RESOLU - Antivir XP 2008, moi aussi !

ribouldinguette · le 26 août 2008

Voilà !

Fichier PSEXESVC.EXE reçu le 2008.08.26 22:05:38 (CET)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.8.21.0 2008.08.26 -

AntiVir 7.8.1.23 2008.08.26 APPL/PsExec.E

Authentium 5.1.0.4 2008.08.26 -

Avast 4.8.1195.0 2008.08.26 -

AVG 8.0.0.161 2008.08.26 -

BitDefender 7.2 2008.08.26 -

CAT-QuickHeal 9.50 2008.08.26 -

ClamAV 0.93.1 2008.08.26 -

DrWeb 4.44.0.09170 2008.08.26 -

eSafe 7.0.17.0 2008.08.26 -

eTrust-Vet 31.6.6049 2008.08.26 -

Ewido 4.0 2008.08.26 -

F-Prot 4.4.4.56 2008.08.26 -

F-Secure 7.60.13501.0 2008.08.26 -

Fortinet 3.14.0.0 2008.08.26 -

GData 19 2008.08.26 -

Ikarus T3.1.1.34.0 2008.08.26 -

K7AntiVirus 7.10.428 2008.08.25 Trojan.Win32.Malware.1

Kaspersky 7.0.0.125 2008.08.26 -

McAfee 5370 2008.08.26 -

Microsoft 1.3807 2008.08.25 -

NOD32v2 3389 2008.08.26 -

Norman 5.80.02 2008.08.26 -

Panda 9.0.0.4 2008.08.26 Application/Psexec.A

PCTools 4.4.2.0 2008.08.26 -

Prevx1 V2 2008.08.26 -

Rising 20.59.11.00 2008.08.26 -

Sophos 4.32.0 2008.08.26 -

Sunbelt 3.1.1582.1 2008.08.26 -

Symantec 10 2008.08.26 -

TheHacker 6.3.0.6.060 2008.08.23 Adware/PsExec

TrendMicro 8.700.0.1004 2008.08.26 -

VBA32 3.12.8.4 2008.08.26 -

ViRobot 2008.8.26.1350 2008.08.26 -

VirusBuster 4.5.11.0 2008.08.26 -

Webwasher-Gateway 6.6.2 2008.08.26 Riskware.PsExec.E

Information additionnelle

File size: 53248 bytes

MD5...: 34567437e1881533d582028e95456fbc

SHA1..: 6abfeb0dc2b4f60126a2b3355b1c9d8efbfa5f23

SHA256: 4fca6538c22d5d9a19302cdd19fdaa10a9cf6f389dabc842c9a2530598e30743

SHA512: ed806df335e29eaf48eb54ea6eb2cfb7dc02bf9cd3529238cc006ef1abde06e0 ec0095cb6d48b375be330243b69b93ab617646d45aa128cadc839dee019eb380

PEiD..: Armadillo v1.71

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4035f0 timedatestamp.....: 0x43ea5536 (Wed Feb 08 20:31:50 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6f82 0x7000 6.58 795e895b87146c8b28fa69cea3c0b84e .rdata 0x8000 0x1446 0x2000 3.94 c0ea42e1ee7d9dae25de550a83cd69ab .data 0xa000 0x2f04 0x2000 2.35 77598b9654c4de17cb7bc594dda8c374 .rsrc 0xd000 0x3e8 0x1000 1.02 40f8672c462e53485935e9788416b0d2 ( 5 imports ) > USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW > KERNEL32.dll: HeapFree, HeapAlloc, GetProcessHeap, SetProcessAffinityMask, GetProcAddress, LoadLibraryW, GetCurrentThread, GetExitCodeProcess, InterlockedDecrement, FlushFileBuffers, DisconnectNamedPipe, CreateNamedPipeW, OutputDebugStringA, ReadFile, InterlockedIncrement, SetHandleInformation, lstrlenW, SetThreadPriority, SetConsoleCtrlHandler, GetCommandLineW, FormatMessageW, SetStdHandle, SetFilePointer, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetModuleFileNameA, ConnectNamedPipe, SetEvent, GetModuleFileNameW, GetVersion, GetCurrentProcess, MultiByteToWideChar, WaitForSingleObject, GetStdHandle, WriteFile, LocalFree, CloseHandle, Sleep, SetLastError, GetLastError, LCMapStringA, LCMapStringW, GetCPInfo, GetACP, GetOEMCP, LoadLibraryA, GetStringTypeA, GetStringTypeW, CreateEventW, UnhandledExceptionFilter, TlsGetValue, EnterCriticalSection, LeaveCriticalSection, CreateThread, GetCurrentThreadId, TlsSetValue, ExitThread, RtlUnwind, ExitProcess, TerminateProcess, ResumeThread, GetCommandLineA, HeapDestroy, HeapCreate, VirtualFree, InitializeCriticalSection, DeleteCriticalSection, VirtualAlloc, HeapReAlloc, SetHandleCount, GetFileType, GetStartupInfoA, TlsAlloc > USER32.dll: CloseWindowStation, GetUserObjectSecurity, SetUserObjectSecurity, CloseDesktop, OpenDesktopW, SetProcessWindowStation, OpenWindowStationW, GetProcessWindowStation > ADVAPI32.dll: RegisterEventSourceW, ReportEventW, DeregisterEventSource, SetServiceStatus, RegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, LogonUserW, ImpersonateNamedPipeClient, OpenThreadToken, RevertToSelf, DuplicateTokenEx, LookupAccountSidW, CreateProcessAsUserW, SetEntriesInAclW, AddAccessAllowedAce, InitializeSecurityDescriptor, GetSecurityDescriptorDacl, GetAclInformation, InitializeAcl, GetAce, AddAce, EqualSid, SetSecurityDescriptorDacl, GetLengthSid, CopySid, OpenProcessToken, DeleteService, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CreateServiceW, CloseServiceHandle, AllocateAndInitializeSid, GetTokenInformation, FreeSid, LsaOpenPolicy, LsaEnumerateAccountRights, LsaClose, LookupPrivilegeValueW, LsaFreeMemory > SHELL32.dll: CommandLineToArgvW ( 0 exports )

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.8.21.0 2008.08.26 -

AntiVir 7.8.1.23 2008.08.26 APPL/PsExec.E

Authentium 5.1.0.4 2008.08.26 -

Avast 4.8.1195.0 2008.08.26 -

AVG 8.0.0.161 2008.08.26 -

BitDefender 7.2 2008.08.26 -

CAT-QuickHeal 9.50 2008.08.26 -

ClamAV 0.93.1 2008.08.26 -

DrWeb 4.44.0.09170 2008.08.26 -

eSafe 7.0.17.0 2008.08.26 -

eTrust-Vet 31.6.6049 2008.08.26 -

Ewido 4.0 2008.08.26 -

F-Prot 4.4.4.56 2008.08.26 -

F-Secure 7.60.13501.0 2008.08.26 -

Fortinet 3.14.0.0 2008.08.26 -

GData 19 2008.08.26 -

Ikarus T3.1.1.34.0 2008.08.26 -

K7AntiVirus 7.10.428 2008.08.25 Trojan.Win32.Malware.1

Kaspersky 7.0.0.125 2008.08.26 -

McAfee 5370 2008.08.26 -

Microsoft 1.3807 2008.08.25 -

NOD32v2 3389 2008.08.26 -

Norman 5.80.02 2008.08.26 -

Panda 9.0.0.4 2008.08.26 Application/Psexec.A

PCTools 4.4.2.0 2008.08.26 -

Prevx1 V2 2008.08.26 -

Rising 20.59.11.00 2008.08.26 -

Sophos 4.32.0 2008.08.26 -

Sunbelt 3.1.1582.1 2008.08.26 -

Symantec 10 2008.08.26 -

TheHacker 6.3.0.6.060 2008.08.23 Adware/PsExec

TrendMicro 8.700.0.1004 2008.08.26 -

VBA32 3.12.8.4 2008.08.26 -

ViRobot 2008.8.26.1350 2008.08.26 -

VirusBuster 4.5.11.0 2008.08.26 -

Webwasher-Gateway 6.6.2 2008.08.26 Riskware.PsExec.E

Information additionnelle

File size: 53248 bytes

MD5...: 34567437e1881533d582028e95456fbc

SHA1..: 6abfeb0dc2b4f60126a2b3355b1c9d8efbfa5f23

SHA256: 4fca6538c22d5d9a19302cdd19fdaa10a9cf6f389dabc842c9a2530598e30743

SHA512: ed806df335e29eaf48eb54ea6eb2cfb7dc02bf9cd3529238cc006ef1abde06e0 ec0095cb6d48b375be330243b69b93ab617646d45aa128cadc839dee019eb380

PEiD..: Armadillo v1.71

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4035f0 timedatestamp.....: 0x43ea5536 (Wed Feb 08 20:31:50 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6f82 0x7000 6.58 795e895b87146c8b28fa69cea3c0b84e .rdata 0x8000 0x1446 0x2000 3.94 c0ea42e1ee7d9dae25de550a83cd69ab .data 0xa000 0x2f04 0x2000 2.35 77598b9654c4de17cb7bc594dda8c374 .rsrc 0xd000 0x3e8 0x1000 1.02 40f8672c462e53485935e9788416b0d2 ( 5 imports ) > USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW > KERNEL32.dll: HeapFree, HeapAlloc, GetProcessHeap, SetProcessAffinityMask, GetProcAddress, LoadLibraryW, GetCurrentThread, GetExitCodeProcess, InterlockedDecrement, FlushFileBuffers, DisconnectNamedPipe, CreateNamedPipeW, OutputDebugStringA, ReadFile, InterlockedIncrement, SetHandleInformation, lstrlenW, SetThreadPriority, SetConsoleCtrlHandler, GetCommandLineW, FormatMessageW, SetStdHandle, SetFilePointer, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetModuleFileNameA, ConnectNamedPipe, SetEvent, GetModuleFileNameW, GetVersion, GetCurrentProcess, MultiByteToWideChar, WaitForSingleObject, GetStdHandle, WriteFile, LocalFree, CloseHandle, Sleep, SetLastError, GetLastError, LCMapStringA, LCMapStringW, GetCPInfo, GetACP, GetOEMCP, LoadLibraryA, GetStringTypeA, GetStringTypeW, CreateEventW, UnhandledExceptionFilter, TlsGetValue, EnterCriticalSection, LeaveCriticalSection, CreateThread, GetCurrentThreadId, TlsSetValue, ExitThread, RtlUnwind, ExitProcess, TerminateProcess, ResumeThread, GetCommandLineA, HeapDestroy, HeapCreate, VirtualFree, InitializeCriticalSection, DeleteCriticalSection, VirtualAlloc, HeapReAlloc, SetHandleCount, GetFileType, GetStartupInfoA, TlsAlloc > USER32.dll: CloseWindowStation, GetUserObjectSecurity, SetUserObjectSecurity, CloseDesktop, OpenDesktopW, SetProcessWindowStation, OpenWindowStationW, GetProcessWindowStation > ADVAPI32.dll: RegisterEventSourceW, ReportEventW, DeregisterEventSource, SetServiceStatus, RegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, LogonUserW, ImpersonateNamedPipeClient, OpenThreadToken, RevertToSelf, DuplicateTokenEx, LookupAccountSidW, CreateProcessAsUserW, SetEntriesInAclW, AddAccessAllowedAce, InitializeSecurityDescriptor, GetSecurityDescriptorDacl, GetAclInformation, InitializeAcl, GetAce, AddAce, EqualSid, SetSecurityDescriptorDacl, GetLengthSid, CopySid, OpenProcessToken, DeleteService, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CreateServiceW, CloseServiceHandle, AllocateAndInitializeSid, GetTokenInformation, FreeSid, LsaOpenPolicy, LsaEnumerateAccountRights, LsaClose, LookupPrivilegeValueW, LsaFreeMemory > SHELL32.dll: CommandLineToArgvW ( 0 exports )

Falkra · le 26 août 2008

Télécharge OTMoveIt2 par OldTimer.

Enregistre ce fichier sur le Bureau.
Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
```
C:\windows\PSEXESVC.EXE
```
Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
Clique sur le bouton rouge Moveit!.
Ferme OTMoveIt2
Poste dans ta prochaine réponse le rapport de OTMoveIt2 (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

ribouldinguette · le 26 août 2008

C:\windows\PSEXESVC.EXE moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08262008_222320

Falkra · le 26 août 2008

Poste un nouveau rapport HijackThis, je vais te faire retirer la ligne correspondante.

ribouldinguette · le 26 août 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:29, on 2008-08-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\Logi_MwX.Exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\sony\vaio media music server\SSSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe

C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\D-Link AirPlus XtremeG+\AirPlus.exe

C:\Program Files\powerpanel\Program\PcfMgr.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\françoise\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.upmf-grenoble.fr:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: D-Link AirPlus XtremeG+ Configuration Utility.lnk = ?

O4 - Global Startup: PowerPanel.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141056325588

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IomegaAccess - Unknown owner - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE (file missing)

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe

--

End of file - 10687 bytes

Falkra · le 26 août 2008

Relance HijackThis, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

ribouldinguette · le 26 août 2008

J'ai fait, mais on dirait que ça ne marche pas regarde (pourtant pas de message d'erreur)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:37, on 2008-08-26