Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

RESOLU - Antivir XP 2008, moi aussi !

ribouldinguette
 Partager

Messages recommandés

ribouldinguette Member

ribouldinguette

Posté(e)
  • Auteur
Posté(e)

Merci encore pour ta réponse, j'ai pas pu revenir devant mon ordi hier soir mais me voici à pied d'oeuvre.

 

Voilà le rapport :

 

C:\WINDOWS\System32\shdocvw.dll unregistered successfully.

C:\WINDOWS\System32\shdocvw.dll moved successfully.

C:\WINDOWS\ABox.exe moved successfully.

< EmptyTemp >

File delete failed. C:\WINDOWS\temp\JETE649.tmp scheduled to be deleted on reboot.

Temp folders emptied.

IE temp folders emptied.

 

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08182008_083937

 

Files moved on Reboot...

File C:\WINDOWS\temp\JETE649.tmp not found!

 

 

Alors, c'était important ce fichier temporaire non trouvé ?!...

 

Je suppose que ce n'est pas fini ?

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)
Alors, c'était important ce fichier temporaire non trouvé ?!...

 

Je suppose que ce n'est pas fini ?

Non, ce n'étais pas primordal : une précaution supplémentaire.

 

Poste un nouveau rapport HijackThis stp.

ribouldinguette Member

ribouldinguette

Posté(e)
  • Auteur
Posté(e)

Voilà

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:23:42, on 18/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\sony\vaio media music server\SSSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe

C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\D-Link AirPlus XtremeG+\AirPlus.exe

C:\Program Files\powerpanel\Program\PcfMgr.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Documents and Settings\françoise\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.upmf-grenoble.fr:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [ABox] C:\WINDOWS\ABox.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: D-Link AirPlus XtremeG+ Configuration Utility.lnk = ?

O4 - Global Startup: PowerPanel.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141056325588

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IomegaAccess - Unknown owner - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE (file missing)

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe

O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\System32\ZipToA.exe (file missing)

 

--

End of file - 11234 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Relance HijackThis, coche cette ligne et clique sur le bouton Fix checked, en bas à gauche :

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O4 - HKLM\..\Run: [ABox] C:\WINDOWS\ABox.exe

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\System32\ZipToA.exe (file missing)

ribouldinguette Member

ribouldinguette

Posté(e)
  • Auteur
Posté(e)

C'est fait et j'ai refait un hijackthis derrière :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:56:54, on 18/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\D-Link AirPlus XtremeG+\AirPlus.exe

C:\Program Files\powerpanel\Program\PcfMgr.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\sony\vaio media music server\SSSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe

C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

C:\Documents and Settings\françoise\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.upmf-grenoble.fr:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: D-Link AirPlus XtremeG+ Configuration Utility.lnk = ?

O4 - Global Startup: PowerPanel.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141056325588

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IomegaAccess - Unknown owner - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE (file missing)

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe

 

--

End of file - 10860 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ca résiste. Il en reste !

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  • Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

ribouldinguette Member

ribouldinguette

Posté(e)
  • Auteur
Posté(e)

Et voilà !

 

ComboFix 08-08-17.03 - françoise 2008-08-18 11:11:03.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.584 [GMT 2:00]

Endroit: C:\Documents and Settings\françoise\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

* Resident AV is active

 

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006\Avis concernant le service.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006\Demander des instructions.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006\Désinstaller SystemDoctor 2006.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006\Informer le défaut du Logiciel.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006\Manuel de SystemDoctor 2006.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006\Partager des Suggestions.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006\SystemDoctor 2006 dans la Web.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006\SystemDoctor 2006.lnk

C:\Documents and Settings\françoise\err.log

C:\Documents and Settings\françoise\UserData

C:\Documents and Settings\françoise\UserData\0DQFS9UJ\oWindowsUpdate[1].xml

C:\Documents and Settings\françoise\UserData\GL6F0TQB\IsOnIE7tbPromo[1].xml

C:\Documents and Settings\françoise\UserData\index.dat

C:\Documents and Settings\françoise\UserData\SDQZGXMJ\sn[1].xml

C:\Documents and Settings\LocalService\Application Data\Hotbar

C:\Documents and Settings\test\err.log

C:\WINDOWS\system32\a.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_sysrest.sys

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-18 08:39 . 2008-08-18 08:39 <REP> d-------- C:\_OTMoveIt

2008-08-17 18:27 . 2008-08-17 18:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-17 18:27 . 2008-08-17 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-17 18:27 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-17 18:27 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-17 09:52 . 2008-08-17 09:52 <REP> d-------- C:\WINDOWS\ERUNT

2008-08-17 09:47 . 2008-08-17 11:23 <REP> d-------- C:\SDFix

2008-08-17 09:32 . 2003-08-04 13:43 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS

2008-08-17 09:32 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2008-08-17 09:32 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-08-17 09:32 . 2003-08-04 12:29 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles

2008-08-17 09:32 . 2003-08-04 15:30 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents

2008-08-17 09:32 . 2003-08-04 13:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2008-08-17 09:32 . 2003-08-04 12:35 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris

2008-08-17 09:32 . 2003-08-04 13:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-08-17 09:32 . 2003-08-04 14:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec

2008-08-17 09:32 . 2003-08-04 13:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Corporation

2008-08-17 09:32 . 2003-08-04 15:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust

2008-08-17 09:32 . 2008-08-17 09:32 <REP> d-------- C:\Documents and Settings\Administrateur

2008-08-17 08:56 . 2008-08-18 11:11 <REP> d-------- C:\quarantine

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-18 08:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-07-11 06:34 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-07-11 06:30 --------- d-----w C:\Program Files\Open Office

2008-07-07 08:59 --------- d-----w C:\Program Files\EndNote

2008-07-07 08:58 --------- d-----w C:\Program Files\Fichiers communs\Risxtd

2008-07-02 11:37 --------- d-----w C:\Program Files\EVEREST Home Edition

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2007-01-17 20:27 742,880 -c--a-w C:\Program Files\Google Updater.exe

2007-01-17 20:21 13,256,032 -c--a-w C:\Program Files\PDFCreator-0_9_3_GPLGhostscript.exe

2004-02-16 15:02 4,958,152 -c--a-w C:\Program Files\SetupDl.exe

2004-01-17 19:28 8,110,338 -c--a-w C:\Program Files\objectdock_freeware.exe

2004-01-04 15:33 10,196,075 -c--a-w C:\Program Files\PrintMeDriverForWindows.zip

2004-01-03 19:59 16,706,160 -c--a-w C:\Program Files\AdbeRdr60_enu_full.exe

2004-01-03 19:55 6,262,872 -c--a-w C:\Program Files\psa2se_us.exe

2003-12-28 16:39 452,808 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe

2003-12-26 20:36 7,128,959 -c--a-w C:\Program Files\logitecmessengerldm.exe

1996-04-11 15:34 965,904 --sha-w C:\WINDOWS\system32\msjt3032.dll

2002-08-30 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll

2004-08-19 23:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 16:24 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-13 15:52 114688]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:51 4612096]

"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 18:19 45056]

"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 16:00 90112]

"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]

"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 18:54 127022]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-20 16:58 98304]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 08:10 81990]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 04:11 135251]

"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 06:00 98304]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]

"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll

"vidc.mxmc"= MimicICM.DLL

"vidc.divf"= DivX412.dll

"vidc.div3"= DivXc32.dll

"vidc.div4"= DivXc32f.dll

"msacm.l3codecp"= l3codecp.acm

"MSACM.MI-SC4"= MI-SC4.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Device Detector 2.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Device Detector 2.lnk

backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LG SyncManager.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LG SyncManager.lnk

backup=C:\WINDOWS\pss\LG SyncManager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

--a------ 2007-03-29 08:40 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamFree for Outlook Express]

--a--c--- 2004-03-23 17:47 45056 C:\PROGRA~1\SpamFree\SFInst.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]

--a--c--- 2003-04-01 15:16 4214272 C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

--a--c--- 2002-11-23 03:15 631362 C:\Program Files\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

--------- 2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Drag'n Drop CD+DVD"=C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp

"SystemDoctor 2006"=C:\Program Files\SystemDoctor 2006\sd2006.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\ftp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 SSHDRV65;SSHDRV65;C:\WINDOWS\System32\drivers\SSHDRV65.sys [2004-08-17 10:04]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]

R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-04 12:06]

R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 11:59]

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2003-12-19 07:44]

S3 DLINK11G;D-Link 802.11g Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\GPLUS.sys [2003-07-23 12:31]

S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]

S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 11:50]

S3 PCD65X2;PCD65X2;C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\PCD65X2.sys []

S3 PCD65X3;PCD65X3;C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\PCD65X3.sys []

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]

S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 19:22]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043029bb-f876-11db-9bb3-080046b36ba6}]

\Shell\AutoRun\command - F:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a06074c4-f8a4-11db-9bb4-080046b36ba6}]

\Shell\AutoRun\command - F:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a06074c7-f8a4-11db-9bb4-080046b36ba6}]

\Shell\AutoRun\command - F:\PicasaCD.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edc0c9aa-5469-11dc-9c24-080046b36ba6}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efd04a1a-deba-11db-9b91-080046b36ba6}]

\Shell\AutoRun\command - F:\LaunchU3.exe

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

 

2008-07-25 C:\WINDOWS\Tasks\Maintenance en 1 clic.job

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 00:10]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-ISUSPM Startup - C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

HKLM-Run-StandardInstall - (no file)

MSConfigStartUp-LogitechImageStudioTray - C:\Program Files\Logitech\ImageStudio\LogiTray.exe

MSConfigStartUp-PlaxoUpdate - C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe

MSConfigStartUp-RoxAssistant - C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe

MSConfigStartUp-RoxioAudioCentral - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

MSConfigStartUp-RoxioDragToDisc - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

MSConfigStartUp-RoxioEngineUtility - C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe

MSConfigStartUp-Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

MSConfigStartUp-TVAgent WiFi - C:\Program Files\Tiscali_Triway_WiFi\Wizard\Agent_WiFi.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\françoise\Application Data\Mozilla\Firefox\Profiles\wd0y4s84.default\

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-18 11:20:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\sony\vaio media music server\SSSvr.exe

C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe

C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

C:\Program Files\D-Link AirPlus XtremeG+\AIRPLUS.exe

C:\Program Files\powerpanel\Program\PcfMgr.exe

C:\Program Files\Apoint\ApntEx.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.bin

C:\Program Files\sony\HotKey Utility\HKWnd.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-08-18 11:26:16 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-18 09:26:09

 

Pre-Run: 12,124,041,216 octets libres

Post-Run: 12,078,829,568 octets libres

 

236 --- E O F --- 2008-08-14 07:59:25

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

C'est très bien. :P

 

 

Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

  • Désactive ton antivirus, il peut gêner.
  • Ouvre le bloc notes. Vérifie que dans le menu format, le retour automatique à la ligne est désactivé. Copie colle ceci dedans :

Folder::

C:\quarantine

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SystemDoctor 2006"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=-

  • Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
     
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture

CFscript.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là, et réactive ton antivirus.

ribouldinguette Member

ribouldinguette

Posté(e)
  • Auteur
Posté(e)

Voilà, le premier :

 

ComboFix 08-08-17.03 - françoise 2008-08-18 12:39:21.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.625 [GMT 2:00]

Endroit: C:\Documents and Settings\françoise\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\françoise\Bureau\CFscript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\quarantine

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))

.

 

2008-08-18 11:26 . 2008-08-18 11:26 <REP> d-------- C:\Documents and Settings\franþoise

2008-08-18 08:39 . 2008-08-18 08:39 <REP> d-------- C:\_OTMoveIt

2008-08-17 18:27 . 2008-08-17 18:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-17 18:27 . 2008-08-17 18:27 <REP> d-------- C:\Documents and Settings\françoise\Application Data\Malwarebytes

2008-08-17 18:27 . 2008-08-17 18:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-17 18:27 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-17 18:27 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-17 09:52 . 2008-08-17 09:52 <REP> d-------- C:\WINDOWS\ERUNT

2008-08-17 09:47 . 2008-08-17 11:23 <REP> d-------- C:\SDFix

2008-08-17 09:32 . 2003-08-04 13:43 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS

2008-08-17 09:32 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2008-08-17 09:32 . 2003-08-04 13:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-08-17 09:32 . 2003-08-04 12:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles

2008-08-17 09:32 . 2003-08-04 15:30 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents

2008-08-17 09:32 . 2003-08-04 13:24 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2008-08-17 09:32 . 2003-08-04 12:35 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris

2008-08-17 09:32 . 2003-08-04 13:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-08-17 09:32 . 2003-08-04 14:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec

2008-08-17 09:32 . 2003-08-04 13:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Corporation

2008-08-17 09:32 . 2003-08-04 15:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust

2008-08-17 09:32 . 2008-08-17 09:32 <REP> d-------- C:\Documents and Settings\Administrateur

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2060-08-18 18:02 1,496,064 ------w C:\WINDOWS\system32\Cc3250mt.dll

2060-08-18 17:40 909,824 ------w C:\WINDOWS\system32\Cp3245mt.dll

2060-08-18 17:40 24,064 ------w C:\WINDOWS\system32\Borlndmm.dll

2008-08-18 09:22 --------- d-----w C:\Documents and Settings\françoise\Application Data\OpenOffice.org2

2008-08-18 08:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-07-11 06:34 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-07-11 06:30 --------- d-----w C:\Program Files\Open Office

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 08:59 --------- d-----w C:\Program Files\EndNote

2008-07-07 08:59 --------- d-----w C:\Documents and Settings\françoise\Application Data\EndNote

2008-07-07 08:58 --------- d-----w C:\Program Files\Fichiers communs\Risxtd

2008-07-02 11:37 --------- d-----w C:\Program Files\EVEREST Home Edition

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2007-10-09 09:21 2,114 -c--a-w C:\Documents and Settings\françoise\Application Data\SAS7_000.DAT

2007-01-17 20:27 742,880 -c--a-w C:\Program Files\Google Updater.exe

2007-01-17 20:21 13,256,032 -c--a-w C:\Program Files\PDFCreator-0_9_3_GPLGhostscript.exe

2004-11-08 14:19 5,447 -c--a-w C:\Documents and Settings\françoise\win.dat

2004-11-08 14:19 5,447 -c--a-w C:\Documents and Settings\françoise\win.dat

2004-11-08 14:19 42,880 -c--a-w C:\Documents and Settings\françoise\sys32.dat

2004-11-08 14:19 42,880 -c--a-w C:\Documents and Settings\françoise\sys32.dat

2004-11-08 14:19 294 -c--a-w C:\Documents and Settings\françoise\root.dat

2004-11-08 14:19 294 -c--a-w C:\Documents and Settings\françoise\root.dat

2004-11-08 14:19 1,467 -c--a-w C:\Documents and Settings\françoise\reg.dat

2004-11-08 14:19 1,467 -c--a-w C:\Documents and Settings\françoise\reg.dat

2004-11-08 14:19 1,019 -c--a-w C:\Documents and Settings\françoise\sys.dat

2004-11-08 14:19 1,019 -c--a-w C:\Documents and Settings\françoise\sys.dat

2004-03-10 14:37 38,712 -c--a-w C:\Documents and Settings\françoise\Application Data\GDIPFONTCACHEV1.DAT

2004-02-16 15:02 4,958,152 -c--a-w C:\Program Files\SetupDl.exe

2004-01-17 19:28 8,110,338 -c--a-w C:\Program Files\objectdock_freeware.exe

2004-01-04 15:33 10,196,075 -c--a-w C:\Program Files\PrintMeDriverForWindows.zip

2004-01-03 19:59 16,706,160 -c--a-w C:\Program Files\AdbeRdr60_enu_full.exe

2004-01-03 19:55 6,262,872 -c--a-w C:\Program Files\psa2se_us.exe

2003-12-28 16:39 452,808 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe

2003-12-26 20:36 7,128,959 -c--a-w C:\Program Files\logitecmessengerldm.exe

1996-04-11 15:34 965,904 --sha-w C:\WINDOWS\system32\msjt3032.dll

2002-08-30 12:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll

2004-08-19 23:09 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 16:24 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-13 15:52 114688]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 15:51 4612096]

"SigmaTel StacMon"="C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe" [2003-03-26 18:19 45056]

"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 16:00 90112]

"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]

"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 18:54 127022]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-20 16:58 98304]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 08:10 81990]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 04:11 135251]

"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 06:00 98304]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]

"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

 

C:\Documents and Settings\fran‡oise\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

PowerReg Scheduler.exe [2004-07-02 23:00:52 233472]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-07-20 15:33:14 1426424]

D-Link AirPlus XtremeG+ Configuration Utility.lnk - C:\Program Files\D-Link AirPlus XtremeG+\AirPlus.exe [2003-12-19 09:51:16 303104]

PowerPanel.lnk - C:\Program Files\powerpanel\Program\PcfMgr.exe [2003-08-04 13:57:34 880640]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll

"vidc.mxmc"= MimicICM.DLL

"vidc.divf"= DivX412.dll

"vidc.div3"= DivXc32.dll

"vidc.div4"= DivXc32f.dll

"msacm.l3codecp"= l3codecp.acm

"MSACM.MI-SC4"= MI-SC4.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Device Detector 2.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Device Detector 2.lnk

backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LG SyncManager.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LG SyncManager.lnk

backup=C:\WINDOWS\pss\LG SyncManager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

--a------ 2007-03-29 08:40 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamFree for Outlook Express]

--a--c--- 2004-03-23 17:47 45056 C:\PROGRA~1\SpamFree\SFInst.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]

--a--c--- 2003-04-01 15:16 4214272 C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

--a--c--- 2002-11-23 03:15 631362 C:\Program Files\Logitech\iTouch\iTouch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

--------- 2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Drag'n Drop CD+DVD"=C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\ftp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 SSHDRV65;SSHDRV65;C:\WINDOWS\System32\drivers\SSHDRV65.sys [2004-08-17 10:04]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]

R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-08-04 12:06]

R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 11:59]

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2003-12-19 07:44]

S3 DLINK11G;D-Link 802.11g Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\GPLUS.sys [2003-07-23 12:31]

S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]

S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 11:50]

S3 PCD65X2;PCD65X2;C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\PCD65X2.sys []

S3 PCD65X3;PCD65X3;C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\PCD65X3.sys []

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]

S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 19:22]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{043029bb-f876-11db-9bb3-080046b36ba6}]

\Shell\AutoRun\command - F:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a06074c4-f8a4-11db-9bb4-080046b36ba6}]

\Shell\AutoRun\command - F:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a06074c7-f8a4-11db-9bb4-080046b36ba6}]

\Shell\AutoRun\command - F:\PicasaCD.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edc0c9aa-5469-11dc-9c24-080046b36ba6}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efd04a1a-deba-11db-9b91-080046b36ba6}]

\Shell\AutoRun\command - F:\LaunchU3.exe

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

 

2008-07-25 C:\WINDOWS\Tasks\Maintenance en 1 clic.job

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 00:10]

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-18 12:40:50

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-08-18 12:42:42

ComboFix-quarantined-files.txt 2008-08-18 10:42:16

ComboFix2.txt 2008-08-18 09:26:17

 

Pre-Run: 12,077,625,344 octets libres

Post-Run: 12,059,598,848 octets libres

 

204 --- E O F --- 2008-08-14 07:59:25

 

 

 

Et le hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:47:44, on 18/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\sony\vaio media music server\SSSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe

C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\D-Link AirPlus XtremeG+\AirPlus.exe

C:\Program Files\powerpanel\Program\PcfMgr.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\françoise\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.upmf-grenoble.fr:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB003" /M "Stylus Photo RX520"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: D-Link AirPlus XtremeG+ Configuration Utility.lnk = ?

O4 - Global Startup: PowerPanel.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141056325588

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IomegaAccess - Unknown owner - C:\Program Files\Iomega\Tools_NT\IOMEGAACCESS.EXE (file missing)

O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe

 

--

End of file - 10566 bytes

 

 

Merci et bon appétit !

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ha le vilain, j'ai oublié un fichier.

Repasse un script ComboFix (même méthode) avec ce contenu stp.

 

Killall::

 

File::

C:\WINDOWS\System32\shdocvw.dll

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...