Virus

David-belgique Messages postés 21 Date d'inscription   Statut Membre Dernière intervention   -  
raleuboleu Messages postés 5022 Date d'inscription   Statut Membre Dernière intervention   -
Salut tout le monde, j'ai une page anti virus qui s'ouvre toujours sur le meme fichier infecté, j'ai beau le mettre en quarantaine il revient a la charge tout le temps, que dois je faire? es ce un virus? merci de m'aider ... ca m'indique ceci: probablement une variante de win32/adware.agent application
A voir également:

35 réponses

Précédent
  • 1
  • 2
Réponse 21 / 35
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
OK

- HijackThis
- Combofix

A demain.
0
Réponse 22 / 35
raleuboleu Messages postés 5022 Date d'inscription   Statut Membre Dernière intervention   79
 
a demain looool , je veux savoir la fin , c'est prison break pour moi mdr

bonne nuit

bizoux
0
Réponse 23 / 35
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
lol Pourtant y a pas de prison :P

Et y aura pas de saison 2, ni de 3, ici !

A+
0
Réponse 24 / 35
David-belgique Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of HijackThis v1.99.1
Scan saved at 19:30:23, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\Apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jkhhigg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 35
David-belgique Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
"Owner" - 2007-07-23 19:34:05 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


2007-07-23 19:33 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 21:35 40,960 --a------ C:\WINDOWS\system32\awvtq.exe
2007-07-22 20:40 <REP> d-------- C:\Program Files\CCleaner
2007-07-22 20:37 <REP> d-------- C:\Program Files\Cleaner
2007-07-22 19:59 <REP> d-------- C:\Program Files\Kerio
2007-07-22 18:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-21 23:03 <REP> d-------- C:\Program Files\Navilog1
2007-07-21 22:26 1,976 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-21 22:25 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-21 22:25 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-21 22:04 <REP> d----c--- C:\Hijackthis Version Fran‡aise
2007-07-21 21:24 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-21 21:19 <REP> d-------- C:\Program Files\Sdfix
2007-07-21 19:33 <REP> d-------- C:\Program Files\Common
2007-07-21 19:22 <REP> d-------- C:\Program Files\Yahoo!
2007-07-21 19:20 <REP> d-------- C:\WINDOWS\cache
2007-07-21 17:20 40,960 --a------ C:\WINDOWS\system32\vtsqo.exe
2007-07-21 17:12 40,960 --a------ C:\WINDOWS\system32\pmnli.exe
2007-07-21 17:07 40,960 --a------ C:\WINDOWS\system32\geeda.exe
2007-07-21 17:02 40,960 --a------ C:\WINDOWS\system32\ssqpo.exe
2007-07-21 16:56 40,960 --a------ C:\WINDOWS\system32\geeby.exe
2007-07-21 16:50 40,960 --a------ C:\WINDOWS\system32\mlljk.exe
2007-07-21 16:45 40,960 --a------ C:\WINDOWS\system32\pmkhi.exe
2007-07-21 16:40 40,960 --a------ C:\WINDOWS\system32\vturo.exe
2007-07-21 16:35 40,960 --a------ C:\WINDOWS\system32\gebcb.exe
2007-07-21 16:30 40,960 --a------ C:\WINDOWS\system32\jkhhh.exe
2007-07-21 16:23 40,960 --a------ C:\WINDOWS\system32\mllmj.exe
2007-07-21 16:14 40,960 --a------ C:\WINDOWS\system32\ddccd.exe
2007-07-21 16:05 40,960 --a------ C:\WINDOWS\system32\ddaba.exe
2007-07-21 15:51 40,960 --a------ C:\WINDOWS\system32\pmnlm.exe
2007-07-21 15:46 40,960 --a------ C:\WINDOWS\system32\gebyx.exe
2007-07-21 15:41 40,960 --a------ C:\WINDOWS\system32\vturr.exe
2007-07-21 15:36 40,960 --a------ C:\WINDOWS\system32\ssqpp.exe
2007-07-21 15:29 40,960 --a------ C:\WINDOWS\system32\awvtr.exe
2007-07-21 15:24 40,960 --a------ C:\WINDOWS\system32\mljjj.exe
2007-07-21 15:17 40,960 --a------ C:\WINDOWS\system32\awvtu.exe
2007-07-06 20:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-07-06 20:54 <REP> d-------- C:\Program Files\Windows Live
2007-07-06 20:54 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-07-05 18:40 <REP> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-07-05 17:51 <REP> d-------- C:\Program Files\DivX
2007-07-01 00:04 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-07-01 00:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-23 11:53 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-23 11:53 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-23 11:53 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 16:36:21 -------- d-----w C:\Program Files\S
2007-07-21 17:27:27 -------- d-----w C:\Program Files\Common Files
2007-07-21 15:05:48 -------- d-----w C:\Program Files\Lexmark X1100 Series
2007-07-06 18:54:14 -------- d-----w C:\Program Files\MSN Messenger
2007-07-02 19:41:10 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-06-30 22:24:11 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-06-30 22:06:41 -------- d-----w C:\Program Files\iTunes
2007-06-30 22:06:28 -------- d-----w C:\Program Files\Ipod
2007-06-01 17:32:57 -------- d-----w C:\Program Files\QuickTime
2007-06-01 17:29:41 -------- d-----w C:\Program Files\Apple Software Update
2007-05-29 19:41:28 -------- d-----w C:\Program Files\Google
2007-05-27 14:34:18 -------- d-----w C:\Program Files\vso
2007-05-27 14:34:12 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Vso
2007-05-27 14:34:11 87,608 ----a-w C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-05-27 14:34:11 47,360 ----a-w C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-30 11:51 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-09-30 11:53 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-30 11:53 C:\WINDOWS\system32\VTTrayp.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-28 12:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-21 11:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\jkhhigg.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a25d479-7203-11da-a51a-0040caac2c75}]
AutoRun\command- I:\warning\shellrun.exe


Contents of the 'Scheduled Tasks' folder
2007-07-20 17:29:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 19:35:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-23 19:35:53

--- E O F ---
0
Réponse 26 / 35
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Supprime avec Otmoveit:

c:\windows\system32\jkhhigg.dll
C:\WINDOWS\system32\vtsqo.exe
C:\WINDOWS\system32\pmnli.exe
C:\WINDOWS\system32\geeda.exe
C:\WINDOWS\system32\ssqpo.exe
C:\WINDOWS\system32\geeby.exe
C:\WINDOWS\system32\mlljk.exe
C:\WINDOWS\system32\pmkhi.exe
C:\WINDOWS\system32\vturo.exe
C:\WINDOWS\system32\gebcb.exe
C:\WINDOWS\system32\jkhhh.exe
C:\WINDOWS\system32\mllmj.exe
C:\WINDOWS\system32\ddccd.exe
C:\WINDOWS\system32\ddaba.exe
C:\WINDOWS\system32\pmnlm.exe
C:\WINDOWS\system32\gebyx.exe
C:\WINDOWS\system32\vturr.exe
C:\WINDOWS\system32\ssqpp.exe
C:\WINDOWS\system32\awvtr.exe
C:\WINDOWS\system32\mljjj.exe
C:\WINDOWS\system32\awvtu.exe
0
Réponse 27 / 35
david-belgique
 
Logfile of HijackThis v1.99.1
Scan saved at 20:06:18, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\Apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jkhhigg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
0
Réponse 28 / 35
david-belgique
 
"Owner" - 2007-07-23 20:09:57 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


2007-07-23 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 21:35 40,960 --a------ C:\WINDOWS\system32\awvtq.exe
2007-07-22 20:40 <REP> d-------- C:\Program Files\CCleaner
2007-07-22 20:37 <REP> d-------- C:\Program Files\Cleaner
2007-07-22 18:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-21 22:26 1,976 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-21 22:25 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-21 22:25 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-21 22:04 <REP> d----c--- C:\Hijackthis Version Fran‡aise
2007-07-21 21:24 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-21 21:19 <REP> d-------- C:\Program Files\Sdfix
2007-07-21 19:33 <REP> d-------- C:\Program Files\Common
2007-07-21 19:22 <REP> d-------- C:\Program Files\Yahoo!
2007-07-21 19:20 <REP> d-------- C:\WINDOWS\cache
2007-07-06 20:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-07-06 20:54 <REP> d-------- C:\Program Files\Windows Live
2007-07-06 20:54 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-07-05 18:40 <REP> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-07-05 17:51 <REP> d-------- C:\Program Files\DivX
2007-07-01 00:04 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-07-01 00:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-23 11:53 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-23 11:53 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-23 11:53 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 16:36:21 -------- d-----w C:\Program Files\S
2007-07-21 17:27:27 -------- d-----w C:\Program Files\Common Files
2007-07-21 15:05:48 -------- d-----w C:\Program Files\Lexmark X1100 Series
2007-07-06 18:54:14 -------- d-----w C:\Program Files\MSN Messenger
2007-07-02 19:41:10 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-06-30 22:24:11 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-06-30 22:06:41 -------- d-----w C:\Program Files\iTunes
2007-06-30 22:06:28 -------- d-----w C:\Program Files\Ipod
2007-06-01 17:32:57 -------- d-----w C:\Program Files\QuickTime
2007-06-01 17:29:41 -------- d-----w C:\Program Files\Apple Software Update
2007-05-29 19:41:28 -------- d-----w C:\Program Files\Google
2007-05-27 14:34:18 -------- d-----w C:\Program Files\vso
2007-05-27 14:34:12 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Vso
2007-05-27 14:34:11 87,608 ----a-w C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-05-27 14:34:11 47,360 ----a-w C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-30 11:51 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-09-30 11:53 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-30 11:53 C:\WINDOWS\system32\VTTrayp.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-28 12:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-21 11:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\jkhhigg.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a25d479-7203-11da-a51a-0040caac2c75}]
AutoRun\command- I:\warning\shellrun.exe


Contents of the 'Scheduled Tasks' folder
2007-07-20 17:29:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 20:11:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-23 20:11:42

--- E O F ---
0
Réponse 29 / 35
David-belgique Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of HijackThis v1.99.1
Scan saved at 20:33:56, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\Apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
0
Réponse 30 / 35
David-belgique Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
"Owner" - 2007-07-23 20:35:06 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


2007-07-23 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 20:40 <REP> d-------- C:\Program Files\CCleaner
2007-07-22 20:37 <REP> d-------- C:\Program Files\Cleaner
2007-07-22 18:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-21 22:26 1,976 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-21 22:25 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-21 22:25 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-21 22:04 <REP> d----c--- C:\Hijackthis Version Fran‡aise
2007-07-21 21:24 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-21 21:19 <REP> d-------- C:\Program Files\Sdfix
2007-07-21 19:33 <REP> d-------- C:\Program Files\Common
2007-07-21 19:22 <REP> d-------- C:\Program Files\Yahoo!
2007-07-21 19:20 <REP> d-------- C:\WINDOWS\cache
2007-07-06 20:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-07-06 20:54 <REP> d-------- C:\Program Files\Windows Live
2007-07-06 20:54 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-07-05 18:40 <REP> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-07-05 17:51 <REP> d-------- C:\Program Files\DivX
2007-07-01 00:04 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-07-01 00:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-23 11:53 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-23 11:53 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-23 11:53 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 16:36:21 -------- d-----w C:\Program Files\S
2007-07-21 17:27:27 -------- d-----w C:\Program Files\Common Files
2007-07-21 15:05:48 -------- d-----w C:\Program Files\Lexmark X1100 Series
2007-07-06 18:54:14 -------- d-----w C:\Program Files\MSN Messenger
2007-07-02 19:41:10 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-06-30 22:24:11 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-06-30 22:06:41 -------- d-----w C:\Program Files\iTunes
2007-06-30 22:06:28 -------- d-----w C:\Program Files\Ipod
2007-06-01 17:32:57 -------- d-----w C:\Program Files\QuickTime
2007-06-01 17:29:41 -------- d-----w C:\Program Files\Apple Software Update
2007-05-29 19:41:28 -------- d-----w C:\Program Files\Google
2007-05-27 14:34:18 -------- d-----w C:\Program Files\vso
2007-05-27 14:34:12 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Vso
2007-05-27 14:34:11 87,608 ----a-w C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-05-27 14:34:11 47,360 ----a-w C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-30 11:51 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-09-30 11:53 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-30 11:53 C:\WINDOWS\system32\VTTrayp.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-28 12:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-21 11:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a25d479-7203-11da-a51a-0040caac2c75}]
AutoRun\command- I:\warning\shellrun.exe


Contents of the 'Scheduled Tasks' folder
2007-07-20 17:29:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 20:36:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-23 20:37:06

--- E O F ---
0
Réponse 31 / 35
raleuboleu Messages postés 5022 Date d'inscription   Statut Membre Dernière intervention   79
 
saluté

alors mister mange et j'aimerais voir la suite moi!!!!!!


bizoux a vous 2
0
Réponse 32 / 35
David-belgique Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of HijackThis v1.99.1
Scan saved at 21:21:31, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\Apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
0
Réponse 33 / 35
David-belgique Messages postés 21 Date d'inscription   Statut Membre Dernière intervention  
 
"Owner" - 2007-07-23 21:22:24 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


2007-07-23 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 20:40 <REP> d-------- C:\Program Files\CCleaner
2007-07-22 20:37 <REP> d-------- C:\Program Files\Cleaner
2007-07-22 18:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-21 22:26 1,976 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-21 22:25 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-21 22:25 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-21 22:04 <REP> d----c--- C:\Hijackthis Version Fran‡aise
2007-07-21 21:24 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-21 21:19 <REP> d-------- C:\Program Files\Sdfix
2007-07-21 19:33 <REP> d-------- C:\Program Files\Common
2007-07-21 19:22 <REP> d-------- C:\Program Files\Yahoo!
2007-07-21 19:20 <REP> d-------- C:\WINDOWS\cache
2007-07-06 20:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-07-06 20:54 <REP> d-------- C:\Program Files\Windows Live
2007-07-06 20:54 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-07-05 18:40 <REP> d-------- C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-07-05 17:51 <REP> d-------- C:\Program Files\DivX
2007-07-01 00:04 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-07-01 00:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-23 11:53 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-23 11:53 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-23 11:53 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 16:36:21 -------- d-----w C:\Program Files\S
2007-07-21 17:27:27 -------- d-----w C:\Program Files\Common Files
2007-07-21 15:05:48 -------- d-----w C:\Program Files\Lexmark X1100 Series
2007-07-06 18:54:14 -------- d-----w C:\Program Files\MSN Messenger
2007-07-02 19:41:10 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-06-30 22:24:11 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-06-30 22:06:41 -------- d-----w C:\Program Files\iTunes
2007-06-30 22:06:28 -------- d-----w C:\Program Files\Ipod
2007-06-01 17:32:57 -------- d-----w C:\Program Files\QuickTime
2007-06-01 17:29:41 -------- d-----w C:\Program Files\Apple Software Update
2007-05-29 19:41:28 -------- d-----w C:\Program Files\Google
2007-05-27 14:34:18 -------- d-----w C:\Program Files\vso
2007-05-27 14:34:12 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Vso
2007-05-27 14:34:11 87,608 ----a-w C:\DOCUME~1\Owner\APPLIC~1\ezpinst.exe
2007-05-27 14:34:11 47,360 ----a-w C:\DOCUME~1\Owner\APPLIC~1\pcouffin.sys
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-30 11:51 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-09-30 11:53 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-30 11:53 C:\WINDOWS\system32\VTTrayp.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-28 12:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-21 11:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a25d479-7203-11da-a51a-0040caac2c75}]
AutoRun\command- I:\warning\shellrun.exe


Contents of the 'Scheduled Tasks' folder
2007-07-20 17:29:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 21:23:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-23 21:24:17
C:\ComboFix2.txt ... 2007-07-23 20:37

--- E O F ---
0
Réponse 34 / 35
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
ou en sont tes soucis?

A++
0
Réponse 35 / 35
raleuboleu Messages postés 5022 Date d'inscription   Statut Membre Dernière intervention   79
 
?????

combofix t'as aidé?!!! on arrivai pas nous 2 !!!!je connais mal cet outil don je matte puis suivrais car régis doit me former!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! corriger déjà grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr , bizoux a vous 2 , v grignoter c mon + qui aide a tout !! me prendre 1 javelo, mettre 1 'coup de boule' a ma chere voisine euh vo mieu jarete looool allez a + je suis poiur pour pour comprendre combo déjà et pis zete c00l et comprehensif, sympas!!! mais pas de ronflement siouplé raaaaaaaaaaaaaaaaaaaa


alllez a+ pour ce topic , a taleur meme ^^ moi g faim looooooool

bizoux , bonne nuits a tous

@>----\-- bon c'était 1 fleur , obligée de dire sinan personne saura !!!!

bizoux
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses