TR/Crypt.XPACK.Gen

yvan3131 Messages postés 54 Statut Membre -  
yvan3131 Messages postés 54 Statut Membre -
Bonjour,

Avez vous une idée pour virer ce truc qui me prend la tête ?
Antivir le détecte, hijack ne peut pas être lancé jusqu'à présent, spyboot non plus ...
Configuration: Windows XP
Internet Explorer 6.0

11 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    il me faut les trois rapports!!!!!

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    _______________________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    _______________________
    colle un rapport antivir
    0
    1. yvan3131 Messages postés 54 Statut Membre
       
      Salut,

      Merci pour ta réponse rapide. J'ai fait comme indiqué et j'ai quitté 3 minutes mon ordi après avoir lancé combofix, je reviens écran bleu en phase de redémarrage.

      Normal ?

      Yvan
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si ca persiste plus de 5 min, eteinds l'ordi et redemarre
    0
    1. yvan3131 Messages postés 54 Statut Membre
       
      JlpJlp, je te remercie dores et déjà parce qu'il y a des choses qui bougent !!

      Rapport combofix :

      ComboFix 08-03-07.4 - Christine & Patrice 2008-03-08 20:14:53.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.613 [GMT 1:00]
      Endroit: C:\Documents and Settings\Christine & Patrice\Bureau\tuelamerde.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      [color=red]C:\WINDOWS\system32\dllcache\beep.sys/color
      [color=red]C:\WINDOWS\system32\drivers\beep.sys/color
      C:\WINDOWS\braviax.exe
      C:\WINDOWS\cru629.dat
      C:\WINDOWS\system32\braviax.exe
      C:\WINDOWS\system32\Cache
      C:\WINDOWS\system32\dlh9jkd1q8.exe
      C:\WINDOWS\system32\RunOnce.t__
      C:\WINDOWS\system32\RunOnce.tm_
      C:\WINDOWS\system32\users32.dat
      C:\WINDOWS\system32\winivstr.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\LEGACY_SYSLIBRARY
      -------\SysLibrary


      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-08 20:08 . 2008-03-08 20:08 <REP> d-------- C:\HiJackThis
      2008-03-08 18:02 . 2008-03-08 19:58 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Program Files\Avira
      2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-08 17:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-03-08 17:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-03-08 17:36 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-03-08 17:36 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-03-08 17:36 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-03-08 17:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-03-08 17:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-03-08 15:05 . 2008-03-08 16:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-03-08 14:00 . 2008-03-08 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-08 12:18 . 2008-03-08 12:18 <REP> d-------- C:\Program Files\CCleaner
      2008-03-08 09:38 . 2008-03-08 09:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
      2008-03-05 19:41 . 2008-03-07 08:12 <REP> d-------- C:\Documents and Settings\Christine & Patrice\Application Data\FileZilla
      2008-03-05 19:40 . 2008-03-05 19:42 <REP> d-------- C:\Program Files\FileZilla FTP Client

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-08 19:24 --------- d-----w C:\Program Files\Wanadoo
      2008-03-08 18:44 5,158 ----a-w C:\WINDOWS\system32\tmp.reg
      2008-03-08 18:38 --------- d-----w C:\Program Files\SMSC
      2008-03-08 18:38 --------- d-----w C:\Program Files\Messager Wanadoo
      2008-03-08 16:39 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
      2008-03-08 16:39 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
      2008-03-08 16:39 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
      2008-03-07 07:08 --------- d-----w C:\Program Files\Java
      2007-06-30 08:07 2,494,464 ----a-w C:\Program Files\register.exe
      2007-06-30 08:04 239 ----a-w C:\Program Files\users.dat
      2007-06-30 02:34 3,827 ----a-w C:\Program Files\HSW_Log.txt
      2007-06-30 02:25 95,227 ----a-w C:\Program Files\NetworkProfiles.pdb
      2007-06-30 02:25 42,511 ----a-w C:\Program Files\CarrierProfiles.pdb
      2007-05-06 12:56 44,424 ----a-w C:\Documents and Settings\Christine & Patrice\Application Data\GDIPFONTCACHEV1.DAT
      2005-11-19 09:22 45,056 ----a-w C:\Program Files\fswsclds.exe
      2005-11-19 09:22 32,768 ----a-w C:\Program Files\fswscs.dll
      2005-11-19 09:22 24,576 ----a-w C:\Program Files\fswsctg.exe
      2005-11-03 03:02 1,247,068 ------r C:\Program Files\Palmdevice1.chm
      2005-11-02 14:58 334,508 ----a-w C:\Program Files\mediaext.chm
      2005-07-21 12:51 32,768 ----a-w C:\Program Files\SyncDlgN20.dll
      2005-01-04 14:48 77,824 ----a-w C:\Program Files\AddItConduit_Bkp.dll
      2001-11-21 07:26 853 ----a-w C:\Program Files\WELCFR.ADL
      2004-08-05 11:00 94,864 --sh--w C:\WINDOWS\twain.dll
      2004-08-05 11:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
      2004-08-05 11:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
      2004-08-05 11:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
      2004-08-05 11:00 12,288 --sha-w C:\WINDOWS\system32\regsvr32.exe
      .
      [color=red]Files Infected - Win32.Agent.zb/color
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
      C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
      C:\PROGRA~1\Wanadoo\GestMaj.exe
      C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\PROGRA~1\Wanadoo\Shell.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
      "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-03-08 17:39 98304]
      "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2008-03-08 17:39 122880]
      "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17 81920]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-08 17:39 94208]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-08 17:39 77824]
      "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-08 17:39 114688]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-03-08 17:39 1404928]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-03-08 17:39 144784]
      "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2008-03-08 17:39 81920]
      "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2008-03-08 17:39 40960]
      "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
      "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-03-08 17:39 57393]
      "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-03-08 17:39 40960]
      "Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
      "Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2008-03-08 17:39 94208]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 06:55 61440]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
      "SetIcon"="\Program Files\SMSC\Seticon.exe" [2008-03-08 17:39 46080]
      "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
      "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
      "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2008-03-08 17:39 32768]
      "YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2008-03-08 17:39 40960]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
      "braviax"="braviax.exe" []

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
      backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DataViz Inc Messenger.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DataViz Inc Messenger.lnk
      backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
      backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
      path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
      backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk]
      path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Palm Registration.lnk
      backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
      --a------ 2006-05-16 16:51 57344 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2003-12-13 01:50 33792 C:\LOGICIELS AJOUTES\winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
      --a------ 2008-03-08 17:39 40960 C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "Macromedia Licensing Service"=3 (0x3)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=

      R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
      R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
      R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 12:00]
      S2 Microsoft IEUpdater;ieupdater;C:\Documents and Settings\Christine & Patrice\ie_updater.exe []
      S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
      S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 02:24]
      S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
      S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
      S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
      S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
      S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
      S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
      S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
      S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
      S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 13:51]
      S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 13:52]
      S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 13:53]
      S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 13:54]
      S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 13:55]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-08 20:23:41
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
      C:\WINDOWS\System32\snmp.exe
      C:\Program Files\SMSC\Seticon.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
      C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      C:\Program Files\Palm\Hotsync.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-03-08 20:27:44 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-03-08 19:27:41


      Après avoir renommé hijackthis (je me suis laché sur les noms) et cela marche !




      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:29:06, on 08/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      C:\WINDOWS\LOGI_MWX.EXE
      C:\Program Files\SMSC\Seticon.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
      C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      C:\Program Files\Palm\Hotsync.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
      C:\WINDOWS\system32\notepad.exe
      C:\HiJackThis\tuecettemerde.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
      O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [braviax] braviax.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
      O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
      O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
      O4 - Global Startup: Logitech SetPoint.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
      O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
      O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
      0
    2. yvan3131 Messages postés 54 Statut Membre
       
      JlpJlp, je te remercie dores et déjà parce qu'il y a des choses qui bougent !!

      Rapport combofix :

      ComboFix 08-03-07.4 - Christine & Patrice 2008-03-08 20:14:53.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.613 [GMT 1:00]
      Endroit: C:\Documents and Settings\Christine & Patrice\Bureau\tuelamerde.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      [color=red]C:\WINDOWS\system32\dllcache\beep.sys[/color]
      [color=red]C:\WINDOWS\system32\drivers\beep.sys[/color]
      C:\WINDOWS\braviax.exe
      C:\WINDOWS\cru629.dat
      C:\WINDOWS\system32\braviax.exe
      C:\WINDOWS\system32\Cache
      C:\WINDOWS\system32\dlh9jkd1q8.exe
      C:\WINDOWS\system32\RunOnce.t__
      C:\WINDOWS\system32\RunOnce.tm_
      C:\WINDOWS\system32\users32.dat
      C:\WINDOWS\system32\winivstr.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\LEGACY_SYSLIBRARY
      -------\SysLibrary


      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-08 20:08 . 2008-03-08 20:08 <REP> d-------- C:\HiJackThis
      2008-03-08 18:02 . 2008-03-08 19:58 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Program Files\Avira
      2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-08 17:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-03-08 17:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-03-08 17:36 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-03-08 17:36 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-03-08 17:36 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-03-08 17:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-03-08 17:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-03-08 15:05 . 2008-03-08 16:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-03-08 14:00 . 2008-03-08 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-08 12:18 . 2008-03-08 12:18 <REP> d-------- C:\Program Files\CCleaner
      2008-03-08 09:38 . 2008-03-08 09:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
      2008-03-05 19:41 . 2008-03-07 08:12 <REP> d-------- C:\Documents and Settings\Christine & Patrice\Application Data\FileZilla
      2008-03-05 19:40 . 2008-03-05 19:42 <REP> d-------- C:\Program Files\FileZilla FTP Client

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-08 19:24 --------- d-----w C:\Program Files\Wanadoo
      2008-03-08 18:44 5,158 ----a-w C:\WINDOWS\system32\tmp.reg
      2008-03-08 18:38 --------- d-----w C:\Program Files\SMSC
      2008-03-08 18:38 --------- d-----w C:\Program Files\Messager Wanadoo
      2008-03-08 16:39 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
      2008-03-08 16:39 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
      2008-03-08 16:39 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
      2008-03-07 07:08 --------- d-----w C:\Program Files\Java
      2007-06-30 08:07 2,494,464 ----a-w C:\Program Files\register.exe
      2007-06-30 08:04 239 ----a-w C:\Program Files\users.dat
      2007-06-30 02:34 3,827 ----a-w C:\Program Files\HSW_Log.txt
      2007-06-30 02:25 95,227 ----a-w C:\Program Files\NetworkProfiles.pdb
      2007-06-30 02:25 42,511 ----a-w C:\Program Files\CarrierProfiles.pdb
      2007-05-06 12:56 44,424 ----a-w C:\Documents and Settings\Christine & Patrice\Application Data\GDIPFONTCACHEV1.DAT
      2005-11-19 09:22 45,056 ----a-w C:\Program Files\fswsclds.exe
      2005-11-19 09:22 32,768 ----a-w C:\Program Files\fswscs.dll
      2005-11-19 09:22 24,576 ----a-w C:\Program Files\fswsctg.exe
      2005-11-03 03:02 1,247,068 ------r C:\Program Files\Palmdevice1.chm
      2005-11-02 14:58 334,508 ----a-w C:\Program Files\mediaext.chm
      2005-07-21 12:51 32,768 ----a-w C:\Program Files\SyncDlgN20.dll
      2005-01-04 14:48 77,824 ----a-w C:\Program Files\AddItConduit_Bkp.dll
      2001-11-21 07:26 853 ----a-w C:\Program Files\WELCFR.ADL
      2004-08-05 11:00 94,864 --sh--w C:\WINDOWS\twain.dll
      2004-08-05 11:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
      2004-08-05 11:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
      2004-08-05 11:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
      2004-08-05 11:00 12,288 --sha-w C:\WINDOWS\system32\regsvr32.exe
      .
      [color=red]Files Infected - Win32.Agent.zb[/color]
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
      C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
      C:\PROGRA~1\Wanadoo\GestMaj.exe
      C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\PROGRA~1\Wanadoo\Shell.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
      "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-03-08 17:39 98304]
      "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2008-03-08 17:39 122880]
      "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17 81920]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-08 17:39 94208]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-08 17:39 77824]
      "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-08 17:39 114688]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-03-08 17:39 1404928]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-03-08 17:39 144784]
      "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2008-03-08 17:39 81920]
      "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2008-03-08 17:39 40960]
      "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
      "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-03-08 17:39 57393]
      "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-03-08 17:39 40960]
      "Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
      "Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2008-03-08 17:39 94208]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 06:55 61440]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
      "SetIcon"="\Program Files\SMSC\Seticon.exe" [2008-03-08 17:39 46080]
      "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
      "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
      "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2008-03-08 17:39 32768]
      "YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2008-03-08 17:39 40960]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
      "braviax"="braviax.exe" []

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
      backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DataViz Inc Messenger.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DataViz Inc Messenger.lnk
      backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
      backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
      path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
      backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk]
      path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Palm Registration.lnk
      backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
      --a------ 2006-05-16 16:51 57344 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2003-12-13 01:50 33792 C:\LOGICIELS AJOUTES\winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
      --a------ 2008-03-08 17:39 40960 C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "Macromedia Licensing Service"=3 (0x3)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=

      R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
      R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
      R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 12:00]
      S2 Microsoft IEUpdater;ieupdater;C:\Documents and Settings\Christine & Patrice\ie_updater.exe []
      S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
      S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 02:24]
      S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
      S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
      S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
      S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
      S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
      S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
      S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
      S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
      S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 13:51]
      S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 13:52]
      S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 13:53]
      S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 13:54]
      S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 13:55]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-08 20:23:41
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
      C:\WINDOWS\System32\snmp.exe
      C:\Program Files\SMSC\Seticon.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
      C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      C:\Program Files\Palm\Hotsync.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-03-08 20:27:44 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-03-08 19:27:41


      Après avoir renommé hijackthis (je me suis laché sur les noms) et cela marche !




      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:29:06, on 08/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      C:\WINDOWS\LOGI_MWX.EXE
      C:\Program Files\SMSC\Seticon.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
      C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      C:\Program Files\Palm\Hotsync.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
      C:\WINDOWS\system32\notepad.exe
      C:\HiJackThis\tuecettemerde.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
      O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [braviax] braviax.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
      O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
      O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
      O4 - Global Startup: Logitech SetPoint.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
      O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
      O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
      0
    3. yvan3131 Messages postés 54 Statut Membre
       
      JlpJlp, je te remercie dores et déjà parce qu'il y a des choses qui bougent !!

      Rapport combofix :

      ComboFix 08-03-07.4 - Christine & Patrice 2008-03-08 20:14:53.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.613 [GMT 1:00]
      Endroit: C:\Documents and Settings\Christine & Patrice\Bureau\tuelamerde.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      [color=red]C:\WINDOWS\system32\dllcache\beep.sys[/color]
      [color=red]C:\WINDOWS\system32\drivers\beep.sys[/color]
      C:\WINDOWS\braviax.exe
      C:\WINDOWS\cru629.dat
      C:\WINDOWS\system32\braviax.exe
      C:\WINDOWS\system32\Cache
      C:\WINDOWS\system32\dlh9jkd1q8.exe
      C:\WINDOWS\system32\RunOnce.t__
      C:\WINDOWS\system32\RunOnce.tm_
      C:\WINDOWS\system32\users32.dat
      C:\WINDOWS\system32\winivstr.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\LEGACY_SYSLIBRARY
      -------\SysLibrary


      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-08 20:08 . 2008-03-08 20:08 <REP> d-------- C:\HiJackThis
      2008-03-08 18:02 . 2008-03-08 19:58 <REP> d-------- C:\Program Files\a-squared Anti-Malware
      2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Program Files\Avira
      2008-03-08 17:59 . 2008-03-08 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-03-08 17:36 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-03-08 17:36 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-03-08 17:36 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-03-08 17:36 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-03-08 17:36 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-03-08 17:36 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-03-08 17:36 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-03-08 15:05 . 2008-03-08 16:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-03-08 14:00 . 2008-03-08 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-08 12:18 . 2008-03-08 12:18 <REP> d-------- C:\Program Files\CCleaner
      2008-03-08 09:38 . 2008-03-08 09:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
      2008-03-05 19:41 . 2008-03-07 08:12 <REP> d-------- C:\Documents and Settings\Christine & Patrice\Application Data\FileZilla
      2008-03-05 19:40 . 2008-03-05 19:42 <REP> d-------- C:\Program Files\FileZilla FTP Client

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-08 19:24 --------- d-----w C:\Program Files\Wanadoo
      2008-03-08 18:44 5,158 ----a-w C:\WINDOWS\system32\tmp.reg
      2008-03-08 18:38 --------- d-----w C:\Program Files\SMSC
      2008-03-08 18:38 --------- d-----w C:\Program Files\Messager Wanadoo
      2008-03-08 16:39 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
      2008-03-08 16:39 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
      2008-03-08 16:39 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
      2008-03-07 07:08 --------- d-----w C:\Program Files\Java
      2007-06-30 08:07 2,494,464 ----a-w C:\Program Files\register.exe
      2007-06-30 08:04 239 ----a-w C:\Program Files\users.dat
      2007-06-30 02:34 3,827 ----a-w C:\Program Files\HSW_Log.txt
      2007-06-30 02:25 95,227 ----a-w C:\Program Files\NetworkProfiles.pdb
      2007-06-30 02:25 42,511 ----a-w C:\Program Files\CarrierProfiles.pdb
      2007-05-06 12:56 44,424 ----a-w C:\Documents and Settings\Christine & Patrice\Application Data\GDIPFONTCACHEV1.DAT
      2005-11-19 09:22 45,056 ----a-w C:\Program Files\fswsclds.exe
      2005-11-19 09:22 32,768 ----a-w C:\Program Files\fswscs.dll
      2005-11-19 09:22 24,576 ----a-w C:\Program Files\fswsctg.exe
      2005-11-03 03:02 1,247,068 ------r C:\Program Files\Palmdevice1.chm
      2005-11-02 14:58 334,508 ----a-w C:\Program Files\mediaext.chm
      2005-07-21 12:51 32,768 ----a-w C:\Program Files\SyncDlgN20.dll
      2005-01-04 14:48 77,824 ----a-w C:\Program Files\AddItConduit_Bkp.dll
      2001-11-21 07:26 853 ----a-w C:\Program Files\WELCFR.ADL
      2004-08-05 11:00 94,864 --sh--w C:\WINDOWS\twain.dll
      2004-08-05 11:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
      2004-08-05 11:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
      2004-08-05 11:00 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
      2004-08-05 11:00 12,288 --sha-w C:\WINDOWS\system32\regsvr32.exe
      .
      [color=red]Files Infected - Win32.Agent.zb[/color]
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
      C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
      C:\PROGRA~1\Wanadoo\GestMaj.exe
      C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\PROGRA~1\Wanadoo\Shell.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
      "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2008-03-08 17:39 98304]
      "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2008-03-08 17:39 122880]
      "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17 81920]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-08 17:39 94208]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-08 17:39 77824]
      "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-08 17:39 114688]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-03-08 17:39 1404928]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-03-08 17:39 144784]
      "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2008-03-08 17:39 81920]
      "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2008-03-08 17:39 40960]
      "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
      "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-03-08 17:39 57393]
      "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-03-08 17:39 40960]
      "Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
      "Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2008-03-08 17:39 94208]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 06:55 61440]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
      "SetIcon"="\Program Files\SMSC\Seticon.exe" [2008-03-08 17:39 46080]
      "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
      "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
      "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2008-03-08 17:39 32768]
      "YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2008-03-08 17:39 40960]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
      "braviax"="braviax.exe" []

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
      backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DataViz Inc Messenger.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DataViz Inc Messenger.lnk
      backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher.lnk
      backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
      path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
      backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^Christine & Patrice^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk]
      path=C:\Documents and Settings\Christine & Patrice\Menu Démarrer\Programmes\Démarrage\Palm Registration.lnk
      backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
      --a------ 2006-05-16 16:51 57344 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2003-12-13 01:50 33792 C:\LOGICIELS AJOUTES\winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
      --a------ 2008-03-08 17:39 40960 C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "Macromedia Licensing Service"=3 (0x3)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "C:\\WINDOWS\\system32\\sessmgr.exe"=
      "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=

      R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
      R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
      R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-05 12:00]
      S2 Microsoft IEUpdater;ieupdater;C:\Documents and Settings\Christine & Patrice\ie_updater.exe []
      S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
      S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 02:24]
      S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
      S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 13:58]
      S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 13:58]
      S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 13:58]
      S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 13:58]
      S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 13:58]
      S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 13:58]
      S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 13:58]
      S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);C:\WINDOWS\system32\DRIVERS\v800bus.sys [2004-08-09 13:51]
      S3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\v800mdfl.sys [2004-08-09 13:52]
      S3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\v800mdm.sys [2004-08-09 13:53]
      S3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\v800mgmt.sys [2004-08-09 13:54]
      S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\v800obex.sys [2004-08-09 13:55]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-08 20:23:41
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
      C:\WINDOWS\System32\snmp.exe
      C:\Program Files\SMSC\Seticon.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
      C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      C:\Program Files\Palm\Hotsync.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-03-08 20:27:44 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-03-08 19:27:41

      HIJACKTHIS
      Après avoir renommé hijackthis (je me suis laché sur les noms) et cela marche !




      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:29:06, on 08/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\PROGRA~1\MESSAG~1\Demon.exe
      C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      C:\WINDOWS\LOGI_MWX.EXE
      C:\Program Files\SMSC\Seticon.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
      C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      C:\Program Files\Palm\Hotsync.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
      C:\WINDOWS\system32\notepad.exe
      C:\HiJackThis\tuecettemerde.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\LOGICIELS AJOUTES\ACROBAT Tout\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
      O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE"
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [braviax] braviax.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
      O4 - Global Startup: Acrobat Assistant.lnk = C:\LOGICIELS AJOUTES\ACROBAT Tout\Distillr\acrotray.exe
      O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
      O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
      O4 - Global Startup: Logitech SetPoint.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
      O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
      O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: ieupdater (Microsoft IEUpdater) - Unknown owner - C:\Documents and Settings\Christine & Patrice\ie_updater.exe (file missing)
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
      0
  3. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Up
    Salut jlpjlp
    juste pour suivre ceci :« hijack ne peut pas être lancé jusqu'à présent, spyboot non plus ... » SVP
    merci
    Al.
    0
  4. yvan3131 Messages postés 54 Statut Membre
     
    Jlpjlp,

    Voici le troisième rapport à savoir celui d' antivir :

    AntiVir PersonalEdition Classic
    Report file date: samedi 8 mars 2008 20:30

    Scanning for 835736 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: PMPCMP

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
    ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
    ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
    AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 8 mars 2008 20:30

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'tuecettemerde.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'epmworker.exe' - '1' Module(s) have been scanned
    Scan process 'Generic.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'Watch.exe' - '1' Module(s) have been scanned
    Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
    Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
    Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
    Scan process 'Toaster.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'Hotsync.exe' - '1' Module(s) have been scanned
    Scan process 'DvzIncMsgr.exe' - '1' Module(s) have been scanned
    Scan process 'acrotray.exe' - '1' Module(s) have been scanned
    Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
    Scan process 'ctdetect.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'seticon.exe' - '1' Module(s) have been scanned
    Scan process 'LOGI_MWX.EXE' - '1' Module(s) have been scanned
    Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
    Scan process 'demon.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'snmp.exe' - '1' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    53 processes with 53 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '42' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\C\WINDOWS\braviax.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4833f44a.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\cru629.dat.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4847f44d.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\braviax.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4833f452.qua'!
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098617.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4802f4d3.qua'!
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098618.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4802f4d4.qua'!
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098627.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4965a20d.qua'!
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098628.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4802f4d6.qua'!
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098841.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4802f4d8.qua'!
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098850.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4802f4d9.qua'!
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0098851.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4965a202.qua'!
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP595\A0098864.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4802f4db.qua'!
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP595\A0098865.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4965a204.qua'!

    End of the scan: samedi 8 mars 2008 21:22
    Used time: 52:12 min

    The scan has been canceled!

    14924 Scanning directories
    268920 Files were scanned
    12 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    12 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    268908 Files not concerned
    3401 Archives were scanned
    2 Warnings
    0 Notes

    Voilà tout.
    Si cela te parle (je me doute que oui) pas moi :-)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok parfait

    vire tout ce qui est dans le dossier quarantine en allant dans
    poste de travail puis C puis qoobox

    C:\QooBox\Quarantine

    _____________

    désactive la restauration système pour purger les virus qui seraient dedan
    puis redemarre ton ordi
    s puis réactive là
    (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

    _________________

    mets a jour internet explorer:
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ___________________

    refais un scan antivir et colle le rapport (cela devrait etre bon!)
    0
    1. yvan3131 Messages postés 54 Statut Membre
       
      Salut, voici le rapport enfin !



      AntiVir PersonalEdition Classic
      Report file date: samedi 8 mars 2008 22:59

      Scanning for 1137479 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Username: SYSTEM
      Computer name: PMPCMP

      Version information:
      BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
      AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
      AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
      LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
      LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:22:53
      ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 20:22:53
      ANTIVIR3.VDF : 7.0.3.5 6144 Bytes 07/03/2008 20:22:53
      AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 08/03/2008 20:22:54
      AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
      AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
      AVPACK32.DLL : 7.6.0.3 360488 Bytes 08/03/2008 20:22:54
      AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
      AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
      AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
      NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
      RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
      RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: off
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: samedi 8 mars 2008 22:59

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'epmworker.exe' - '1' Module(s) have been scanned
      Scan process 'Generic.exe' - '1' Module(s) have been scanned
      Scan process 'Watch.exe' - '1' Module(s) have been scanned
      Scan process 'khalmnpr.exe' - '1' Module(s) have been scanned
      Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
      Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
      Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
      Scan process 'Toaster.exe' - '1' Module(s) have been scanned
      Scan process 'ComComp.exe' - '1' Module(s) have been scanned
      Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
      Scan process 'Hotsync.exe' - '1' Module(s) have been scanned
      Scan process 'DvzIncMsgr.exe' - '1' Module(s) have been scanned
      Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
      Scan process 'acrotray.exe' - '1' Module(s) have been scanned
      Scan process 'ctdetect.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'samsungmediastudioagent.exe' - '1' Module(s) have been scanned
      Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
      Scan process 'seticon.exe' - '1' Module(s) have been scanned
      Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
      Scan process 'LOGI_MWX.EXE' - '1' Module(s) have been scanned
      Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
      Scan process 'demon.exe' - '1' Module(s) have been scanned
      Scan process 'issch.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
      Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'snmp.exe' - '1' Module(s) have been scanned
      Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
      Scan process 'MDM.EXE' - '1' Module(s) have been scanned
      Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
      Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
      Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      56 processes with 56 modules were scanned

      Start scanning boot sectors:
      Boot sector 'C:\'
      [NOTE] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '42' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\hiberfil.sys
      [WARNING] The file could not be opened!
      C:\pagefile.sys
      [WARNING] The file could not be opened!


      End of the scan: samedi 8 mars 2008 23:36
      Used time: 36:38 min

      The scan has been done completely.

      15445 Scanning directories
      271489 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      271489 Files not concerned
      3407 Archives were scanned
      2 Warnings
      0 Notes

      A toi de me dire ce que tu en penses.
      A+
      Yvan
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok c'est bon

    encore des soucis???
    0
  8. yvan3131 Messages postés 54 Statut Membre
     
    Salut,
    Merci.
    Cela me semble ok pour ce sujet mais j'ai posté un autre lien pour un autre pb et il y a sans doute un reste de quelque chose sur mon pc . Voici le lien : http://www.commentcamarche.net/forum/affich 5373987 programme igfpers#dernier

    Espion3004 a je pense retrouvé un résidu malin de bravax.
    A tout de suite peut-être sur l'autre sujet.
    En tout cas merci beaucoup pour cette première phase.
    Yvan
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    normalement combofix l'avais viré (il etait dans suppression de combofix)

    par sureté:

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    0
  10. yvan3131 Messages postés 54 Statut Membre
     
    Cela a été un peu long mais nous y voilà.

    Le rapport sdfix :

    [b]SDFix: Version 1.154 [/b]

    Run by Christine

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\CHRIST~1\Bureau\SDFIX\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.url - Deleted
    C:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url - Deleted

    The below files have been patched by Trojan.Agent to load users32.dat and should be replaced:

    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
    \Program Files\SMSC\Seticon.exe
    C:\PROGRA~1\Wanadoo\GestMaj.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\Wanadoo\Shell.exe

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-09 12:51:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\CHRIST~1\Bureau\SDFIX\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Thu 5 Aug 2004 94,864 ..SH. --- "C:\WINDOWS\twain.dll"
    Thu 5 Aug 2004 50,688 ..SH. --- "C:\WINDOWS\twain_32.dll"
    Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Thu 5 Aug 2004 54,784 ..SH. --- "C:\WINDOWS\system32\msvcirt.dll"
    Thu 5 Aug 2004 553,472 ..SH. --- "C:\WINDOWS\system32\oleaut32.dll"
    Thu 5 Aug 2004 12,288 A.SH. --- "C:\WINDOWS\system32\regsvr32.exe"
    Sun 1 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 14 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

    [b]Finished![/b]

    A+
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    AVG antispyware

    https://www.01net.com/telecharger/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
    0
  12. yvan3131 Messages postés 54 Statut Membre
     
    Jlpjlp,

    J'ai posté le fichier demandé sur l'autre fil.
    Merci
    Yvan
    0