Aller au contenu

sharris

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    7

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par sharris

  1. sharris
    Je me suis peut-être mal exprimé! J'utilise ZA depuis 2 ans chez moi, apparemment sans soucis (quoique, je suis loin d'être aussi pro que vous, hein!!!). Par contre le menu vide de ZA date de ce matin, depuis que j'ai chopé cet antivirus XP 2008 machin bidule!!! Bon, je cours installer autre chose! Que me conseilles tu de pas trop gourmand et bien? Le PC est donc maintenant clean? Danke!
  2. sharris
    Je ne sais pas si l'infection est liée à ceci mais le menu ZA m'apparait totalement vide! Impossible de configurer quoique ce! Le logiciel fonctionne mais l'interface vide! Peut-être les deux soucis sont liées car ils sont apparus en même temps! Sinon, que conclus tu du dernier rapport? Merci cher Falkra!
  3. sharris
    Voici le rapport! Chose étonnante, je viens d'avoir une tentative d'accès à mon PC, la première depuis des lustres si j'en crois mon parefeu dont voici l'IP 218.9.148.118!!! Un Whois me situe ça en Chine!!!??? ComboFix 08-08-07.05 - Camran 2008-08-08 17:22:04.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1616 [GMT 2:00] Endroit: C:\Documents and Settings\Camran\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Camran\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Program Files\DAP\DAPBHO.dll C:\Program Files\DAP\DAPIEBar.dll C:\WINDOWS\iun6002.exe C:\WINDOWS\system32\blphca9tj0e71a.scr_old . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\DAP\DAPBHO.dll C:\Program Files\DAP\DAPIEBar.dll C:\WINDOWS\iun6002.exe C:\WINDOWS\system32\Drivers\HNPsSdk.drv F:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))))))) . 2008-08-08 17:06 . 2008-08-08 17:09 <REP> d-------- C:\Toolbar SD 2008-08-08 16:53 . 2008-08-08 17:30 355,205 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-08-08 15:16 . 2008-08-08 15:16 <REP> d-------- C:\WINDOWS\ERUNT 2008-08-08 14:29 . 2008-08-08 14:29 <REP> d-------- C:\Program Files\Trend Micro 2008-08-08 13:46 . 2008-08-08 15:54 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-08-05 10:40 . 2008-08-05 10:59 <REP> d--hs---- C:\Documents and Settings\All Users\DRM 2008-08-04 22:24 . 2008-08-04 22:24 <REP> d-------- C:\Program Files\Windows Resource Kits 2008-08-04 21:21 . 2008-08-04 21:21 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-08-02 19:02 . 2008-08-02 19:02 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2008-08-02 19:02 . 2008-08-02 19:02 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2008-08-02 18:52 . 2008-08-02 18:52 <REP> d-------- C:\Program Files\Perry Rhodan 2008-07-29 01:05 . 2008-08-02 19:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-29 01:05 . 2008-07-29 01:05 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-27 20:03 . 2008-07-27 20:03 <REP> d-------- C:\Documents and Settings\Camran\Application Data\MailFrontier 2008-07-27 20:00 . 2008-08-08 17:30 14,379,040 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-27 20:00 . 2008-08-08 17:26 200,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-27 19:54 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-07-27 19:53 . 2008-07-27 19:53 <REP> d-------- C:\Program Files\Zone Labs 2008-07-27 19:53 . 2008-07-09 09:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-07-19 17:30 . 2008-07-19 19:18 <REP> d-------- C:\Program Files\MPCHC 2008-07-19 17:27 . 2008-06-22 20:33 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2008-07-19 17:27 . 2008-06-22 20:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-07-19 17:27 . 2008-06-22 20:33 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-08 15:22 --------- d-----w C:\Program Files\DAP 2008-08-08 12:00 --------- d-----w C:\Program Files\Coolstreaming 2008-08-08 11:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-08 10:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-08 08:43 --------- d-----w C:\Documents and Settings\Camran\Application Data\XnView 2008-08-08 08:32 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT 2008-08-05 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-05 13:22 --------- d-----w C:\Program Files\Minilyrics 2008-08-04 20:55 --------- d-----w C:\Program Files\Opera 2008-08-02 16:38 --------- d-----w C:\Program Files\GrabIt 2008-08-02 14:26 --------- d-----w C:\Program Files\gx-mod 2008-07-23 14:39 --------- d-----w C:\Documents and Settings\Sarah\Application Data\skypePM 2008-07-21 21:33 --------- d-----w C:\Program Files\mIRC 2008-07-19 15:27 --------- d-----w C:\Program Files\ffdshow 2008-07-16 19:34 --------- d-----w C:\Program Files\Winamp 2008-07-12 16:01 --------- d-----w C:\Documents and Settings\Camran\Application Data\Skype 2008-07-12 16:00 --------- d-----w C:\Documents and Settings\Camran\Application Data\skypePM 2008-07-10 16:09 --------- d-----w C:\Documents and Settings\Camran\Application Data\Azureus 2008-07-09 10:12 --------- d-----w C:\Program Files\ARWizard3 2008-07-07 11:42 --------- d-----w C:\Program Files\Fichiers communs\Nikon 2008-07-07 11:42 --------- d-----w C:\Documents and Settings\Camran\Application Data\Nikon 2008-07-07 11:24 --------- d-----w C:\Documents and Settings\Camran\Application Data\DxO Labs 2008-07-07 11:23 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy 2008-07-07 11:23 --------- d-----w C:\Program Files\DxO Labs 2008-07-07 11:23 --------- d-----w C:\Documents and Settings\Camran\Application Data\PACE Anti-Piracy 2008-07-07 11:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy 2008-07-07 11:13 --------- d-----w C:\Program Files\InterLok 2008-07-06 08:15 --------- d-----w C:\Program Files\THE Rename 2008-07-05 12:22 --------- d-----w C:\Program Files\Photomatix 2008-07-05 12:16 --------- d-----w C:\Program Files\easyHDR BASIC 2008-07-05 12:14 --------- d-----w C:\Documents and Settings\Camran\Application Data\fdrtools.com 2008-07-05 12:06 --------- d-----w C:\Program Files\AGS Technik 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 22:55 --------- d-----w C:\Documents and Settings\Sarah\Application Data\Skype 2008-06-10 13:32 --------- d-----w C:\Documents and Settings\Camran\Application Data\ArcSoft 2008-06-10 13:31 --------- d-----w C:\Program Files\SanDisk 2007-03-17 23:24 1 -c--a-w C:\Documents and Settings\Camran\SI.bin 2004-05-25 13:04 32,768 ----a-w C:\Program Files\mozilla firefox\plugins\AppSub32.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-30 14:45 1829712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 07:31 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 14:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 14:00 455168] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 17:21 54832] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe] "NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-01-19 09:33 45056 C:\WINDOWS\system32\NVATray.exe] "NvMediaCenter"="NvMCTray.dll" [2007-09-17 01:07 81920 C:\WINDOWS\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2003-08-25 11:25 139264 C:\Program Files\Fichiers communs\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=NVDESK32.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "aux"= ctwdm32.dll "msacm.imc"= imc32.acm "aux1"= ctwdm32.dll "aux3"= ctwdm32.dll "vidc.X264"= x264vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TEW-424UB Utility.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TEW-424UB Utility.lnk backup=C:\WINDOWS\pss\TEW-424UB Utility.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-04-27 11:25 257088 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a--c--- 2004-10-08 12:06 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-08-13 15:00 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] --a------ 2007-01-29 13:07 3718312 C:\Program Files\TomTom HOME\TomTomHOME.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] --a--c--- 2005-10-24 16:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\SmartFTP\\SmartFTP.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Sop Cast\\SopCast.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51] S0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [] S2 MPManF50;MPMan F50 USB Driver;C:\WINDOWS\system32\Drivers\MPManF50.sys [] S3 EWAVE;EWAVE;C:\WINDOWS\system32\drivers\ew.sys [] S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 21:12] S3 FILESPY;FILESPY;C:\WINDOWS\system32\drivers\FILESPY.sys [] S3 NSTATION;NSTATION;C:\WINDOWS\system32\drivers\nstation.sys [] S3 ZD1211U(CellVision);TRENDnet 802.11g wireless USB TEW-424UB(CellVision);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 11:00] S3 zlportio;zlportio;C:\Documents and Settings\Camran\Bureau\StarFucker v0.82 Beta - Lite Version\zlportio.sys [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-08 17:28:30 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Fichiers communs\Stardock\sdmcp.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-08 17:41:49 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-08 15:41:42 ComboFix2.txt 2008-08-08 13:04:43 Pre-Run: 11,390,750,720 octets libres Post-Run: 11,380,068,352 octets libres 238 --- E O F --- 2008-07-13 11:16:00
  4. sharris
    Voici le rapport ToolBar-S&D -----------\\ ToolBar S&D 1.0.8 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Camran ] [ "C:\Toolbar SD" ] [ Selection : 1 ] [ 08/08/2008 | 17:07:41,39 ] [ PC : GEORGIA ] [ MAJ : 04-08-2008 | 23:15 ] -----------\\ Recherche de Fichiers / Dossiers ... C:\WINDOWS\iun6002.exe
  5. sharris
    Oui, tu as raison!!! Je tiens à m'en excuser!!! Voici le nouveau rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:02:35, on 08/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Fichiers communs\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\NVATray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1115726530359 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{438FD138-E0DB-4075-B51F-FFE7BB7EA796}: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10744 bytes
  6. sharris
    Bonjour, Tout d'abord merci beaucoup pour ta disponibilité et ta réponse! Je n'ai malgré tout pas pu m'empecher d'appliquer quelques remèdes entre mon post initial et ta réponse! (Hijack puis ComboFix et enfin SDFix en mode sans échec, donc voici les trois rapport). Voilà où j'en suis pour le moment, j'espère ne pas avoir fait de bétises!!! Une nouvelle fois, merci de prendre le temps de m'aider! Voici le rapport HikackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:47:33, on 08/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Stardock\SDMCP.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NVATray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\lphca9tj0e71a.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe C:\Program Files\TRENDnet\TRENDnet TEW-424UB\TRENDnet.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunOnce: [spybotDeletingA952] command /c del "C:\WINDOWS\system32\blphca9tj0e71a.scr_old" O4 - HKLM\..\RunOnce: [spybotDeletingC6976] cmd /c del "C:\WINDOWS\system32\blphca9tj0e71a.scr_old" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [spybotDeletingB4869] command /c del "C:\WINDOWS\system32\blphca9tj0e71a.scr_old" O4 - HKCU\..\RunOnce: [spybotDeletingD9915] cmd /c del "C:\WINDOWS\system32\blphca9tj0e71a.scr_old" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1115726530359 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{438FD138-E0DB-4075-B51F-FFE7BB7EA796}: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11488 bytes J'ai ensuite fait un combofix (après avoir désactivé la restauration système) dont voici le rapport: ComboFix 08-08-07.05 - Camran 2008-08-08 14:55:01.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1326 [GMT 2:00] Endroit: C:\Documents and Settings\Camran\Bureau\ComboFix.exe * Création d'un nouveau point de restauration * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk C:\Documents and Settings\Camran\Application Data\macromedia\Flash Player\#SharedObjects\XA942K59\interclick.com C:\Documents and Settings\Camran\Application Data\macromedia\Flash Player\#SharedObjects\XA942K59\interclick.com\ud.sol C:\Documents and Settings\Camran\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Camran\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000009_.tmp.dll C:\WINDOWS\system32\lphca9tj0e71a.exe C:\WINDOWS\system32\phca9tj0e71a.bmp . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))))))) . 2008-08-08 14:29 . 2008-08-08 14:29 <REP> d-------- C:\Program Files\Trend Micro 2008-08-08 13:46 . 2008-08-08 13:46 <REP> d-------- C:\WINDOWS\LastGood 2008-08-08 13:46 . 2008-08-08 14:48 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-08-08 13:29 . 2008-08-08 13:29 60,928 --------- C:\WINDOWS\system32\blphca9tj0e71a.scr_old 2008-08-05 10:40 . 2008-08-05 10:59 <REP> d--hs---- C:\Documents and Settings\All Users\DRM 2008-08-04 22:24 . 2008-08-04 22:24 <REP> d-------- C:\Program Files\Windows Resource Kits 2008-08-04 21:21 . 2008-08-04 21:21 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-08-02 19:02 . 2008-08-02 19:02 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2008-08-02 19:02 . 2008-08-02 19:02 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2008-08-02 18:52 . 2008-08-02 18:52 <REP> d-------- C:\Program Files\Perry Rhodan 2008-07-29 01:05 . 2008-08-02 19:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-29 01:05 . 2008-07-29 01:05 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-27 20:03 . 2008-07-27 20:03 <REP> d-------- C:\Documents and Settings\Camran\Application Data\MailFrontier 2008-07-27 20:00 . 2008-08-08 15:02 14,230,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-27 20:00 . 2008-08-08 12:49 151,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-27 19:54 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-07-27 19:53 . 2008-07-27 19:53 <REP> d-------- C:\Program Files\Zone Labs 2008-07-19 17:30 . 2008-07-19 19:18 <REP> d-------- C:\Program Files\MPCHC 2008-07-19 17:27 . 2008-06-22 20:33 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2008-07-19 17:27 . 2008-06-22 20:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-07-19 17:27 . 2008-06-22 20:33 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-08 12:00 --------- d-----w C:\Program Files\Coolstreaming 2008-08-08 11:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-08 10:51 1,829,843 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-08-08 10:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-08 08:43 --------- d-----w C:\Documents and Settings\Camran\Application Data\XnView 2008-08-08 08:32 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT 2008-08-05 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-05 13:22 --------- d-----w C:\Program Files\Minilyrics 2008-08-04 20:55 --------- d-----w C:\Program Files\Opera 2008-08-02 16:38 --------- d-----w C:\Program Files\GrabIt 2008-08-02 14:26 --------- d-----w C:\Program Files\gx-mod 2008-07-23 14:39 --------- d-----w C:\Documents and Settings\Sarah\Application Data\skypePM 2008-07-21 21:33 --------- d-----w C:\Program Files\mIRC 2008-07-19 15:27 --------- d-----w C:\Program Files\ffdshow 2008-07-16 19:34 --------- d-----w C:\Program Files\Winamp 2008-07-12 16:01 --------- d-----w C:\Documents and Settings\Camran\Application Data\Skype 2008-07-12 16:00 --------- d-----w C:\Documents and Settings\Camran\Application Data\skypePM 2008-07-10 16:09 --------- d-----w C:\Documents and Settings\Camran\Application Data\Azureus 2008-07-09 10:12 --------- d-----w C:\Program Files\ARWizard3 2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-07 11:42 --------- d-----w C:\Program Files\Fichiers communs\Nikon 2008-07-07 11:42 --------- d-----w C:\Documents and Settings\Camran\Application Data\Nikon 2008-07-07 11:24 --------- d-----w C:\Documents and Settings\Camran\Application Data\DxO Labs 2008-07-07 11:23 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy 2008-07-07 11:23 --------- d-----w C:\Program Files\DxO Labs 2008-07-07 11:23 --------- d-----w C:\Documents and Settings\Camran\Application Data\PACE Anti-Piracy 2008-07-07 11:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy 2008-07-07 11:13 --------- d-----w C:\Program Files\InterLok 2008-07-06 08:15 --------- d-----w C:\Program Files\THE Rename 2008-07-05 12:22 --------- d-----w C:\Program Files\Photomatix 2008-07-05 12:16 --------- d-----w C:\Program Files\easyHDR BASIC 2008-07-05 12:14 --------- d-----w C:\Documents and Settings\Camran\Application Data\fdrtools.com 2008-07-05 12:06 --------- d-----w C:\Program Files\AGS Technik 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 22:55 --------- d-----w C:\Documents and Settings\Sarah\Application Data\Skype 2008-06-10 13:32 --------- d-----w C:\Documents and Settings\Camran\Application Data\ArcSoft 2008-06-10 13:31 --------- d-----w C:\Program Files\SanDisk 2008-06-02 07:07 47,686 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_01_13_55_37_small.dmp.zip 2008-05-20 06:57 47,842 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_19_19_05_03_small.dmp.zip 2008-05-16 18:58 46,437 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_15_19_46_46_small.dmp.zip 2007-03-17 23:24 1 -c--a-w C:\Documents and Settings\Camran\SI.bin 2004-05-25 13:04 32,768 ----a-w C:\Program Files\mozilla firefox\plugins\AppSub32.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-30 14:45 1829712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 07:31 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 14:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 14:00 455168] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 17:21 54832] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-20 01:09 160768] "nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe] "NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-01-19 09:33 45056 C:\WINDOWS\system32\NVATray.exe] "NvMediaCenter"="NvMCTray.dll" [2007-09-17 01:07 81920 C:\WINDOWS\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] C:\Documents and Settings\Sarah\Menu D‚marrer\Programmes\D‚marrage\ Konfabulator.lnk - C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe [2005-08-04 19:31:16 1282048] C:\Documents and Settings\Camran\Menu D‚marrer\Programmes\D‚marrage\ HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10 299008] Konfabulator.lnk - C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe [2005-08-04 19:31:16 1282048] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2005-05-10 14:28:33 1339392] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2008-06-10 15:31:20 114688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2003-08-25 11:25 139264 C:\Program Files\Fichiers communs\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=NVDESK32.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm "aux"= ctwdm32.dll "msacm.imc"= imc32.acm "aux1"= ctwdm32.dll "aux3"= ctwdm32.dll "vidc.X264"= x264vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TEW-424UB Utility.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TEW-424UB Utility.lnk backup=C:\WINDOWS\pss\TEW-424UB Utility.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-04-27 11:25 257088 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a--c--- 2004-10-08 12:06 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-08-13 15:00 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] --a------ 2007-01-29 13:07 3718312 C:\Program Files\TomTom HOME\TomTomHOME.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] --a--c--- 2005-10-24 16:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\SmartFTP\\SmartFTP.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Sop Cast\\SopCast.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51] S0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [] S2 MPManF50;MPMan F50 USB Driver;C:\WINDOWS\system32\Drivers\MPManF50.sys [] S3 EWAVE;EWAVE;C:\WINDOWS\system32\drivers\ew.sys [] S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 21:12] S3 FILESPY;FILESPY;C:\WINDOWS\system32\drivers\FILESPY.sys [] S3 NSTATION;NSTATION;C:\WINDOWS\system32\drivers\nstation.sys [] S3 ZD1211U(CellVision);TRENDnet 802.11g wireless USB TEW-424UB(CellVision);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 11:00] S3 zlportio;zlportio;C:\Documents and Settings\Camran\Bureau\StarFucker v0.82 Beta - Lite Version\zlportio.sys [] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-googletalk - C:\Program Files\Google\Google Talk\googletalk.exe MSConfigStartUp-lphca9tj0e71a - C:\WINDOWS\system32\lphca9tj0e71a.exe MSConfigStartUp-SMrhce9tj0e71a - C:\Program Files\rhce9tj0e71a\rhce9tj0e71a.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Camran\Application Data\Mozilla\Firefox\Profiles\ge4w0100.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.fr ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-08 15:01:49 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk21] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . Temps d'accomplissement: 2008-08-08 15:04:41 ComboFix-quarantined-files.txt 2008-08-08 13:03:38 Pre-Run: 11,469,754,368 octets libres Post-Run: 11,610,607,616 octets libres 232 --- E O F --- 2008-07-13 11:16:00 Enfin, j'ai exécuté sdfix en mode sans échec: SDFix: Version 1.214 Run by Camran on 08/08/2008 at 15:20 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\Camran\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted C:\Documents and Settings\Camran\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted Folder C:\Documents and Settings\Camran\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-08 15:31:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] "khjeh"=hex:20,02,00,00,12,19,96,89,3e,ce,e4,bc,d6,66,b8,2a,fb,d9,0e,d0,8d,.. "hj34z0"=hex:83,04,be,b6,79,3b,ae,5e,e9,94,19,a4,1e,65,1c,9d,ae,61,60,83,0d,.. "hj34z1"=hex:12,04,be,b6,01,3b,ae,5e,e8,94,18,a4,1f,65,1c,9d,ae,61,60,83,6d,.. "hj34z2"=hex:12,04,be,b6,01,3b,ae,5e,e8,94,18,a4,1f,65,1c,9d,ae,61,60,83,6d,.. "hj34z3"=hex:12,04,be,b6,01,3b,ae,5e,e8,94,18,a4,1f,65,1c,9d,ae,61,60,83,6d,.. "hj34z4"=hex:12,04,be,b6,01,3b,ae,5e,e8,94,18,a4,1f,65,1c,9d,ae,61,60,83,6d,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:a2be8941 "s2"=dword:b6f30b13 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:9a,6d,0c,0d,4a,4b,11,05,c0,83,18,d9,80,99,64,53,a2,9b,23,06,2c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:9a,6d,0c,0d,4a,4b,11,05,c0,83,18,d9,80,99,64,53,a2,9b,23,06,2c,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\IME\China\IMEPY\TIPMIG] "Migrated"=hex(b):80,2f,1e,e7,ae,88,c6,01 "S-1-5-18"="\0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] "OODEFRAG08.00.00.01WORKSTATION"="A1944049114231C6749AE13CBA0E0A4225F406C0384E7D990DD4ED10EAFEBC9E127BECC74CF EBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8E DD5E5BE2F6E667A6171C11EC38DE3DA2D97226D213B555BA7FD869164D6794E4650EAB0F68E5C5791 B2D5E76C47718A2324BEBC1DDA5DE97B83793D1C5198B47A1D9C6351B279DC187FAF5D7EE924F37BA 0B20C582EA15FD240536014A6AE4B075DAD35D4A7159562675C3FA3D8D961DCAC14D430E0B8CA6AC5 1E27C1EA282DF44068FEDDFA871ED70523E10BD5832A58D87CBD1542B781B5335EF68FA3823B78495 6C3298B25363710C16ABD16EDB46473827EFFC72FE8AAF0EE3C96D2479BEC3088ED987FA5CB84A642 D46B1C8BF174AF49EFD040EB9C66A7CFB8C55E4ACA09E9FCF7812EEE311AE5B1A3CE767805502A0A5 43B8AF374542E6297DE8FA57ABC9613E8572822FB3E63A28CED2CF32E16AE464E7400BF79F89758ED 030ED89D28C199B5D36ACFB0D4F8BD4A02686DC4116ABB47910D97314A795871C0845C52DC1D3DCBC BD66F82DD81FD3BAE61B001EA92729E7F456938415781DD9A110827658642BC940AFCB470786890BF 0198AC2DC4A020B8F4436766192926700DF2C0C54E0E489488A8A34F199925F7397E2A2FE4EB89BD3 66AD94AE1EDA88FEC920F14D239BE931FDC2EEC6F3BD6EF02CDF50F0ADF7368706BF2C33172063496 8324E6D4914B72F93741944F40BCEC072D08628AAA0DDC7EEA5B038BF3C815FD7AAEC7535C8A8C6DB 13F341BE33FE8B8B7620ADC844F505F10EB59D1CC252973B423BB70E66D2D1E886E8A339A0DDD29A0 4A09DCEABC802659B7654F6F5281AB629CD9A3D4E31FD50AA05680F7030674625AB2ACAD283D59F63 50E3DCCFB86275035B9AF097A4CDACD0752030761EF0BB7409990BE7B8EE7F6FC5641E7B9EC22565B D471C0AEF961EBB906FCE3833E8A80527C3A54FDB0AE33F7B07505A5960F55C744373A33A82C6A3CD 8DE2F1E1A0C2DA1717F09F48BCB1433D0CCC8149B11F66224672160F0ECC34C6C7A78F7DB8416E8C9 40A2639EE52E1F7CBB038B606D8F60E1A5647DD0C5B0F3EFD1B37BFA8DE2D6150D1E0D25AB274BDAD DCFBCB7DE1F4A29F2250F9A2A1C7972402BBC23BDAF81274EA839891424BC3B1F6FC948B7B3C6F4A9 A7F1CCAD06459C1E1A908107A2640BEBD7573767626E369689F07F9EA9AA6A0CB54DCD29F63B07507 3FF319057E2F0077D332C1C7BC1D7C5D7C77E57AD29F3E0386BDDBC933EC6D7F6E4F1C453D499C876 D067EB2B712A3C7DFA0BF779C5651517F22DB8E390270205EC5350C941B9023C3048DB8B586ADDBCA 21CCB4A3671F0EDACF9D2E4B08D3FEE9E8D2ABAAD4E5BF11A5215D48E47D93F1FA248506967DD26B7 4BDF1B7BA04771E2B38FC16CCBF1D" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000000be "TracesSuccessful"=dword:00000009 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\Sop Cast\\SopCast.exe"="C:\\Program Files\\Sop Cast\\SopCast.exe:*:Enabled:SoP Client" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7" "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sat 10 Jun 2006 356 ...H. --- "C:\Boot.BAK" Thu 18 Jan 2001 32,768 A..H. --- "C:\Program Files\RM-X© Audio Capture\ASProtect.dll" Wed 30 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Wed 30 Jul 2008 1,829,712 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Sat 30 Jul 2005 9 A..H. --- "C:\WINDOWS\system32\wxmmin.dll" Tue 5 Aug 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 2 Aug 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRMBACKUP\DRMv1.bak" Tue 9 Jan 2007 61,440 ..SHR --- "C:\Program Files\HotlineConnect\Hotline Connect Server\Setup.exe" Tue 5 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sun 19 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRMBACKUP\Cache\Indiv01.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT2.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BITF9.tmp" Finished!
  7. sharris
    Bonjour à tous, Encore une autre personne infectée par ce satané virus! PC qui tourne au ralenti depuis ce matin! J'ai fais un Spybot qui me situe bien le problème, me dit l'éliminer, mais après reboot le problème reste entier! Autre soucis, ZoneAlarm est bien chargé mais son interface est vide!!! J'ai parcouru les différents topics relatant ce soucis mais j'ai aussi bien lu qu'il valait mieux traiter chaque cas séparément (i.e. spcécifiquement pour chaque PC) plutôt que d'appliquer bêtement ( ) une solution X! Me voilà donc, je vous serai bien reconnaissant si vous pouviez m'aider! Merci!!!
×
×
  • Créer...