
2009-07-11 16:18:46 ----SD---- C:\WINDOWS\Tasks
2009-07-10 08:35:01 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-10 08:35:00 ----D---- C:\WINDOWS\Media
2009-07-10 08:35:00 ----D---- C:\Program Files\Internet Explorer
2009-07-10 08:34:59 ----D---- C:\WINDOWS\Help
2009-07-07 11:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-07 02:18:39 ----D---- C:\Documents and Settings\Pierre\Application Data\SPORE
2009-07-05 00:17:57 ----D---- C:\WINDOWS\WinSxS
2009-07-05 00:16:01 ----D---- C:\Program Files\Windows Live
2009-06-28 16:41:32 ----SD---- C:\Documents and Settings\Pierre\Application Data\Microsoft
2009-06-21 23:01:26 ----D---- C:\Documents and Settings\Pierre\Application Data\LimeWire
2009-06-19 15:53:11 ----D---- C:\Program Files\Windows Media Player
2009-06-16 10:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 10:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-11 16:49:14 ----D---- C:\WINDOWS\network diagnostic
2009-06-11 16:01:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-11 08:37:11 ----D---- C:\Program Files\Windows Desktop Search
2009-06-11 08:35:05 ----D---- C:\WINDOWS\ie7updates
2009-06-03 18:18:29 ----D---- C:\Program Files\Lx_cats
2009-06-03 15:10:33 ----A---- C:\WINDOWS\system32\quartz.dll
2009-06-01 15:23:09 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-01 15:13:09 ----RSD---- C:\WINDOWS\Fonts
2009-06-01 15:06:09 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-06-01 15:05:12 ----D---- C:\WINDOWS\system32\mui
2009-06-01 15:05:07 ----D---- C:\WINDOWS\system32\XPSViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Pilote de processeur AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-03-04 79424]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-06-08 24637]
R3 LHidUsbK;Logitech SetPoint USB Receiver Device Driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-06-08 38081]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-06-08 71533]
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter; C:\WINDOWS\System32\Drivers\LUsbKbd.Sys [2004-06-08 14975]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2008-12-17 28256]
R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Pierre\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-16 42496]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 mbr;mbr; \??\C:\DOCUME~1\Pierre\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-07-26 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
S3 s3chipid;s3chipid; \??\C:\DOCUME~1\Pierre\LOCALS~1\Temp\s3chipid.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-03-07 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-03-26 147201]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-03 561152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 lxbx_device;lxbx_device; C:\WINDOWS\system32\lxbxcoms.exe [2005-01-06 462848]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-03 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2009-06-01 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------
0
Réponse 29 / 35
darkpoet Messages postés 1696 Statut Contributeur sécurité 62
 
Télécharge Lop S&D :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton bureau

Séléctionne la langue souhaitée

Puis choisis l'Option 1 ( Recherche )

Patiente jusqu'à la fin du scan

Poste le rapport généré ( C:lopR.txt )
0
Réponse 30 / 35
Spychiclo
 
voila le rapport comme demander :


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : BIOS Date: 08/10/07 10:04:22 Ver: 08.00.12
USER : Pierre ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)
Firewall : PC Tools Firewall Plus 4.0.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:54 Go)
D:\ (Local Disk) - NTFS - Total:74 Go (Free:74 Go)
E:\ (CD or DVD) - UDF - Total:5 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 2009-07-27|16:16 )

--------------------\\ Listing des dossiers dans APPLIC~1

[2009-07-24|22:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[2009-07-24|22:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[2009-07-24|22:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com

[2008-07-23|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\7100Series
[2009-04-02|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-07-22|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[2009-06-01|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[2008-07-22|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-09-08|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[2009-02-16|20:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DassaultSystemes
[2009-07-25|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts
[2009-01-01|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-12-04|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[2008-12-04|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[2008-12-15|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2008-07-23|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2009-07-22|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-10-11|00:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2009-07-26|04:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2009-07-22|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[2009-07-23|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[2009-07-27|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-07-22|14:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-10-05|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-07-22|13:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2009-06-22|08:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[2008-09-21|22:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[2009-06-22|09:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-07-22|13:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-08-03|17:01] C:\DOCUME~1\Pierre\APPLIC~1\7100Series
[2008-12-20|17:24] C:\DOCUME~1\Pierre\APPLIC~1\Adobe
[2008-07-22|15:17] C:\DOCUME~1\Pierre\APPLIC~1\ATI
[2009-06-01|15:17] C:\DOCUME~1\Pierre\APPLIC~1\Autodesk
[2009-01-21|12:35] C:\DOCUME~1\Pierre\APPLIC~1\CyberLink
[2009-02-16|21:00] C:\DOCUME~1\Pierre\APPLIC~1\DassaultSystemes
[2008-08-29|14:15] C:\DOCUME~1\Pierre\APPLIC~1\Google
[2008-07-22|13:29] C:\DOCUME~1\Pierre\APPLIC~1\Identities
[2008-08-25|08:29] C:\DOCUME~1\Pierre\APPLIC~1\Leadertech
[2009-06-21|23:01] C:\DOCUME~1\Pierre\APPLIC~1\LimeWire
[2009-01-21|12:35] C:\DOCUME~1\Pierre\APPLIC~1\Logitech
[2008-12-20|17:24] C:\DOCUME~1\Pierre\APPLIC~1\Macromedia
[2009-07-22|22:54] C:\DOCUME~1\Pierre\APPLIC~1\Malwarebytes
[2009-06-19|15:44] C:\DOCUME~1\Pierre\APPLIC~1\Media Player Classic
[2009-06-28|16:41] C:\DOCUME~1\Pierre\APPLIC~1\Microsoft
[2008-12-23|23:07] C:\DOCUME~1\Pierre\APPLIC~1\Move Networks
[2008-09-01|07:50] C:\DOCUME~1\Pierre\APPLIC~1\Mozilla
[2008-10-14|22:37] C:\DOCUME~1\Pierre\APPLIC~1\MSNInstaller
[2009-07-26|20:27] C:\DOCUME~1\Pierre\APPLIC~1\OpenOffice.org2
[2009-07-26|05:21] C:\DOCUME~1\Pierre\APPLIC~1\PCToolsFirewallPlus
[2009-02-18|19:30] C:\DOCUME~1\Pierre\APPLIC~1\SecuROM
[2009-07-07|02:18] C:\DOCUME~1\Pierre\APPLIC~1\SPORE
[2008-12-09|21:59] C:\DOCUME~1\Pierre\APPLIC~1\Sun
[2009-07-26|05:18] C:\DOCUME~1\Pierre\APPLIC~1\SUPERAntiSpyware.com
[2008-07-22|14:51] C:\DOCUME~1\Pierre\APPLIC~1\Windows Desktop Search
[2009-03-12|21:09] C:\DOCUME~1\Pierre\APPLIC~1\Windows Search
[2009-04-13|13:25] C:\DOCUME~1\Pierre\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2009-07-27 16:13][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{9F3DBDAE-0671-4F47-B63D-99D162E63AD6}.job
[2009-07-26 06:01][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2006-03-02 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-07-23|11:22] C:\Program Files\Abbyy FineReader 6.0 Sprint
[2009-04-02|08:17] C:\Program Files\Adobe
[2008-07-22|15:02] C:\Program Files\ATI Technologies
[2009-06-01|15:13] C:\Program Files\AutoCAD 2009
[2008-07-22|15:23] C:\Program Files\Avira
[2008-09-08|15:32] C:\Program Files\Boonty
[2008-12-17|00:14] C:\Program Files\BoontyGames
[2009-06-19|17:42] C:\Program Files\Combined Community Codec Pack
[2008-07-22|13:22] C:\Program Files\ComPlus Applications
[2008-07-22|21:04] C:\Program Files\CyberLink
[2009-07-03|22:27] C:\Program Files\DivX
[2009-07-25|01:55] C:\Program Files\Electronic Arts
[2009-07-26|05:18] C:\Program Files\Fichiers communs
[2008-08-28|09:47] C:\Program Files\FriendFinder
[2009-01-01|14:49] C:\Program Files\Google
[2009-07-26|05:16] C:\Program Files\HomeAntivirus2010
[2009-07-25|01:38] C:\Program Files\InstallShield Installation Information
[2009-07-10|08:35] C:\Program Files\Internet Explorer
[2009-02-14|09:11] C:\Program Files\Java
[2008-07-23|11:24] C:\Program Files\Lexmark 7100 Series
[2008-07-23|11:17] C:\Program Files\Lexmark_7100 Series
[2009-03-12|22:01] C:\Program Files\LimeWire
[2008-12-15|22:40] C:\Program Files\Logitech
[2009-07-26|20:27] C:\Program Files\Lx_cats
[2009-07-22|22:54] C:\Program Files\Malwarebytes' Anti-Malware
[2008-08-16|12:17] C:\Program Files\Messenger
[2008-10-05|11:05] C:\Program Files\MessengerPlus! 3
[2009-07-05|00:16] C:\Program Files\Microsoft
[2008-07-25|14:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008-07-22|13:26] C:\Program Files\microsoft frontpage
[2009-06-01|15:06] C:\Program Files\Microsoft Office
[2009-07-25|01:54] C:\Program Files\Microsoft WSE
[2008-07-22|14:15] C:\Program Files\Movie Maker
[2009-07-27|13:42] C:\Program Files\Mozilla Firefox
[2008-07-22|15:12] C:\Program Files\MSBuild
[2008-10-14|22:37] C:\Program Files\MSN
[2008-07-22|13:21] C:\Program Files\MSN Gaming Zone
[2009-01-12|21:57] C:\Program Files\MumboJumbo
[2008-07-22|21:06] C:\Program Files\MUSICMATCH
[2008-07-22|14:14] C:\Program Files\NetMeeting
[2009-07-22|18:03] C:\Program Files\NOS
[2008-07-22|13:22] C:\Program Files\Online Services
[2008-08-26|20:07] C:\Program Files\OpenOffice.org 2.4
[2008-07-22|14:14] C:\Program Files\Outlook Express
[2009-07-26|06:02] C:\Program Files\PC Tools Firewall Plus
[2008-07-22|14:54] C:\Program Files\Realtek
[2008-07-22|15:09] C:\Program Files\Reference Assemblies
[2008-07-25|21:38] C:\Program Files\Registry Mechanic
[2008-07-22|13:57] C:\Program Files\S3
[2008-07-22|13:24] C:\Program Files\Services en ligne
[2009-07-26|06:04] C:\Program Files\Spyware Doctor
[2009-07-26|05:18] C:\Program Files\SUPERAntiSpyware
[2009-07-26|04:30] C:\Program Files\trend micro
[2008-07-22|13:29] C:\Program Files\Uninstall Information
[2008-07-22|13:55] C:\Program Files\VIA
[2009-06-11|08:37] C:\Program Files\Windows Desktop Search
[2009-07-05|00:16] C:\Program Files\Windows Live
[2009-04-13|16:33] C:\Program Files\Windows Live SkyDrive
[2009-04-13|14:32] C:\Program Files\Windows Media Connect 2
[2009-06-19|15:53] C:\Program Files\Windows Media Player
[2008-07-22|14:14] C:\Program Files\Windows NT
[2008-07-22|13:24] C:\Program Files\WindowsUpdate
[2009-07-26|18:32] C:\Program Files\WinRAR
[2008-07-22|13:26] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2009-04-02|08:17] C:\Program Files\Fichiers communs\Adobe
[2009-06-01|15:13] C:\Program Files\Fichiers communs\Autodesk Shared
[2008-09-08|15:36] C:\Program Files\Fichiers communs\BOONTY Shared
[2009-06-01|15:06] C:\Program Files\Fichiers communs\Designer
[2009-07-03|22:27] C:\Program Files\Fichiers communs\DivX Shared
[2008-07-22|15:01] C:\Program Files\Fichiers communs\InstallShield
[2008-08-26|20:06] C:\Program Files\Fichiers communs\Java
[2008-12-15|22:40] C:\Program Files\Fichiers communs\logishrd
[2008-07-22|21:03] C:\Program Files\Fichiers communs\Logitech
[2009-06-01|15:06] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-07-22|13:23] C:\Program Files\Fichiers communs\MSSoap
[2008-07-22|09:06] C:\Program Files\Fichiers communs\ODBC
[2009-07-26|06:04] C:\Program Files\Fichiers communs\PC Tools
[2008-07-22|13:23] C:\Program Files\Fichiers communs\Services
[2008-07-22|09:06] C:\Program Files\Fichiers communs\SpeechEngines
[2008-07-22|14:14] C:\Program Files\Fichiers communs\System
[2009-05-13|19:31] C:\Program Files\Fichiers communs\Windows Live
[2008-07-22|21:29] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 49 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Pierre\Cookies\pierre@advertstream[1].txt
C:\DOCUME~1\Pierre\Cookies\pierre@advertising[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 16:18:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Pierre\Recent\Keygens.lnk


[F:1517][D:20]-> C:\DOCUME~1\Pierre\LOCALS~1\Temp
[F:238][D:0]-> C:\DOCUME~1\Pierre\Cookies
[F:5050][D:8]-> C:\DOCUME~1\Pierre\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2009-07-27|16:21 - Option : [1]

--------------------\\ Fin du rapport a 16:21:14
0
Réponse 31 / 35
darkpoet Messages postés 1696 Statut Contributeur sécurité 62
 
Relance Lop S&D

Choisis cette fois ci l'Option 2 ( Suppression )

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

Nouvelle tâche, tape explorer.exe et valide )


ensuite

passes sdfix absolument à faire en mode sans echec

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------

= Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
= Appuie sur Y pour commencer le processus de nettoyage.
= Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
= Appuie sur une touche pour redémarrer le PC.
= Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
= Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
= Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
= Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
= Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

TUTO: https://www.malekal.com/slenfbot-still-an-other-irc-bot/


0
Réponse 32 / 35
theshadoo
 
je peux me permettre ? :)

Va ici : http://pack.google.com/intl/fr/pack_installer.html

décoche toutes les cases et coche seulement spywaredoctor ensuite après l'installe du packupdate télécharge spywaredoctor et installe le puis redemarre ta machine fait une mise a jour des signatures et fait un scan et puis tout sera finit ;)

t'ennuis pas à faire des rapports hijackthis etc... ca c'est pratique pour vraiment identifier des virus ou spyware corrosifs et tout nouveau.

on ne sait pas trop ce que fait ton spyware par contre, possession de page ? blocage de logiciel ? etc...

enfin fait ce que je te dis et reviens en dire des nouvelles ;)
0
Réponse 33 / 35
Spychiclo
 
je passe a SDfix mais avant voici le nouveau rapport pour LopSD :



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : BIOS Date: 08/10/07 10:04:22 Ver: 08.00.12
USER : Pierre ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)
Firewall : PC Tools Firewall Plus 4.0.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:78 Go (Free:54 Go)
D:\ (Local Disk) - NTFS - Total:74 Go (Free:74 Go)
E:\ (CD or DVD) - UDF - Total:5 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 2009-07-27|18:18 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Pierre\Cookies\pierre@advertstream[1].txt
Supprime! - C:\DOCUME~1\Pierre\Cookies\pierre@advertising[2].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[2009-07-24|22:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[2009-07-24|22:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[2009-07-24|22:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com

[2008-07-23|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\7100Series
[2009-04-02|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-07-22|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[2009-06-01|15:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
[2008-07-22|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-09-08|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[2009-02-16|20:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DassaultSystemes
[2009-07-25|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts
[2009-01-01|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2009-07-27|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[2008-12-04|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[2008-12-04|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[2008-12-15|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2008-07-23|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2009-07-22|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2008-10-11|00:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2009-07-26|04:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2009-07-22|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[2009-07-27|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
[2009-07-23|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[2009-07-27|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-07-22|14:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-10-05|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-07-22|13:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2009-06-22|08:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[2008-09-21|22:24] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[2009-06-22|09:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-07-22|13:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-08-03|17:01] C:\DOCUME~1\Pierre\APPLIC~1\7100Series
[2008-12-20|17:24] C:\DOCUME~1\Pierre\APPLIC~1\Adobe
[2008-07-22|15:17] C:\DOCUME~1\Pierre\APPLIC~1\ATI
[2009-06-01|15:17] C:\DOCUME~1\Pierre\APPLIC~1\Autodesk
[2009-01-21|12:35] C:\DOCUME~1\Pierre\APPLIC~1\CyberLink
[2009-02-16|21:00] C:\DOCUME~1\Pierre\APPLIC~1\DassaultSystemes
[2008-08-29|14:15] C:\DOCUME~1\Pierre\APPLIC~1\Google
[2008-07-22|13:29] C:\DOCUME~1\Pierre\APPLIC~1\Identities
[2008-08-25|08:29] C:\DOCUME~1\Pierre\APPLIC~1\Leadertech
[2009-06-21|23:01] C:\DOCUME~1\Pierre\APPLIC~1\LimeWire
[2009-01-21|12:35] C:\DOCUME~1\Pierre\APPLIC~1\Logitech
[2008-12-20|17:24] C:\DOCUME~1\Pierre\APPLIC~1\Macromedia
[2009-07-22|22:54] C:\DOCUME~1\Pierre\APPLIC~1\Malwarebytes
[2009-06-19|15:44] C:\DOCUME~1\Pierre\APPLIC~1\Media Player Classic
[2009-06-28|16:41] C:\DOCUME~1\Pierre\APPLIC~1\Microsoft
[2008-12-23|23:07] C:\DOCUME~1\Pierre\APPLIC~1\Move Networks
[2008-09-01|07:50] C:\DOCUME~1\Pierre\APPLIC~1\Mozilla
[2008-10-14|22:37] C:\DOCUME~1\Pierre\APPLIC~1\MSNInstaller
[2009-07-26|20:27] C:\DOCUME~1\Pierre\APPLIC~1\OpenOffice.org2
[2009-07-27|17:53] C:\DOCUME~1\Pierre\APPLIC~1\PC Tools
[2009-07-26|05:21] C:\DOCUME~1\Pierre\APPLIC~1\PCToolsFirewallPlus
[2009-02-18|19:30] C:\DOCUME~1\Pierre\APPLIC~1\SecuROM
[2009-07-07|02:18] C:\DOCUME~1\Pierre\APPLIC~1\SPORE
[2008-12-09|21:59] C:\DOCUME~1\Pierre\APPLIC~1\Sun
[2009-07-26|05:18] C:\DOCUME~1\Pierre\APPLIC~1\SUPERAntiSpyware.com
[2008-07-22|14:51] C:\DOCUME~1\Pierre\APPLIC~1\Windows Desktop Search
[2009-03-12|21:09] C:\DOCUME~1\Pierre\APPLIC~1\Windows Search
[2009-04-13|13:25] C:\DOCUME~1\Pierre\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2009-07-27 17:57][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[2009-07-27 18:13][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{9F3DBDAE-0671-4F47-B63D-99D162E63AD6}.job
[2009-07-27 17:57][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2006-03-02 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-07-23|11:22] C:\Program Files\Abbyy FineReader 6.0 Sprint
[2009-04-02|08:17] C:\Program Files\Adobe
[2008-07-22|15:02] C:\Program Files\ATI Technologies
[2009-06-01|15:13] C:\Program Files\AutoCAD 2009
[2008-07-22|15:23] C:\Program Files\Avira
[2008-09-08|15:32] C:\Program Files\Boonty
[2008-12-17|00:14] C:\Program Files\BoontyGames
[2009-06-19|17:42] C:\Program Files\Combined Community Codec Pack
[2008-07-22|13:22] C:\Program Files\ComPlus Applications
[2008-07-22|21:04] C:\Program Files\CyberLink
[2009-07-03|22:27] C:\Program Files\DivX
[2009-07-25|01:55] C:\Program Files\Electronic Arts
[2009-07-26|05:18] C:\Program Files\Fichiers communs
[2008-08-28|09:47] C:\Program Files\FriendFinder
[2009-07-27|17:52] C:\Program Files\Google
[2009-07-26|05:16] C:\Program Files\HomeAntivirus2010
[2009-07-25|01:38] C:\Program Files\InstallShield Installation Information
[2009-07-10|08:35] C:\Program Files\Internet Explorer
[2009-02-14|09:11] C:\Program Files\Java
[2008-07-23|11:24] C:\Program Files\Lexmark 7100 Series
[2008-07-23|11:17] C:\Program Files\Lexmark_7100 Series
[2009-03-12|22:01] C:\Program Files\LimeWire
[2008-12-15|22:40] C:\Program Files\Logitech
[2009-07-27|17:50] C:\Program Files\Lx_cats
[2009-07-22|22:54] C:\Program Files\Malwarebytes' Anti-Malware
[2008-08-16|12:17] C:\Program Files\Messenger
[2008-10-05|11:05] C:\Program Files\MessengerPlus! 3
[2009-07-05|00:16] C:\Program Files\Microsoft
[2008-07-25|14:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008-07-22|13:26] C:\Program Files\microsoft frontpage
[2009-06-01|15:06] C:\Program Files\Microsoft Office
[2009-07-25|01:54] C:\Program Files\Microsoft WSE
[2008-07-22|14:15] C:\Program Files\Movie Maker
[2009-07-27|18:14] C:\Program Files\Mozilla Firefox
[2008-07-22|15:12] C:\Program Files\MSBuild
[2008-10-14|22:37] C:\Program Files\MSN
[2008-07-22|13:21] C:\Program Files\MSN Gaming Zone
[2009-01-12|21:57] C:\Program Files\MumboJumbo
[2008-07-22|21:06] C:\Program Files\MUSICMATCH
[2008-07-22|14:14] C:\Program Files\NetMeeting
[2009-07-22|18:03] C:\Program Files\NOS
[2008-07-22|13:22] C:\Program Files\Online Services
[2008-08-26|20:07] C:\Program Files\OpenOffice.org 2.4
[2008-07-22|14:14] C:\Program Files\Outlook Express
[2009-07-26|06:02] C:\Program Files\PC Tools Firewall Plus
[2008-07-22|14:54] C:\Program Files\Realtek
[2008-07-22|15:09] C:\Program Files\Reference Assemblies
[2008-07-25|21:38] C:\Program Files\Registry Mechanic
[2008-07-22|13:57] C:\Program Files\S3
[2008-07-22|13:24] C:\Program Files\Services en ligne
[2009-07-27|18:17] C:\Program Files\Spyware Doctor
[2009-07-26|05:18] C:\Program Files\SUPERAntiSpyware
[2009-07-26|04:30] C:\Program Files\trend micro
[2008-07-22|13:29] C:\Program Files\Uninstall Information
[2008-07-22|13:55] C:\Program Files\VIA
[2009-06-11|08:37] C:\Program Files\Windows Desktop Search
[2009-07-05|00:16] C:\Program Files\Windows Live
[2009-04-13|16:33] C:\Program Files\Windows Live SkyDrive
[2009-04-13|14:32] C:\Program Files\Windows Media Connect 2
[2009-06-19|15:53] C:\Program Files\Windows Media Player
[2008-07-22|14:14] C:\Program Files\Windows NT
[2008-07-22|13:24] C:\Program Files\WindowsUpdate
[2009-07-26|18:32] C:\Program Files\WinRAR
[2008-07-22|13:26] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[2009-04-02|08:17] C:\Program Files\Fichiers communs\Adobe
[2009-06-01|15:13] C:\Program Files\Fichiers communs\Autodesk Shared
[2008-09-08|15:36] C:\Program Files\Fichiers communs\BOONTY Shared
[2009-06-01|15:06] C:\Program Files\Fichiers communs\Designer
[2009-07-03|22:27] C:\Program Files\Fichiers communs\DivX Shared
[2008-07-22|15:01] C:\Program Files\Fichiers communs\InstallShield
[2008-08-26|20:06] C:\Program Files\Fichiers communs\Java
[2008-12-15|22:40] C:\Program Files\Fichiers communs\logishrd
[2008-07-22|21:03] C:\Program Files\Fichiers communs\Logitech
[2009-06-01|15:06] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-07-22|13:23] C:\Program Files\Fichiers communs\MSSoap
[2008-07-22|09:06] C:\Program Files\Fichiers communs\ODBC
[2009-07-26|06:04] C:\Program Files\Fichiers communs\PC Tools
[2008-07-22|13:23] C:\Program Files\Fichiers communs\Services
[2008-07-22|09:06] C:\Program Files\Fichiers communs\SpeechEngines
[2008-07-22|14:14] C:\Program Files\Fichiers communs\System
[2009-05-13|19:31] C:\Program Files\Fichiers communs\Windows Live
[2008-07-22|21:29] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 54 Processes )

MsgPlus.exe ~ [PID:1624]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 18:21:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Pierre\Recent\Keygens.lnk


[F:1520][D:24]-> C:\DOCUME~1\Pierre\LOCALS~1\Temp
[F:236][D:0]-> C:\DOCUME~1\Pierre\Cookies
[F:5055][D:8]-> C:\DOCUME~1\Pierre\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2009-07-27|16:21 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 2009-07-27|18:22 - Option : [2]

--------------------\\ Fin du rapport a 18:22:34
0
Réponse 34 / 35
Spychiclo
 
et maintenant voici celui de SDFix :


[b]SDFix: Version 1.240 [/b]
Run by Pierre on 2009-07-27 at 18:52

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Pierre\Bureau\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Infected beep.sys Found![/b]

beep.sys File Locations:

"C:\WINDOWS\system32\dllcache\beep.sys" 32768 2009-07-22 19:31
"C:\WINDOWS\system32\dllcache\cache\beep.sys" 4224 2001-08-28 14:00
"C:\WINDOWS\system32\drivers\beep.sys" 4224 2001-08-28 14:00

Infected File Listed Below:

C:\WINDOWS\system32\dllcache\beep.sys

File copied to Backups Folder
Attempting to replace beep.sys with original version


Original beep.sys Restored

"C:\WINDOWS\system32\dllcache\beep.sys" 4224 2008-08-07 15:27
"C:\WINDOWS\system32\dllcache\cache\beep.sys" 4224 2001-08-28 14:00
"C:\WINDOWS\system32\drivers\beep.sys" 4224 2008-08-07 15:27



[b]Checking Files [/b]:

Trojan Files Found:

C:\DOCUME~1\PIERRE\COOKIES\ACASAVIB.DB - Deleted
C:\DOCUME~1\PIERRE\COOKIES\SOXYN.LIB - Deleted
C:\DOCUME~1\PIERRE\COOKIES\FIMILY~1.PIF - Deleted
C:\DOCUME~1\PIERRE\COOKIES\PYJY.PIF - Deleted
C:\DOCUME~1\PIERRE\COOKIES\ORIXO.REG - Deleted
C:\DOCUME~1\PIERRE\COOKIES\FAWIPE~1.SCR - Deleted
C:\DOCUME~1\PIERRE\COOKIES\YVYLUM.VBS - Deleted
C:\WINDOWS\ujaba._sy - Deleted
C:\WINDOWS\system32\ahikyzuhys._sy - Deleted
C:\WINDOWS\system32\kazuq._sy - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 19:22:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\Pierre\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 28 Apr 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 22 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 7 Jul 2009 1,977 ...HR --- "C:\Documents and Settings\Pierre\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]
0
Réponse 35 / 35
darkpoet Messages postés 1696 Statut Contributeur sécurité 62
 
salut spychiclo


• Télécharge et install UsbFix par Chiquitine29

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html



ensuite refait un RSIT pour voir ou on en est svp
0