TR/Crypt.XPACK.Gen

yvan3131 Messages postés 54 Statut Membre -  
yvan3131 Messages postés 54 Statut Membre -
Bonjour,

Avez vous une idée pour virer ce truc qui me prend la tête ?
Antivir le détecte, hijack ne peut pas être lancé jusqu'à présent, spyboot non plus ...

11 réponses

Réponse 1 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt

il me faut les trois rapports!!!!!






Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

_______________________


colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."


_______________________
colle un rapport antivir
0
yvan3131 Messages postés 54 Statut Membre
 
Salut,

Merci pour ta réponse rapide. J'ai fait comme indiqué et j'ai quitté 3 minutes mon ordi après avoir lancé combofix, je reviens écran bleu en phase de redémarrage.

Normal ?

Yvan
0
Réponse 2 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
si ca persiste plus de 5 min, eteinds l'ordi et redemarre
0
yvan3131 Messages postés 54 Statut Membre
 
JlpJlp, je te remercie dores et déjà parce qu'il y a des choses qui bougent !!

Rapport combofix :

ComboFix 08-03-07.4 - Christine & Patrice 2008-03-08 20:14:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.613 [GMT 1:00]
Endroit: C:\Documents and Settings\Christine & Patrice\Bureau\tuelamerde.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

[color=red]C:\WINDOWS\system32\dllcache\beep.sys/color
[color=red]C:\WINDOWS\system32\drivers\beep.sys/color
C:\WINDOWS\braviax.exe
C:\WINDOWS\cru629.dat
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\RunOnce.t__
C:\WINDOWS\system32\RunOnce.tm_
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\winivstr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SYSLIBRARY
-------\SysLibrary


((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
.

2008-03-08 20:08 . 2008-03-08 20:08 <REP> d-------- C:\HiJackThis
2008-03-08 18:02 . 2008-03-08 19:58 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Program Files\Avira
2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-08 17:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-08 17:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-08 17:36 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-08 17:36 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-08 17:36 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-08 17:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-08 17:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-08 15:05 . 2008-03-08 16:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-08 14:00 . 2008-03-08 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-08 12:18 . 2008-03-08 12:18 <REP> d-------- C:\Program Files\CCleaner
2008-03-08 09:38 . 2008-03-08 09:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
2008-03-05 19:41 . 2008-03-07 08:12 <REP> d-------- C:\Documents and Settings\Christine & Patrice\Application Data\FileZilla
2008-03-05 19:40 . 2008-03-05 19:42 <REP> d-------- C:\Program Files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 19:24 --------- d-----w C:\Program Files\Wanadoo
2008-03-08 18:44 5,158 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-08 18:38 --------- d-----w C:\Program Files\SMSC
2008-03-08 18:38 --------- d-----w C:\Program Files\Messager Wanadoo
2008-03-08 16:39 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-03-08 16:39 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-03-08 16:39 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-03-07 07:08 --------- d-----w C:\Program Files\Java
2007-06-30 08:07 2,494,464 ----a-w C:\Program Files\register.exe
2007-06-30 08:04 239 ----a-w C:\Program Files\users.dat
2007-06-30 02:34 3,827 ----a-w C:\Program Files\HSW_Log.txt
2007-06-30 02:25 95,227 ----a-w C:\Program Files\NetworkProfiles.pdb
2007-06-30 02:25 42,511 ----a-w C:\Program Files\CarrierProfiles.pdb
2007-05-06 12:56 44,424 ----a-w C:\Documents and Settings\Christine & Patrice\Application Data\GDIPFONTCACHEV1.DAT
2005-11-19 09:22 45,056 ----a-w C:\Program Files\fswsclds.exe
2005-11-19 09:22 32,768 ----a-w C:\Program Files\fswscs.dll
2005-11-19 09:22 24,576 ----a-w C:\Program Files\fswsctg.exe
2005-11-03 03:02 1,247,068 ------r C:\Program Files\Palmdevice1.chm
2005-11-02 14:58 334,508 ----a-w C:\Program Files\mediaext.chm
2005-07-21 12:51 32,768 ----a-w C:\Program Files\SyncDlgN20.dll
2005-01-04 14:48 77,824 ----a-w C:\Program Files\AddItConduit_Bkp.dll
2001-11-21 07:26 853 ----a-w C:\Program Files\WELCFR.ADL
2004-08-05 11:00 94,864 --sh--w C:\WINDOWS\twain.dll
2004-08-05 11:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-05 11:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-05 11:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-05 11:00 12,288 --sha-w C:\WINDOWS\system32\regsvr32.exe
.
[color=red]Files Infected - Win32.Agent.zb/color
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Wanadoo\GestMaj.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\Shell.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-03-08 17:39 98304]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2008-03-08 17:39 122880]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-08 17:39 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-08 17:39 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-08 17:39 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-03-08 17:39 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-03-08 17:39 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2008-03-08 17:39 81920]
"Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2008-03-08 17:39 40960]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-03-08 17:39 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-03-08 17:39 40960]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2008-03-08 17:39 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 06:55 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2008-03-08 17:39 46080]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2008-03-08 17:39 32768]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2008-03-08 17:39 40960]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
"braviax"="braviax.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk]
path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2006-05-16 16:51 57344 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 C:\LOGICIELS AJOUTES\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
--a------ 2008-03-08 17:39 40960 C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 12:00]
S2 Microsoft IEUpdater;ieupdater;C:\Documents and Settings\Christine & Patrice\ie_updater.exe []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 02:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 13:51]
S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 13:52]
S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 13:53]
S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 13:54]
S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 13:55]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 20:23:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SMSC\Seticon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-08 20:27:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 19:27:41


Après avoir renommé hijackthis (je me suis laché sur les noms) et cela marche !




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:06, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\HiJackThis\tuecettemerde.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
0
yvan3131 Messages postés 54 Statut Membre
 
JlpJlp, je te remercie dores et déjà parce qu'il y a des choses qui bougent !!

Rapport combofix :

ComboFix 08-03-07.4 - Christine & Patrice 2008-03-08 20:14:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.613 [GMT 1:00]
Endroit: C:\Documents and Settings\Christine & Patrice\Bureau\tuelamerde.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

[color=red]C:\WINDOWS\system32\dllcache\beep.sys[/color]
[color=red]C:\WINDOWS\system32\drivers\beep.sys[/color]
C:\WINDOWS\braviax.exe
C:\WINDOWS\cru629.dat
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\RunOnce.t__
C:\WINDOWS\system32\RunOnce.tm_
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\winivstr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SYSLIBRARY
-------\SysLibrary


((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
.

2008-03-08 20:08 . 2008-03-08 20:08 <REP> d-------- C:\HiJackThis
2008-03-08 18:02 . 2008-03-08 19:58 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Program Files\Avira
2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-08 17:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-08 17:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-08 17:36 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-08 17:36 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-08 17:36 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-08 17:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-08 17:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-08 15:05 . 2008-03-08 16:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-08 14:00 . 2008-03-08 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-08 12:18 . 2008-03-08 12:18 <REP> d-------- C:\Program Files\CCleaner
2008-03-08 09:38 . 2008-03-08 09:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
2008-03-05 19:41 . 2008-03-07 08:12 <REP> d-------- C:\Documents and Settings\Christine & Patrice\Application Data\FileZilla
2008-03-05 19:40 . 2008-03-05 19:42 <REP> d-------- C:\Program Files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 19:24 --------- d-----w C:\Program Files\Wanadoo
2008-03-08 18:44 5,158 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-08 18:38 --------- d-----w C:\Program Files\SMSC
2008-03-08 18:38 --------- d-----w C:\Program Files\Messager Wanadoo
2008-03-08 16:39 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-03-08 16:39 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-03-08 16:39 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-03-07 07:08 --------- d-----w C:\Program Files\Java
2007-06-30 08:07 2,494,464 ----a-w C:\Program Files\register.exe
2007-06-30 08:04 239 ----a-w C:\Program Files\users.dat
2007-06-30 02:34 3,827 ----a-w C:\Program Files\HSW_Log.txt
2007-06-30 02:25 95,227 ----a-w C:\Program Files\NetworkProfiles.pdb
2007-06-30 02:25 42,511 ----a-w C:\Program Files\CarrierProfiles.pdb
2007-05-06 12:56 44,424 ----a-w C:\Documents and Settings\Christine & Patrice\Application Data\GDIPFONTCACHEV1.DAT
2005-11-19 09:22 45,056 ----a-w C:\Program Files\fswsclds.exe
2005-11-19 09:22 32,768 ----a-w C:\Program Files\fswscs.dll
2005-11-19 09:22 24,576 ----a-w C:\Program Files\fswsctg.exe
2005-11-03 03:02 1,247,068 ------r C:\Program Files\Palmdevice1.chm
2005-11-02 14:58 334,508 ----a-w C:\Program Files\mediaext.chm
2005-07-21 12:51 32,768 ----a-w C:\Program Files\SyncDlgN20.dll
2005-01-04 14:48 77,824 ----a-w C:\Program Files\AddItConduit_Bkp.dll
2001-11-21 07:26 853 ----a-w C:\Program Files\WELCFR.ADL
2004-08-05 11:00 94,864 --sh--w C:\WINDOWS\twain.dll
2004-08-05 11:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-05 11:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-05 11:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-05 11:00 12,288 --sha-w C:\WINDOWS\system32\regsvr32.exe
.
[color=red]Files Infected - Win32.Agent.zb[/color]
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Wanadoo\GestMaj.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\Shell.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-03-08 17:39 98304]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2008-03-08 17:39 122880]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-08 17:39 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-08 17:39 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-08 17:39 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-03-08 17:39 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-03-08 17:39 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2008-03-08 17:39 81920]
"Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2008-03-08 17:39 40960]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-03-08 17:39 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-03-08 17:39 40960]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2008-03-08 17:39 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 06:55 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2008-03-08 17:39 46080]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2008-03-08 17:39 32768]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2008-03-08 17:39 40960]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
"braviax"="braviax.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk]
path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2006-05-16 16:51 57344 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 C:\LOGICIELS AJOUTES\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
--a------ 2008-03-08 17:39 40960 C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 12:00]
S2 Microsoft IEUpdater;ieupdater;C:\Documents and Settings\Christine & Patrice\ie_updater.exe []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 02:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 13:51]
S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 13:52]
S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 13:53]
S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 13:54]
S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 13:55]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 20:23:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SMSC\Seticon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-08 20:27:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 19:27:41


Après avoir renommé hijackthis (je me suis laché sur les noms) et cela marche !




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:06, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\HiJackThis\tuecettemerde.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
0
yvan3131 Messages postés 54 Statut Membre
 
JlpJlp, je te remercie dores et déjà parce qu'il y a des choses qui bougent !!

Rapport combofix :

ComboFix 08-03-07.4 - Christine & Patrice 2008-03-08 20:14:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.613 [GMT 1:00]
Endroit: C:\Documents and Settings\Christine & Patrice\Bureau\tuelamerde.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

[color=red]C:\WINDOWS\system32\dllcache\beep.sys[/color]
[color=red]C:\WINDOWS\system32\drivers\beep.sys[/color]
C:\WINDOWS\braviax.exe
C:\WINDOWS\cru629.dat
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\RunOnce.t__
C:\WINDOWS\system32\RunOnce.tm_
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\winivstr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SYSLIBRARY
-------\SysLibrary


((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
.

2008-03-08 20:08 . 2008-03-08 20:08 <REP> d-------- C:\HiJackThis
2008-03-08 18:02 . 2008-03-08 19:58 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Program Files\Avira
2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-08 17:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-08 17:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-08 17:36 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-08 17:36 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-08 17:36 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-08 17:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-08 17:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-08 15:05 . 2008-03-08 16:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-08 14:00 . 2008-03-08 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-08 12:18 . 2008-03-08 12:18 <REP> d-------- C:\Program Files\CCleaner
2008-03-08 09:38 . 2008-03-08 09:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
2008-03-05 19:41 . 2008-03-07 08:12 <REP> d-------- C:\Documents and Settings\Christine & Patrice\Application Data\FileZilla
2008-03-05 19:40 . 2008-03-05 19:42 <REP> d-------- C:\Program Files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 19:24 --------- d-----w C:\Program Files\Wanadoo
2008-03-08 18:44 5,158 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-08 18:38 --------- d-----w C:\Program Files\SMSC
2008-03-08 18:38 --------- d-----w C:\Program Files\Messager Wanadoo
2008-03-08 16:39 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-03-08 16:39 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-03-08 16:39 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-03-07 07:08 --------- d-----w C:\Program Files\Java
2007-06-30 08:07 2,494,464 ----a-w C:\Program Files\register.exe
2007-06-30 08:04 239 ----a-w C:\Program Files\users.dat
2007-06-30 02:34 3,827 ----a-w C:\Program Files\HSW_Log.txt
2007-06-30 02:25 95,227 ----a-w C:\Program Files\NetworkProfiles.pdb
2007-06-30 02:25 42,511 ----a-w C:\Program Files\CarrierProfiles.pdb
2007-05-06 12:56 44,424 ----a-w C:\Documents and Settings\Christine & Patrice\Application Data\GDIPFONTCACHEV1.DAT
2005-11-19 09:22 45,056 ----a-w C:\Program Files\fswsclds.exe
2005-11-19 09:22 32,768 ----a-w C:\Program Files\fswscs.dll
2005-11-19 09:22 24,576 ----a-w C:\Program Files\fswsctg.exe
2005-11-03 03:02 1,247,068 ------r C:\Program Files\Palmdevice1.chm
2005-11-02 14:58 334,508 ----a-w C:\Program Files\mediaext.chm
2005-07-21 12:51 32,768 ----a-w C:\Program Files\SyncDlgN20.dll
2005-01-04 14:48 77,824 ----a-w C:\Program Files\AddItConduit_Bkp.dll
2001-11-21 07:26 853 ----a-w C:\Program Files\WELCFR.ADL
2004-08-05 11:00 94,864 --sh--w C:\WINDOWS\twain.dll
2004-08-05 11:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-05 11:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-05 11:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-05 11:00 12,288 --sha-w C:\WINDOWS\system32\regsvr32.exe
.
[color=red]Files Infected - Win32.Agent.zb[/color]
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Wanadoo\GestMaj.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\Shell.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-03-08 17:39 98304]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2008-03-08 17:39 122880]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-08 17:39 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-08 17:39 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-08 17:39 114688]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-03-08 17:39 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-03-08 17:39 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2008-03-08 17:39 81920]
"Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2008-03-08 17:39 40960]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-03-08 17:39 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-03-08 17:39 40960]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2008-03-08 17:39 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 06:55 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2008-03-08 17:39 46080]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2008-03-08 17:39 32768]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2008-03-08 17:39 40960]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
"braviax"="braviax.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DataViz Inc Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DataViz Inc Messenger.lnk
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk]
path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2006-05-16 16:51 57344 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 C:\LOGICIELS AJOUTES\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
--a------ 2008-03-08 17:39 40960 C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 12:00]
S2 Microsoft IEUpdater;ieupdater;C:\Documents and Settings\Christine & Patrice\ie_updater.exe []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 02:24]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 13:51]
S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 13:52]
S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 13:53]
S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 13:54]
S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 13:55]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 20:23:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SMSC\Seticon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-08 20:27:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-08 19:27:41

HIJACKTHIS
Après avoir renommé hijackthis (je me suis laché sur les noms) et cela marche !




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:06, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\HiJackThis\tuecettemerde.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
0
Réponse 3 / 11
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Up
Salut jlpjlp
juste pour suivre ceci :« hijack ne peut pas être lancé jusqu'à présent, spyboot non plus ... » SVP
merci
Al.
0
Réponse 4 / 11
yvan3131 Messages postés 54 Statut Membre
 
Jlpjlp,

Voici le troisième rapport à savoir celui d' antivir :



AntiVir PersonalEdition Classic
Report file date: samedi 8 mars 2008 20:30

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PMPCMP

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 8 mars 2008 20:30

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'tuecettemerde.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'Hotsync.exe' - '1' Module(s) have been scanned
Scan process 'DvzIncMsgr.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'ctdetect.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'seticon.exe' - '1' Module(s) have been scanned
Scan process 'LOGI_MWX.EXE' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'demon.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '42' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\braviax.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4833f44a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\cru629.dat.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4847f44d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\braviax.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4833f452.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098617.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4802f4d3.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098618.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4802f4d4.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098627.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4965a20d.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098628.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4802f4d6.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098841.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4802f4d8.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098850.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4802f4d9.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098851.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4965a202.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP595\A0098864.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4802f4db.qua'!
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP595\A0098865.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4965a204.qua'!


End of the scan: samedi 8 mars 2008 21:22
Used time: 52:12 min

The scan has been canceled!

14924 Scanning directories
268920 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
12 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
268908 Files not concerned
3401 Archives were scanned
2 Warnings
0 Notes

Voilà tout.
Si cela te parle (je me doute que oui) pas moi :-)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok parfait

vire tout ce qui est dans le dossier quarantine en allant dans
poste de travail puis C puis qoobox

C:\QooBox\Quarantine


_____________

désactive la restauration système pour purger les virus qui seraient dedan
puis redemarre ton ordi
s puis réactive là
(dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

_________________

mets a jour internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

___________________


refais un scan antivir et colle le rapport (cela devrait etre bon!)
0
yvan3131 Messages postés 54 Statut Membre
 
Salut, voici le rapport enfin !



AntiVir PersonalEdition Classic
Report file date: samedi 8 mars 2008 22:59

Scanning for 1137479 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PMPCMP

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:22:53
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 20:22:53
ANTIVIR3.VDF : 7.0.3.5 6144 Bytes 07/03/2008 20:22:53
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 08/03/2008 20:22:54
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 08/03/2008 20:22:54
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 8 mars 2008 22:59

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'khalmnpr.exe' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'Hotsync.exe' - '1' Module(s) have been scanned
Scan process 'DvzIncMsgr.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'ctdetect.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'samsungmediastudioagent.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'seticon.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'LOGI_MWX.EXE' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'demon.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
56 processes with 56 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '42' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: samedi 8 mars 2008 23:36
Used time: 36:38 min

The scan has been done completely.

15445 Scanning directories
271489 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
271489 Files not concerned
3407 Archives were scanned
2 Warnings
0 Notes

A toi de me dire ce que tu en penses.
A+
Yvan
0
Réponse 6 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok c'est bon


encore des soucis???
0
Réponse 7 / 11
yvan3131 Messages postés 54 Statut Membre
 
Salut,
Merci.
Cela me semble ok pour ce sujet mais j'ai posté un autre lien pour un autre pb et il y a sans doute un reste de quelque chose sur mon pc . Voici le lien : http://www.commentcamarche.net/forum/affich 5373987 programme igfpers#dernier

Espion3004 a je pense retrouvé un résidu malin de bravax.
A tout de suite peut-être sur l'autre sujet.
En tout cas merci beaucoup pour cette première phase.
Yvan
0
Réponse 8 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
normalement combofix l'avais viré (il etait dans suppression de combofix)



par sureté:


Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
0
Réponse 9 / 11
yvan3131 Messages postés 54 Statut Membre
 
Cela a été un peu long mais nous y voilà.

Le rapport sdfix :


[b]SDFix: Version 1.154 [/b]

Run by Christine

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\CHRIST~1\Bureau\SDFIX\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url - Deleted





The below files have been patched by Trojan.Agent to load users32.dat and should be replaced:

C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
\Program Files\SMSC\Seticon.exe
C:\PROGRA~1\Wanadoo\GestMaj.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Wanadoo\Shell.exe


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 12:51:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\CHRIST~1\Bureau\SDFIX\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 5 Aug 2004 94,864 ..SH. --- "C:\WINDOWS\twain.dll"
Thu 5 Aug 2004 50,688 ..SH. --- "C:\WINDOWS\twain_32.dll"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 5 Aug 2004 54,784 ..SH. --- "C:\WINDOWS\system32\msvcirt.dll"
Thu 5 Aug 2004 553,472 ..SH. --- "C:\WINDOWS\system32\oleaut32.dll"
Thu 5 Aug 2004 12,288 A.SH. --- "C:\WINDOWS\system32\regsvr32.exe"
Sun 1 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

[b]Finished![/b]



A+
0
Réponse 10 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

AVG antispyware

https://www.01net.com/telecharger/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
0
Réponse 11 / 11
yvan3131 Messages postés 54 Statut Membre
 
Jlpjlp,

J'ai posté le fichier demandé sur l'autre fil.
Merci
Yvan
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Problème casque sennheiser 4200
barbie35 -
Beenaxa -

1 réponse