Sujet Précédent Sujet Suivant

Messages "Virus alert!" , antivirus 2008

Fermé
dadoo - 5 juin 2008 à 02:18
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 - 29 juin 2008 à 20:02
Bonjour à tous,
J'ai un petit souci sur mon pc, j'ai des messages virus alert qui s'affichent dans ma barre d'outil, puis des icônes de programme antivirus qui sont apparus sur mon bureau (spyware and malware protection; antivirus 2008 pro). De plus, mon fond d'écran s'est modifié et a été remplacé par download privacy protection software now.

Ensuite autre souci... lorsque je fais une recherche sur google, je dois m'y reprendre a plusieurs fois avant que le lien demandé ne s'ouvre correctement. Des publicités ou des alertes virus s'ouvrent à la place.

Voilà je ne sais pas trop quels logiciels utilisé etc et j'aimerai éviter de formater mon pc....

Merci d'avance !!! :):)
A voir également:

14 réponses

Réponse 1 / 14
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
5 juin 2008 à 03:56
Bonsoir dadoo

Commence par m envoyer un rapport HijackThis, fais ce qui suit :

Télécharge hijackthis sur ton Bureau.

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet.

Double clique dessus pour lancer l installation . Accepte la licence qui va apparaître par " I agree" .

Puis clique sur "Do a system scan and save a logfile"

Ferme HijackThis et fais un copier-coller du rapport en entier et poste le ici en réponse.

Note : le rapport se trouve dans C:\Program Files\Trend Micro\HijackThis

Tuto : "générer un rapport" http://pageperso.aol.fr/balltrap34/demohijack.htm

@ suivre.
0
dadoo
5 juin 2008 à 14:14
Voici mon rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11: VIRUS ALERT!, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = s-marimba:6560
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QXK Olive - {92C92F37-2DD0-4960-A821-7F19D1E0A152} - C:\WINDOWS\nogxfvblmtv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FGCatchUrl - {B3A00219-19D4-4966-AECD-8ED34AB9EF7A} - C:\WINDOWS\system32\msram.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: etlrlws - {1CCD29F9-75D8-4D7E-8E93-BCBF1AA6C86A} - C:\WINDOWS\etlrlws.dll (file missing)
O3 - Toolbar: nmwegbsf - {568053EE-18D6-4B8A-A3AD-854CF50A63F2} - C:\WINDOWS\nmwegbsf.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Cdrom noun.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Theante] C:\DOCUME~1\Etudiant\APPLIC~1\2AXISD~1\window time extra.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestion du client de Pare-feu Microsoft.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=https://www.lenovo.com/fr/fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\Software\..\Telephony: DomainName = de-pedagogie.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: erpobmsw - {B1D07EAF-91A0-450B-A08E-32C3F4C459C8} - C:\WINDOWS\erpobmsw.dll
O21 - SSODL: adgpfoxs - {7C0C288A-0872-4371-A4B5-1D01F814C138} - C:\WINDOWS\adgpfoxs.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
0
Réponse 2 / 14
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
5 juin 2008 à 14:19
Bonjour,

on va avancer le Sioux (il devrait revenir en fin d'après midi) :

Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.

Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
dadoo
5 juin 2008 à 14:28
Bonjour,

Voilà le rapport smitfraudfix

SmitFraudFix v2.323

Rapport fait à 14:28:33,50, 05/06/2008
Executé à partir de C:\Documents and Settings\Etudiant\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Etudiant\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Etudiant


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Etudiant\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Etudiant\Favoris

C:\DOCUME~1\Etudiant\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\Etudiant\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\Etudiant\Favoris\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\Etudiant\Bureau\Error Cleaner.url PRESENT !
C:\DOCUME~1\Etudiant\Bureau\Privacy Protector.url PRESENT !
C:\DOCUME~1\Etudiant\Bureau\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: nogxfvblmtv.dll
BHO: QXK Olive - {92C92F37-2DD0-4960-A821-7F19D1E0A152}
TypeLib: {A06B118D-8D7F-4420-82FC-A363456B58F4}
Interface: {2D74BC40-8867-4B53-993E-4CD1673E3364}
Interface: {AD9E4333-B777-429E-B948-EC142810C28F}

[!] Suspicious: nmwegbsf.dll
Toolbar: nmwegbsf - {568053EE-18D6-4B8A-A3AD-854CF50A63F2}
TypeLib: {E870DD63-E4AE-48FB-9033-9AA5E8AFA188}
Interface: {AF9B8E6C-AFA4-4716-8F1C-79E88E3ADE86}
Classe: nmwegbsf.bnmb
Classe: nmwegbsf.ToolBar.1

[!] Suspicious: erpobmsw.dll
SSODL: erpobmsw - {B1D07EAF-91A0-450B-A08E-32C3F4C459C8}

[!] Suspicious: adgpfoxs.dll
SSODL: adgpfoxs - {7C0C288A-0872-4371-A4B5-1D01F814C138}


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="Userinit.exe"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 11a/b/g Wireless LAN Mini PCI Express Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFCC1BAD-08F5-4393-95C2-D6F9C5E98D51}: DhcpNameServer=192.168.30.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

merki !
0
Réponse 3 / 14
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
5 juin 2008 à 14:31
Re,

Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

remets aussi un rapport Hijackthis
0
dadoo
5 juin 2008 à 15:31
Alors voilà le rapport Smitfraud

SmitFraudFix v2.323

Rapport fait à 15:24:32,87, 05/06/2008
Executé à partir de C:\Documents and Settings\Etudiant\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 11a/b/g Wireless LAN Mini PCI Express Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CFCC1BAD-08F5-4393-95C2-D6F9C5E98D51}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFCC1BAD-08F5-4393-95C2-D6F9C5E98D51}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CFCC1BAD-08F5-4393-95C2-D6F9C5E98D51}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Et là le rapport Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:13, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = s-marimba:6560
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FGCatchUrl - {B3A00219-19D4-4966-AECD-8ED34AB9EF7A} - C:\WINDOWS\system32\msram.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: etlrlws - {1CCD29F9-75D8-4D7E-8E93-BCBF1AA6C86A} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Cdrom noun.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Theante] C:\DOCUME~1\Etudiant\APPLIC~1\2AXISD~1\window time extra.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestion du client de Pare-feu Microsoft.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=https://www.lenovo.com/fr/fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\Software\..\Telephony: DomainName = de-pedagogie.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
0
Réponse 4 / 14
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
5 juin 2008 à 17:00
Re,

je pense qu'il continuerait comme ça :

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactivera après le scan

Télécharge Lop S&D ici :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2


Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan
Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
0
dadoo
5 juin 2008 à 17:06
Voilà le rapport lopR


-----------------------[ Lop S&D 4.2.1-2 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Etudiant ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 05/06/2008 | 17:05:26,39 ] [ PC : PE-061002523 ]
[ MAJ : 01-06-2008 | 15:51 ]

-------------[ Listing des dossiers dans Application Data ]------------


[20/08/2007|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
[29/03/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4D
[24/02/2008|02:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/09/2007|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[19/01/2008|01:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[17/09/2004|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[12/02/2008|05:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
[25/08/2007|16:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/06/2008|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[12/08/2006|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[12/08/2006|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lenovo
[28/05/2008|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
[14/10/2007|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mapidownloadcoalfrag
[29/05/2007|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[18/08/2007|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[29/08/2006|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[12/02/2008|05:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[22/11/2006|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[17/09/2004|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[31/12/2007|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06/01/2007|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[22/03/2008|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/08/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[22/01/2008|04:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU networks
[29/08/2006|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/03/2007|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[28/02/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[30/08/2006|12:11] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Adobe
[30/08/2006|12:12] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\AdobeUM
[12/08/2006|15:25] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\ATI
[17/09/2004|16:57] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\desktop.ini
[12/08/2006|15:44] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Google
[12/08/2006|15:29] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\IBM
[17/09/2004|17:13] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Identities
[29/08/2006|14:33] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\InterVideo
[29/08/2006|14:33] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Leadertech
[29/08/2006|11:53] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Macromedia
[13/12/2006|17:52] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Microsoft
[29/08/2006|12:06] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Real
[29/08/2006|14:33] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Sonic
[12/08/2006|15:35] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Symantec
[28/08/2006|22:34] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\ThinkVantage

[30/08/2006|12:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[30/08/2006|12:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM
[12/08/2006|15:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[17/09/2004|16:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[12/08/2006|15:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[12/08/2006|15:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\IBM
[17/09/2004|17:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[29/08/2006|14:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterVideo
[29/08/2006|14:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Leadertech
[29/08/2006|11:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[30/08/2006|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[29/08/2006|12:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[29/08/2006|14:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[12/08/2006|15:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[28/08/2006|22:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ThinkVantage

[28/05/2008|11:36] C:\DOCUME~1\Etudiant\APPLIC~1\2 Axis Dent
[10/10/2007|00:54] C:\DOCUME~1\Etudiant\APPLIC~1\AccurateRip
[15/03/2007|11:43] C:\DOCUME~1\Etudiant\APPLIC~1\Adobe
[13/01/2007|16:20] C:\DOCUME~1\Etudiant\APPLIC~1\AdobeUM
[04/09/2007|20:44] C:\DOCUME~1\Etudiant\APPLIC~1\Apple Computer
[12/08/2006|15:25] C:\DOCUME~1\Etudiant\APPLIC~1\ATI
[03/06/2008|00:30] C:\DOCUME~1\Etudiant\APPLIC~1\Azureus
[05/04/2008|20:29] C:\DOCUME~1\Etudiant\APPLIC~1\DAEMON Tools
[17/09/2004|16:57] C:\DOCUME~1\Etudiant\APPLIC~1\desktop.ini
[12/08/2006|15:44] C:\DOCUME~1\Etudiant\APPLIC~1\Google
[12/08/2006|15:29] C:\DOCUME~1\Etudiant\APPLIC~1\IBM
[17/09/2004|17:13] C:\DOCUME~1\Etudiant\APPLIC~1\Identities
[29/08/2006|14:33] C:\DOCUME~1\Etudiant\APPLIC~1\InterVideo
[29/08/2006|14:33] C:\DOCUME~1\Etudiant\APPLIC~1\Leadertech
[29/08/2006|11:53] C:\DOCUME~1\Etudiant\APPLIC~1\Macromedia
[09/06/2007|21:25] C:\DOCUME~1\Etudiant\APPLIC~1\Microsoft
[10/10/2007|03:19] C:\DOCUME~1\Etudiant\APPLIC~1\Mozilla
[29/08/2006|12:06] C:\DOCUME~1\Etudiant\APPLIC~1\Real
[05/06/2008|17:01] C:\DOCUME~1\Etudiant\APPLIC~1\Skype
[05/06/2008|00:02] C:\DOCUME~1\Etudiant\APPLIC~1\skypePM
[29/08/2006|14:33] C:\DOCUME~1\Etudiant\APPLIC~1\Sonic
[06/01/2007|16:47] C:\DOCUME~1\Etudiant\APPLIC~1\Sony Corporation
[25/05/2008|19:12] C:\DOCUME~1\Etudiant\APPLIC~1\SopCast
[30/04/2007|21:51] C:\DOCUME~1\Etudiant\APPLIC~1\Stardock
[30/04/2007|21:58] C:\DOCUME~1\Etudiant\APPLIC~1\Styler
[12/08/2006|15:35] C:\DOCUME~1\Etudiant\APPLIC~1\Symantec
[28/08/2006|22:34] C:\DOCUME~1\Etudiant\APPLIC~1\ThinkVantage
[04/06/2008|21:24] C:\DOCUME~1\Etudiant\APPLIC~1\TmpRecentIcons
[30/09/2007|16:23] C:\DOCUME~1\Etudiant\APPLIC~1\TVU Networks
[24/03/2008|16:43] C:\DOCUME~1\Etudiant\APPLIC~1\U3
[07/03/2008|05:02] C:\DOCUME~1\Etudiant\APPLIC~1\vlc
[12/02/2008|05:48] C:\DOCUME~1\Etudiant\APPLIC~1\Winamp
[26/01/2008|01:09] C:\DOCUME~1\Etudiant\APPLIC~1\WinRAR

[04/03/2008|02:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[14/10/2007|12:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\2 Axis Dent
[11/07/2007|13:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[05/06/2008 17:00][--ah-----] C:\WINDOWS\tasks\B2310950918ABA74.job
[05/06/2008 15:29][--a------] C:\WINDOWS\tasks\PMTask.job
[05/06/2008 15:29][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

B2310950918ABA74.job <--> c:\docume~1\etudiant\applic~1\2axisd~1\idleatomdraw.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[28/05/2008|11:34] C:\Program Files\2 Axis Dent
[24/02/2008|02:37] C:\Program Files\Adobe
[14/10/2007|13:37] C:\Program Files\Adverts
[12/08/2006|14:56] C:\Program Files\Analog Devices
[04/06/2008|21:04] C:\Program Files\Antivirus 2008 PRO
[12/08/2006|15:22] C:\Program Files\ATI Technologies
[22/04/2008|01:21] C:\Program Files\Azureus
[03/05/2007|19:12] C:\Program Files\Blaero Start Orb
[29/08/2006|14:15] C:\Program Files\Borland
[18/12/2007|01:27] C:\Program Files\Circle Developement
[21/08/2007|20:08] C:\Program Files\Common Files
[17/09/2004|17:02] C:\Program Files\ComPlus Applications
[12/08/2006|15:25] C:\Program Files\CONEXANT
[05/04/2008|20:35] C:\Program Files\DAEMON Tools Lite
[23/01/2008|04:33] C:\Program Files\DivX
[10/09/2007|22:24] C:\Program Files\DMV
[04/03/2008|01:51] C:\Program Files\Eurekr.com
[28/02/2008|16:51] C:\Program Files\Fichiers communs
[29/08/2006|12:26] C:\Program Files\FTP Explorer
[20/01/2008|23:20] C:\Program Files\Games-Masters.com
[25/08/2007|16:25] C:\Program Files\Google
[12/08/2006|15:29] C:\Program Files\IBM
[12/08/2006|15:33] C:\Program Files\IBM ThinkVantage
[10/10/2007|00:54] C:\Program Files\Illustrate
[05/04/2008|23:06] C:\Program Files\InstallShield Installation Information
[10/04/2008|14:08] C:\Program Files\Internet Explorer
[12/08/2006|15:32] C:\Program Files\InterVideo
[12/08/2006|15:14] C:\Program Files\Lenovo
[18/08/2007|16:53] C:\Program Files\Logitech
[29/08/2006|13:26] C:\Program Files\Messenger
[31/03/2008|21:00] C:\Program Files\Messenger Plus! Live
[24/06/2007|23:43] C:\Program Files\Micro Motus
[09/05/2007|16:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[29/08/2006|11:52] C:\Program Files\Microsoft Firewall Client 2004
[17/09/2004|17:06] C:\Program Files\microsoft frontpage
[29/08/2006|12:01] C:\Program Files\Microsoft Office
[29/08/2006|12:00] C:\Program Files\Microsoft Visual Studio
[29/08/2006|12:14] C:\Program Files\Microsoft Works
[29/08/2006|11:59] C:\Program Files\Microsoft.NET
[17/09/2004|17:03] C:\Program Files\Movie Maker
[05/06/2008|17:02] C:\Program Files\Mozilla Firefox
[17/09/2004|17:01] C:\Program Files\MSN
[17/09/2004|17:02] C:\Program Files\MSN Gaming Zone
[03/01/2007|15:43] C:\Program Files\MSXML 4.0
[12/08/2006|15:30] C:\Program Files\Multimedia Center for Think Offerings
[17/09/2004|17:03] C:\Program Files\NetMeeting
[29/08/2006|09:53] C:\Program Files\Network Associates
[29/08/2006|14:03] C:\Program Files\OfficeUpdate11
[17/09/2004|17:02] C:\Program Files\Online Services
[19/10/2007|16:08] C:\Program Files\Outlook Express
[12/08/2006|15:31] C:\Program Files\PCDR5
[04/09/2007|17:42] C:\Program Files\QuickTime
[29/08/2006|12:05] C:\Program Files\Real
[05/04/2008|22:50] C:\Program Files\RogueRemover FREE
[05/04/2008|20:40] C:\Program Files\Sega
[17/09/2004|17:04] C:\Program Files\Services en ligne
[31/12/2007|03:04] C:\Program Files\Skype
[12/08/2006|15:41] C:\Program Files\SMI2
[12/08/2006|15:30] C:\Program Files\Sonic
[06/01/2007|16:39] C:\Program Files\Sony
[06/01/2007|16:39] C:\Program Files\Sony Corporation
[13/09/2007|18:55] C:\Program Files\SopCast
[07/04/2008|00:13] C:\Program Files\SPSS
[29/08/2006|12:26] C:\Program Files\Spybot - Search & Destroy
[19/10/2007|16:06] C:\Program Files\Styler
[28/08/2006|23:35] C:\Program Files\Symantec
[28/08/2006|23:45] C:\Program Files\Symantec Client Security
[12/08/2006|14:55] C:\Program Files\Synaptics
[12/08/2006|15:13] C:\Program Files\ThinkPad
[12/08/2006|15:28] C:\Program Files\ThinkVantage
[13/03/2008|17:32] C:\Program Files\Trend Micro
[12/08/2006|15:41] C:\Program Files\TVT SMBus
[07/02/2008|00:35] C:\Program Files\TVUPlayer
[17/09/2004|17:13] C:\Program Files\Uninstall Information
[04/10/2007|00:44] C:\Program Files\Veoh Networks
[07/03/2008|04:53] C:\Program Files\VideoLAN
[19/10/2007|16:06] C:\Program Files\VisualTooltip
[12/02/2008|05:52] C:\Program Files\Winamp
[28/02/2008|16:51] C:\Program Files\Windows Live
[12/02/2008|05:47] C:\Program Files\Windows Live Toolbar
[09/01/2007|21:17] C:\Program Files\Windows Media Connect
[23/05/2007|00:45] C:\Program Files\Windows Media Connect 2
[12/02/2008|05:39] C:\Program Files\Windows Media Player
[17/09/2004|17:01] C:\Program Files\Windows NT
[17/09/2004|17:04] C:\Program Files\WindowsUpdate
[26/01/2008|01:08] C:\Program Files\WinRAR
[17/09/2004|17:06] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[24/02/2008|02:38] C:\Program Files\Fichiers communs\Adobe
[29/08/2006|09:52] C:\Program Files\Fichiers communs\Cisco Systems
[29/08/2006|12:01] C:\Program Files\Fichiers communs\DESIGNER
[12/08/2006|15:13] C:\Program Files\Fichiers communs\InstallShield
[12/08/2006|15:32] C:\Program Files\Fichiers communs\InterVideo
[18/08/2007|16:51] C:\Program Files\Fichiers communs\Logitech
[28/02/2008|16:52] C:\Program Files\Fichiers communs\Microsoft Shared
[17/09/2004|17:03] C:\Program Files\Fichiers communs\MSSoap
[29/08/2006|09:53] C:\Program Files\Fichiers communs\Network Associates
[17/09/2004|16:57] C:\Program Files\Fichiers communs\ODBC
[13/09/2007|18:54] C:\Program Files\Fichiers communs\Real
[17/09/2004|17:03] C:\Program Files\Fichiers communs\Services
[12/02/2008|05:14] C:\Program Files\Fichiers communs\Skype
[12/08/2006|15:30] C:\Program Files\Fichiers communs\Sonic Shared
[06/01/2007|16:39] C:\Program Files\Fichiers communs\Sony Shared
[17/09/2004|16:57] C:\Program Files\Fichiers communs\SpeechEngines
[12/08/2006|15:30] C:\Program Files\Fichiers communs\SureThing Shared
[29/08/2006|11:48] C:\Program Files\Fichiers communs\Symantec Shared
[16/09/2007|17:27] C:\Program Files\Fichiers communs\Synacast
[13/06/2007|13:08] C:\Program Files\Fichiers communs\System
[28/02/2008|16:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[13/09/2007|18:54] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 78

iexplore.exe ~ [2936]
iexplore.exe ~ [3440]

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Cdrom noun.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\aiopjvgy.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\alyydodm.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\BOOB16TICKJUMP.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\gcogubjg.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\idleatomdraw.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\mgomnzwz.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\qnsyclbq.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\rvnakcrk.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\sqimwihs.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\window time extra.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\zflvmsgs.exe
C:\DOCUME~1\NETWOR~1\APPLIC~1\2axisd~1
C:\Program Files\2axisd~1
C:\Program Files\Adverts
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\WINDOWS\Prefetch\IDLEATOMDRAW.EXE-1AD5BA40.pf
C:\DOCUME~1\Etudiant\Cookies\etudiant@www.adserver5[1].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@adin.bigpoint[1].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@bigpoint[1].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@banner.casinoking[2].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@casinoking[1].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@banner.cotedazurpalace[2].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@cotedazurpalace[1].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@adopt.euroclick[1].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@pacificpoker[1].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@32vegas[1].txt
C:\DOCUME~1\Etudiant\Cookies\etudiant@banner.32vegas[2].txt
C:\WINDOWS\Tasks\B2310950918ABA74.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Theante"="C:\\DOCUME~1\\Etudiant\\APPLIC~1\\2AXISD~1\\window time extra.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ROAD ITCH AMOK PING"="C:\\Documents and Settings\\All Users\\Application Data\\Long slow road itch\\Cdrom noun.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 17:06:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [5804]
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Documents and Settings\Etudiant\Local Settings\Application Data\Microsoft\Messenger\dadou221@hotmail.com\Sharing Folders\mortel_suchi@hotmail.com\VideoGet.v2.0.2.27.Multilingual.WinNT2kXPViSTA.Cracked-ViRiLiTY_by_softland.biz_.rar


[F:1100][D:25]-> C:\DOCUME~1\Etudiant\LOCALS~1\Temp
[F:152][D:0]-> C:\DOCUME~1\Etudiant\Cookies
[F:313][D:18]-> C:\DOCUME~1\Etudiant\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

--------------------[ Fin du rapport a 17:07:19,73 ]----------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
5 juin 2008 à 17:17
Re,

ouvre l'explorateur Windows, cherche et supprime :

C:\Documents and Settings\Etudiant\Local Settings\Application Data\Microsoft\Messenger\dadou221@hotmail.com\Sharing Folders\mortel_suchi@hotmail.com\VideoGet.v2.0.2.27.Multilingual.WinNT2kXPViSTA.Cracked-Vi­RiLiTY_by_softland.biz_.rar

Relance Lop S&D

Choisis cette fois ci l'Option 3 ( Suppression, sans nettoyage du fichier Hosts )
Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

fais redémarrer l'ordi,

remets un nouveau rapport Hijackthis

0
dadoo
5 juin 2008 à 17:25
Re,

Rapport LopR (suppression)


-----------------------[ Lop S&D 4.2.1-2 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Etudiant ] [ "C:\Lop SD" ] [ Selection : 3 ]
[ 05/06/2008 | 17:21:13,28 ] [ PC : PE-061002523 ]
[ MAJ : 01-06-2008 | 15:51 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Cdrom noun.exe
Supprimé! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\aiopjvgy.exe
Supprimé! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\alyydodm.exe
Supprimé! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\BOOB16TICKJUMP.exe
Supprimé! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\gcogubjg.exe
Supprimé! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\idleatomdraw.exe
Supprimé! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\mgomnzwz.exe
Supprimé! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\qnsyclbq.exe
Supprimé! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\rvnakcrk.exe
Supprimé! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\sqimwihs.exe
Echec ! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\window time extra.exe
Supprimé! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\zflvmsgs.exe
Supprimé! - C:\Program Files\Circle Developement\Uninstall.exe
Supprimé! - C:\WINDOWS\Prefetch\IDLEATOMDRAW.EXE-1AD5BA40.pf
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@www.adserver5[1].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@adin.bigpoint[1].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@bigpoint[1].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@fr1.seafight.bigpoint[1].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@banner.casinoking[2].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@casinoking[1].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@banner.cotedazurpalace[2].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@cotedazurpalace[1].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@adopt.euroclick[1].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@pacificpoker[1].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@32vegas[1].txt
Supprimé! - C:\DOCUME~1\Etudiant\Cookies\etudiant@banner.32vegas[2].txt
Supprimé! - C:\WINDOWS\Tasks\B2310950918ABA74.job
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
Echec ! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1
Supprimé! - C:\DOCUME~1\NETWOR~1\APPLIC~1\2axisd~1
Supprimé! - C:\Program Files\2axisd~1
Supprimé! - C:\Program Files\Adverts
Supprimé! - C:\Program Files\Circle Developement

\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////

Echec ! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\window time extra.exe
Echec ! - C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------


[20/08/2007|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
[29/03/2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4D
[24/02/2008|02:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/09/2007|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[19/01/2008|01:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[17/09/2004|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[12/02/2008|05:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat
[25/08/2007|16:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[04/06/2008|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[12/08/2006|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[12/08/2006|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lenovo
[14/10/2007|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mapidownloadcoalfrag
[29/05/2007|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[18/08/2007|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[29/08/2006|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates
[12/02/2008|05:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[22/11/2006|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[17/09/2004|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[31/12/2007|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06/01/2007|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[22/03/2008|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/08/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[22/01/2008|04:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU networks
[29/08/2006|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/03/2007|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[28/02/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[30/08/2006|12:11] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Adobe
[30/08/2006|12:12] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\AdobeUM
[12/08/2006|15:25] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\ATI
[17/09/2004|16:57] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\desktop.ini
[12/08/2006|15:44] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Google
[12/08/2006|15:29] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\IBM
[17/09/2004|17:13] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Identities
[29/08/2006|14:33] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\InterVideo
[29/08/2006|14:33] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Leadertech
[29/08/2006|11:53] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Macromedia
[13/12/2006|17:52] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Microsoft
[29/08/2006|12:06] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Real
[29/08/2006|14:33] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Sonic
[12/08/2006|15:35] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\Symantec
[28/08/2006|22:34] C:\DOCUME~1\DB8BF~1.CLA\APPLIC~1\ThinkVantage

[30/08/2006|12:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[30/08/2006|12:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM
[12/08/2006|15:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[17/09/2004|16:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[12/08/2006|15:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[12/08/2006|15:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\IBM
[17/09/2004|17:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[29/08/2006|14:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterVideo
[29/08/2006|14:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Leadertech
[29/08/2006|11:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[30/08/2006|14:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[29/08/2006|12:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[29/08/2006|14:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[12/08/2006|15:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[28/08/2006|22:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ThinkVantage

[05/06/2008|17:21] C:\DOCUME~1\Etudiant\APPLIC~1\2 Axis Dent
[10/10/2007|00:54] C:\DOCUME~1\Etudiant\APPLIC~1\AccurateRip
[15/03/2007|11:43] C:\DOCUME~1\Etudiant\APPLIC~1\Adobe
[13/01/2007|16:20] C:\DOCUME~1\Etudiant\APPLIC~1\AdobeUM
[04/09/2007|20:44] C:\DOCUME~1\Etudiant\APPLIC~1\Apple Computer
[12/08/2006|15:25] C:\DOCUME~1\Etudiant\APPLIC~1\ATI
[03/06/2008|00:30] C:\DOCUME~1\Etudiant\APPLIC~1\Azureus
[05/04/2008|20:29] C:\DOCUME~1\Etudiant\APPLIC~1\DAEMON Tools
[17/09/2004|16:57] C:\DOCUME~1\Etudiant\APPLIC~1\desktop.ini
[12/08/2006|15:44] C:\DOCUME~1\Etudiant\APPLIC~1\Google
[12/08/2006|15:29] C:\DOCUME~1\Etudiant\APPLIC~1\IBM
[17/09/2004|17:13] C:\DOCUME~1\Etudiant\APPLIC~1\Identities
[29/08/2006|14:33] C:\DOCUME~1\Etudiant\APPLIC~1\InterVideo
[29/08/2006|14:33] C:\DOCUME~1\Etudiant\APPLIC~1\Leadertech
[29/08/2006|11:53] C:\DOCUME~1\Etudiant\APPLIC~1\Macromedia
[09/06/2007|21:25] C:\DOCUME~1\Etudiant\APPLIC~1\Microsoft
[10/10/2007|03:19] C:\DOCUME~1\Etudiant\APPLIC~1\Mozilla
[29/08/2006|12:06] C:\DOCUME~1\Etudiant\APPLIC~1\Real
[05/06/2008|17:01] C:\DOCUME~1\Etudiant\APPLIC~1\Skype
[05/06/2008|16:00] C:\DOCUME~1\Etudiant\APPLIC~1\skypePM
[29/08/2006|14:33] C:\DOCUME~1\Etudiant\APPLIC~1\Sonic
[06/01/2007|16:47] C:\DOCUME~1\Etudiant\APPLIC~1\Sony Corporation
[25/05/2008|19:12] C:\DOCUME~1\Etudiant\APPLIC~1\SopCast
[30/04/2007|21:51] C:\DOCUME~1\Etudiant\APPLIC~1\Stardock
[30/04/2007|21:58] C:\DOCUME~1\Etudiant\APPLIC~1\Styler
[12/08/2006|15:35] C:\DOCUME~1\Etudiant\APPLIC~1\Symantec
[28/08/2006|22:34] C:\DOCUME~1\Etudiant\APPLIC~1\ThinkVantage
[04/06/2008|21:24] C:\DOCUME~1\Etudiant\APPLIC~1\TmpRecentIcons
[30/09/2007|16:23] C:\DOCUME~1\Etudiant\APPLIC~1\TVU Networks
[24/03/2008|16:43] C:\DOCUME~1\Etudiant\APPLIC~1\U3
[07/03/2008|05:02] C:\DOCUME~1\Etudiant\APPLIC~1\vlc
[12/02/2008|05:48] C:\DOCUME~1\Etudiant\APPLIC~1\Winamp
[26/01/2008|01:09] C:\DOCUME~1\Etudiant\APPLIC~1\WinRAR

[04/03/2008|02:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[11/07/2007|13:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[05/06/2008 15:29][--a------] C:\WINDOWS\tasks\PMTask.job
[05/06/2008 15:29][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[24/02/2008|02:37] C:\Program Files\Adobe
[12/08/2006|14:56] C:\Program Files\Analog Devices
[04/06/2008|21:04] C:\Program Files\Antivirus 2008 PRO
[12/08/2006|15:22] C:\Program Files\ATI Technologies
[22/04/2008|01:21] C:\Program Files\Azureus
[03/05/2007|19:12] C:\Program Files\Blaero Start Orb
[29/08/2006|14:15] C:\Program Files\Borland
[21/08/2007|20:08] C:\Program Files\Common Files
[17/09/2004|17:02] C:\Program Files\ComPlus Applications
[12/08/2006|15:25] C:\Program Files\CONEXANT
[05/04/2008|20:35] C:\Program Files\DAEMON Tools Lite
[23/01/2008|04:33] C:\Program Files\DivX
[10/09/2007|22:24] C:\Program Files\DMV
[04/03/2008|01:51] C:\Program Files\Eurekr.com
[28/02/2008|16:51] C:\Program Files\Fichiers communs
[29/08/2006|12:26] C:\Program Files\FTP Explorer
[20/01/2008|23:20] C:\Program Files\Games-Masters.com
[25/08/2007|16:25] C:\Program Files\Google
[12/08/2006|15:29] C:\Program Files\IBM
[12/08/2006|15:33] C:\Program Files\IBM ThinkVantage
[10/10/2007|00:54] C:\Program Files\Illustrate
[05/04/2008|23:06] C:\Program Files\InstallShield Installation Information
[10/04/2008|14:08] C:\Program Files\Internet Explorer
[12/08/2006|15:32] C:\Program Files\InterVideo
[12/08/2006|15:14] C:\Program Files\Lenovo
[18/08/2007|16:53] C:\Program Files\Logitech
[29/08/2006|13:26] C:\Program Files\Messenger
[31/03/2008|21:00] C:\Program Files\Messenger Plus! Live
[24/06/2007|23:43] C:\Program Files\Micro Motus
[09/05/2007|16:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[29/08/2006|11:52] C:\Program Files\Microsoft Firewall Client 2004
[17/09/2004|17:06] C:\Program Files\microsoft frontpage
[29/08/2006|12:01] C:\Program Files\Microsoft Office
[29/08/2006|12:00] C:\Program Files\Microsoft Visual Studio
[29/08/2006|12:14] C:\Program Files\Microsoft Works
[29/08/2006|11:59] C:\Program Files\Microsoft.NET
[17/09/2004|17:03] C:\Program Files\Movie Maker
[05/06/2008|17:02] C:\Program Files\Mozilla Firefox
[17/09/2004|17:01] C:\Program Files\MSN
[17/09/2004|17:02] C:\Program Files\MSN Gaming Zone
[03/01/2007|15:43] C:\Program Files\MSXML 4.0
[12/08/2006|15:30] C:\Program Files\Multimedia Center for Think Offerings
[17/09/2004|17:03] C:\Program Files\NetMeeting
[29/08/2006|09:53] C:\Program Files\Network Associates
[29/08/2006|14:03] C:\Program Files\OfficeUpdate11
[17/09/2004|17:02] C:\Program Files\Online Services
[19/10/2007|16:08] C:\Program Files\Outlook Express
[12/08/2006|15:31] C:\Program Files\PCDR5
[04/09/2007|17:42] C:\Program Files\QuickTime
[29/08/2006|12:05] C:\Program Files\Real
[05/04/2008|22:50] C:\Program Files\RogueRemover FREE
[05/04/2008|20:40] C:\Program Files\Sega
[17/09/2004|17:04] C:\Program Files\Services en ligne
[31/12/2007|03:04] C:\Program Files\Skype
[12/08/2006|15:41] C:\Program Files\SMI2
[12/08/2006|15:30] C:\Program Files\Sonic
[06/01/2007|16:39] C:\Program Files\Sony
[06/01/2007|16:39] C:\Program Files\Sony Corporation
[13/09/2007|18:55] C:\Program Files\SopCast
[07/04/2008|00:13] C:\Program Files\SPSS
[29/08/2006|12:26] C:\Program Files\Spybot - Search & Destroy
[19/10/2007|16:06] C:\Program Files\Styler
[28/08/2006|23:35] C:\Program Files\Symantec
[28/08/2006|23:45] C:\Program Files\Symantec Client Security
[12/08/2006|14:55] C:\Program Files\Synaptics
[12/08/2006|15:13] C:\Program Files\ThinkPad
[12/08/2006|15:28] C:\Program Files\ThinkVantage
[13/03/2008|17:32] C:\Program Files\Trend Micro
[12/08/2006|15:41] C:\Program Files\TVT SMBus
[07/02/2008|00:35] C:\Program Files\TVUPlayer
[17/09/2004|17:13] C:\Program Files\Uninstall Information
[04/10/2007|00:44] C:\Program Files\Veoh Networks
[07/03/2008|04:53] C:\Program Files\VideoLAN
[19/10/2007|16:06] C:\Program Files\VisualTooltip
[12/02/2008|05:52] C:\Program Files\Winamp
[28/02/2008|16:51] C:\Program Files\Windows Live
[12/02/2008|05:47] C:\Program Files\Windows Live Toolbar
[09/01/2007|21:17] C:\Program Files\Windows Media Connect
[23/05/2007|00:45] C:\Program Files\Windows Media Connect 2
[12/02/2008|05:39] C:\Program Files\Windows Media Player
[17/09/2004|17:01] C:\Program Files\Windows NT
[17/09/2004|17:04] C:\Program Files\WindowsUpdate
[26/01/2008|01:08] C:\Program Files\WinRAR
[17/09/2004|17:06] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[24/02/2008|02:38] C:\Program Files\Fichiers communs\Adobe
[29/08/2006|09:52] C:\Program Files\Fichiers communs\Cisco Systems
[29/08/2006|12:01] C:\Program Files\Fichiers communs\DESIGNER
[12/08/2006|15:13] C:\Program Files\Fichiers communs\InstallShield
[12/08/2006|15:32] C:\Program Files\Fichiers communs\InterVideo
[18/08/2007|16:51] C:\Program Files\Fichiers communs\Logitech
[28/02/2008|16:52] C:\Program Files\Fichiers communs\Microsoft Shared
[17/09/2004|17:03] C:\Program Files\Fichiers communs\MSSoap
[29/08/2006|09:53] C:\Program Files\Fichiers communs\Network Associates
[17/09/2004|16:57] C:\Program Files\Fichiers communs\ODBC
[13/09/2007|18:54] C:\Program Files\Fichiers communs\Real
[17/09/2004|17:03] C:\Program Files\Fichiers communs\Services
[12/02/2008|05:14] C:\Program Files\Fichiers communs\Skype
[12/08/2006|15:30] C:\Program Files\Fichiers communs\Sonic Shared
[06/01/2007|16:39] C:\Program Files\Fichiers communs\Sony Shared
[17/09/2004|16:57] C:\Program Files\Fichiers communs\SpeechEngines
[12/08/2006|15:30] C:\Program Files\Fichiers communs\SureThing Shared
[29/08/2006|11:48] C:\Program Files\Fichiers communs\Symantec Shared
[16/09/2007|17:27] C:\Program Files\Fichiers communs\Synacast
[13/06/2007|13:08] C:\Program Files\Fichiers communs\System
[28/02/2008|16:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[13/09/2007|18:54] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 77

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\window time extra.exe
C:\WINDOWS\Prefetch\WINDOW TIME EXTRA.EXE-0739C43E.pf

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 17:22:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [5804]
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------


Aucune autre infection trouvée !

[F:1100][D:25]-> C:\DOCUME~1\Etudiant\LOCALS~1\Temp
[F:140][D:0]-> C:\DOCUME~1\Etudiant\Cookies
[F:313][D:18]-> C:\DOCUME~1\Etudiant\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

--------------------[ Fin du rapport a 17:22:33,89 ]----------------------


Rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:08, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = s-marimba:6560
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FGCatchUrl - {B3A00219-19D4-4966-AECD-8ED34AB9EF7A} - C:\WINDOWS\system32\msram.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: etlrlws - {1CCD29F9-75D8-4D7E-8E93-BCBF1AA6C86A} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestion du client de Pare-feu Microsoft.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=https://www.lenovo.com/fr/fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\Software\..\Telephony: DomainName = de-pedagogie.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
0
Réponse 6 / 14
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
5 juin 2008 à 17:39
Re,

je vais en rester là.

Le Sioux ne devrait pas trop tarder.

De toute manière, c'est à lui de dire comment il veut procéder pour continuer la désinfection.

__________

Pour lui faciliter la tâche, il y a encore des répertoires (probablement inertes) liés à lop :


20/08/2007|21:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long

05/06/2008|17:21] C:\DOCUME~1\Etudiant\APPLIC~1\2 Axis Dent

[03/05/2007|19:12] C:\Program Files\Blaero Start Orb


Bonne suite à tous les 2
0
dadoo
5 juin 2008 à 18:16
Merci Beaucoup !!
0
Réponse 7 / 14
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
5 juin 2008 à 19:50
Bonsoir Dadou, Lyonnais

Lyonnais, merci du coup de main, je faisait la big sieste .

Bon, SmitFraud, c'est fait, LOP, c'est presque fini, reste du Vundo et du Rogue, on va fignoler ;)

Vous avez bien avancés, on continu :

Télécharge Combofix.exe de sUBs sur ton Bureau,

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

N'y touche pas pour le moment.

* Sélectionne le texte suivant (en gras) dans son intégralité :

Driver::
msupdate

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3A00219-19D4-4966-AECD-8ED34AB9EF7A}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"antivirus-2008pro.exe"=-

File::
C:\WINDOWS\Prefetch\WINDOW TIME EXTRA.EXE-0739C43E.pf
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\window time extra.exe
C:\WINDOWS\system32\msram.dll
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
C:\windows\system32\mssrv32.exe

Folder::
C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
C:\DOCUME~1\Etudiant\APPLIC~1\2 Axis Dent
C:\Program Files\Blaero Start Orb
C:\Program Files\Antivirus 2008 PRO

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (Démarrer / Tous les Programmes>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde sur ton Bureau ce fichier sous le nom de CFScript

/!\ Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement. /!\

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)

Comme ici http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif

* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

/!\Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\.

(Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )

@ suivre
0
dadoo
5 juin 2008 à 22:22
Salut le Sioux,

Voilà le rapport de combofix

ComboFix 08-06-05.3 - Etudiant 2008-06-05 22:11:24.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1386 [GMT 2:00]
Endroit: C:\Documents and Settings\Etudiant\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Etudiant\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color

FILE ::
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\window time extra.exe
C:\WINDOWS\Prefetch\WINDOW TIME EXTRA.EXE-0739C43E.pf
C:\WINDOWS\system32\msram.dll
C:\windows\system32\mssrv32.exe
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

B:\Autorun.inf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
C:\DOCUME~1\Etudiant\APPLIC~1\2 Axis Dent
C:\DOCUME~1\Etudiant\APPLIC~1\2 Axis Dent\window time extra.exe
C:\DOCUME~1\Etudiant\APPLIC~1\2axisd~1\window time extra.exe
C:\Documents and Settings\Etudiant\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\Etudiant\Menu Démarrer\Programmes\Antivirus 2008 PRO
C:\Documents and Settings\Etudiant\Menu Démarrer\Programmes\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Program Files\Antivirus 2008 PRO
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\Antivirus 2008 PRO\vscan.tsi
C:\Program Files\Antivirus 2008 PRO\zlib.dll
C:\Program Files\Blaero Start Orb
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
C:\Program Files\internet explorer\iekey.dll
C:\WINDOWS\Prefetch\WINDOW TIME EXTRA.EXE-0739C43E.pf
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\msram.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Service_msupdate


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
.

2008-06-05 17:04 . 2008-06-05 17:22 <REP> d-------- C:\Lop SD
2008-06-05 14:28 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-05 14:28 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-05 14:28 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-05 14:28 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-05 14:28 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-05 14:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-05 14:28 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-05 14:28 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-04 20:24 . 2008-06-04 18:36 94,208 --a------ C:\WINDOWS\erlg.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 20:10 --------- d-----w C:\Documents and Settings\Etudiant\Application Data\Skype
2008-06-05 15:40 30,080 ----a-w C:\WINDOWS\system32\drivers\Windl86.sys
2008-06-05 14:00 --------- d-----w C:\Documents and Settings\Etudiant\Application Data\skypePM
2008-06-04 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-02 22:30 --------- d-----w C:\Documents and Settings\Etudiant\Application Data\Azureus
2008-05-25 17:12 --------- d-----w C:\Documents and Settings\Etudiant\Application Data\SopCast
2008-04-21 23:21 --------- d-----w C:\Program Files\Azureus
2008-04-06 22:13 --------- d-----w C:\Program Files\SPSS
2008-04-05 21:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 20:50 --------- d-----w C:\Program Files\RogueRemover FREE
2008-04-05 18:40 --------- d-----w C:\Program Files\Sega
2008-04-05 18:35 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-05 18:29 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-05 18:29 --------- d-----w C:\Documents and Settings\Etudiant\Application Data\DAEMON Tools
2008-03-11 19:30 98,304 ----a-w C:\WINDOWS\fmsxwqs.exe
2008-02-12 03:15 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

------- Sigcheck -------

2005-03-02 10:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:08 2029056 f3cd8803bd8a89c9078931cc48f102c8 C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:08 2149376 8ed15ddffb10d9865d7aafb561339c25 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1CCD29F9-75D8-4D7E-8E93-BCBF1AA6C86A}"= "C:\WINDOWS\etlrlws.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{1ccd29f9-75d8-4d7e-8e93-bcbf1aa6c86a}]
[HKEY_CLASSES_ROOT\etlrlws.1]
[HKEY_CLASSES_ROOT\TypeLib\{52F48EB2-56FE-4656-A038-FEEEE02600A8}]
[HKEY_CLASSES_ROOT\etlrlws]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 18:09 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:27 21686568]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-09 13:31 67128]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 14:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 14:16 512000]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 19:04 864256]
"TpShocks"="TpShocks.exe" [2005-11-07 11:14 106496 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 01:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 02:22 237568]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 16:14 94208]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"suScheduler"="C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 17:32 40960]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-03-23 01:10 106496]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 15:23 487424]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 05:10 122940]
"ISUSPM Startup"="c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-03-23 02:03 69632]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 13:09 409600]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 12:59 98304]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-03-09 01:13 151552]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-03-09 01:13 208896]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-09-27 04:06 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 09:00 94208]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-04 17:42 282624]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 18:54 185632]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]
"PDService.exe"="C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 13:13 49152]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"cssauth"="C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 18:08 1996336]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2006-04-17 13:01 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-03-23 02:03 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 2008-06-05 22:22 15360 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3772028017-4244622243-1160242127-13631\Scripts\Logon\[u]0/u\[u]0/u]
"Script"=\\S-synthe\GPO\Scripts\raccourci Client Parre-feu\copy.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windl86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15504:TCP"= 15504:TCP:NortonAV
"16574:TCP"= 16574:TCP:NortonAV

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 15:58]
R0 Windl86;Windl86;C:\WINDOWS\system32\Drivers\Windl86.sys [2008-06-05 22:22]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 12:18]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-03-09 01:13]
R2 FwcAgent;Agent du client de pare-feu;"C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe" [2005-02-10 23:43]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-12-21 17:14]
R2 PrivateDisk;PrivateDisk;C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-11-15 13:11]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2005-12-21 16:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\Auto\command - infrom.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00bbbec4-8546-11dc-ac1e-0016cf467de8}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79f0890a-8aad-11db-ab27-0016cf467de8}]
\Shell\AutoRun\command - F:\ie.exe
\Shell\explore\Command - F:\ie.exe
\Shell\open\Command - F:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8821f36e-3e28-11dc-abd0-0016cf467de8}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98b5f886-d14c-11db-ab9c-0016cf467de8}]
\Shell\AutoRun\command - G:\ie.exe
\Shell\explore\Command - G:\ie.exe
\Shell\open\Command - G:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61af672-f726-11dc-ac4d-0016cf467de8}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2d2c235-116b-11dd-ac5f-0016cf467de8}]
\Shell\AutoRun\command - H:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b91d87f8-7407-11db-ab0b-0016cf467de8}]
\Shell\AutoRun\command - F:\ie.exe
\Shell\explore\Command - F:\ie.exe
\Shell\open\Command - F:\ie.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-05 20:17:43 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 22:16:45
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

C:\WINDOWS\system32\svchost.exe [1028] 0x87DA28B0

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINDOWS\system32\tphklock.dll
-> C:\WINDOWS\system32\WinCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-05 22:22:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 20:22:47

Pre-Run: 5,259,558,912 octets libres
Post-Run: 5,209,030,656 octets libres

273 --- E O F --- 2008-05-29 06:46:45


Et le rapport Hijack,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:44, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = s-marimba:6560
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: etlrlws - {1CCD29F9-75D8-4D7E-8E93-BCBF1AA6C86A} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestion du client de Pare-feu Microsoft.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=https://www.lenovo.com/fr/fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\Software\..\Telephony: DomainName = de-pedagogie.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
0
Réponse 8 / 14
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
5 juin 2008 à 22:44
Bonsoir dadoo

Bien joué, besoin de renseignements sur un fichier C:\WINDOWS\fmsxwqs.exe

Rends toi sur VIRUS TOTAL https://www.virustotal.com/gui/

* Clique sur "parcourir" : C:\WINDOWS\fmsxwqs.exe

* Recherche le fichier à analyser, puis clique ensuite sur "send".

Il faut patienter car tu es sur une file d'attente.
Le rapport ne sera complet que lorsque tu verras la mention "FINISHED"sur la droite.

Dépose le dans ta prochaine réponse.

Tuto : http://pageperso.aol.fr/loraline60/virus_total.htm

Note : Il est possible que tu es besoin d'avoir accès aux dossiers et fichiers cachés, pour cela "Affiche les dossiers cachés" Aide toi de B ) ici https://forum.pcastuces.com/sujet.asp?f=25&s=3902 si besoin.

et poste le rapport en réponse stp.

Re-cache les fichiers et dossiers cachés par la suite pour éviter de faire des bétises ;)

@ +
0
dadoo
5 juin 2008 à 23:17
Re,

Alors ici se trouve le rapport de virus total

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.26 2008.06.05 ADSPY/Vapsu.aax.1.A
Authentium 5.1.0.4 2008.06.05 -
Avast 4.8.1195.0 2008.06.05 -
AVG 7.5.0.516 2008.06.05 Downloader.Zlob.ST
BitDefender 7.2 2008.06.05 -
CAT-QuickHeal 9.50 2008.06.05 AdWare.Vapsup.cjl (Not a Virus)
ClamAV 0.92.1 2008.06.05 -
DrWeb 4.44.0.09170 2008.06.05 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5850 2008.06.05 Win32/Pripecs!generic
Ewido 4.0 2008.06.05 Not-A-Virus.Adware.Vapsup
F-Prot 4.4.4.56 2008.06.05 -
F-Secure 6.70.13260.0 2008.06.05 -
Fortinet 3.14.0.0 2008.06.05 -
GData 2.0.7306.1023 2008.06.05 -
Ikarus T3.1.1.26.0 2008.06.05 not-a-virus:AdWare.Win32.Vapsup.tz
Kaspersky 7.0.0.125 2008.06.05 not-a-virus:AdWare.Win32.Vapsup.cop
McAfee 5311 2008.06.05 -
Microsoft 1.3604 2008.06.05 Trojan:Win32/Small.ZZB
NOD32v2 3162 2008.06.05 a variant of Win32/Adware.Vapsup.AE
Norman 5.80.02 2008.06.05 -
Panda 9.0.0.4 2008.06.05 -
Prevx1 V2 2008.06.05 Malware Downloader
Rising 20.47.32.00 2008.06.05 Trojan.DL.Win32.Mnless.zgf
Sophos 4.30.0 2008.06.05 -
Sunbelt 3.0.1145.1 2008.06.05 Adware.NetAdware.Gen
Symantec 10 2008.06.05 Downloader.Zlob!gen.2
TheHacker 6.2.92.335 2008.06.05 -
VBA32 3.12.6.7 2008.06.05 AdWare.Win32.Vapsup.cop
VirusBuster 4.3.26:9 2008.06.05 -
Webwasher-Gateway 6.6.2 2008.06.05 Ad-Spyware.Vapsu.aax.1.A
Information additionnelle
File size: 98304 bytes
MD5...: 0bc8cb11f6ad1a296d52b03868eee6c8
SHA1..: 3c408ac0aea0465b705f5a6fb412532ed33459d4
SHA256: 2b4384c9f3b4851d48dfe8e5608d32faae610eef438250465ee4e343c80cfa38
SHA512: 547c396074ec99c62be93862c8c0279db1e484c35bb3e17f64975ee62dc6c42f
86601a95b688df2d55a2d71088bd40a1f3338d13cab2be6807204869b5385c57
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403638
timedatestamp.....: 0x47d6c3f5 (Tue Mar 11 17:40:05 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd358 0xe000 6.32 013457934ab351403bde340d20d8e10f
.rdata 0xf000 0x514a 0x6000 4.89 6f27ee1c2db3953d21cd4cfc44a486d4
.data 0x15000 0x2e04 0x2000 1.52 70ce85398d7877dc29fc628304710f30
.rsrc 0x18000 0xb0 0x1000 3.06 3f5827a2b0d36266766419a3d048f0d6

( 5 imports )
> KERNEL32.dll: TerminateProcess, GetLastError, SetLastError, GetCurrentProcessId, MultiByteToWideChar, Sleep, LoadLibraryW, GetProcAddress, CloseHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, HeapFree, GetCommandLineA, GetVersionExA, HeapAlloc, GetProcessHeap, RaiseException, RtlUnwind, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, InterlockedDecrement, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, ExitProcess, DeleteCriticalSection, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetCPInfo, GetACP, GetOEMCP, LCMapStringA, WideCharToMultiByte, LCMapStringW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, WriteFile, GetModuleFileNameA, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, HeapSize, LoadLibraryA, InitializeCriticalSection, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetFilePointer, CreateFileA
> ADVAPI32.dll: RegDeleteValueW, RegSetValueExW, RegCloseKey, RegOpenKeyExW, RegCreateKeyExW
> SHELL32.dll: SHGetSpecialFolderPathW
> ole32.dll: CoInitialize
> SHLWAPI.dll: SHDeleteKeyW

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=DE7D1F73001FDF07805F01A0F7FF610049930ABD


;)
0
dadoo > dadoo
5 juin 2008 à 23:19
Re,

Je sais pas si il fallait un autre rapport Hijack, si jamais il est là !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:18, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = s-marimba:6560
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: etlrlws - {1CCD29F9-75D8-4D7E-8E93-BCBF1AA6C86A} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestion du client de Pare-feu Microsoft.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=https://www.lenovo.com/fr/fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\Software\..\Telephony: DomainName = de-pedagogie.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
0
Réponse 9 / 14
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
5 juin 2008 à 23:24
Re

Bien Joué dadoo, on attaque

ComboFix avec CFScript :

* Sélectionne le texte suivant (en gras) dans son intégralité :

Driver::
Windl86

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1CCD29F9-75D8-4D7E-8E93-BCBF1AA6C86A}"=-
[-HKEY_CLASSES_ROOT\clsid\{1ccd29f9-75d8-4d7e-8e93-bcbf1aa6c86a}]
[-HKEY_CLASSES_ROOT\etlrlws.1]
[-HKEY_CLASSES_ROOT\TypeLib\{52F48EB2-56FE-4656-A038-FEEEE02600A8}]
[-HKEY_CLASSES_ROOT\etlrlws]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]

Folder::
C:\Lop SD

File::
C:\WINDOWS\erlg.exe
C:\WINDOWS\system32\drivers\Windl86.sys
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
C:\WINDOWS\etlrlws.dll
C:\WINDOWS\fmsxwqs.exe

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (Démarrer / Tous les Programmes>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde sur ton Bureau ce fichier sous le nom de CFScript

/!\ Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement. /!\

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)

Comme ici http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif

* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

/!\Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\.

(Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )

@ suivre
0
dadoo
5 juin 2008 à 23:44
Re,

RApport de ComboFIx

ComboFix 08-06-05.3 - Etudiant 2008-06-05 23:34:06.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1333 [GMT 2:00]
Endroit: C:\Documents and Settings\Etudiant\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Etudiant\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\erlg.exe
C:\WINDOWS\etlrlws.dll
C:\WINDOWS\fmsxwqs.exe
C:\WINDOWS\system32\drivers\Windl86.sys
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Lop SD
C:\Lop SD\App-Prog.lsd
C:\Lop SD\AuDoss.lsd
C:\Lop SD\autrinf.cmd
C:\Lop SD\AWF.cmd
C:\Lop SD\Back.cmd
C:\Lop SD\Backup-Lop\D\window time extra.exe
C:\Lop SD\Backup-Lop\F\aiopjvgy.exe
C:\Lop SD\Backup-Lop\F\alyydodm.exe
C:\Lop SD\Backup-Lop\F\BOOB16TICKJUMP.exe
C:\Lop SD\Backup-Lop\F\Cdrom noun.exe
C:\Lop SD\Backup-Lop\F\etudiant@32vegas[1].txt
C:\Lop SD\Backup-Lop\F\etudiant@adin.bigpoint[1].txt
C:\Lop SD\Backup-Lop\F\etudiant@adopt.euroclick[1].txt
C:\Lop SD\Backup-Lop\F\etudiant@banner.32vegas[2].txt
C:\Lop SD\Backup-Lop\F\etudiant@banner.casinoking[2].txt
C:\Lop SD\Backup-Lop\F\etudiant@banner.cotedazurpalace[2].txt
C:\Lop SD\Backup-Lop\F\etudiant@bigpoint[1].txt
C:\Lop SD\Backup-Lop\F\etudiant@casinoking[1].txt
C:\Lop SD\Backup-Lop\F\etudiant@cotedazurpalace[1].txt
C:\Lop SD\Backup-Lop\F\etudiant@fr1.seafight.bigpoint[1].txt
C:\Lop SD\Backup-Lop\F\etudiant@pacificpoker[1].txt
C:\Lop SD\Backup-Lop\F\etudiant@www.adserver5[1].txt
C:\Lop SD\Backup-Lop\F\gcogubjg.exe
C:\Lop SD\Backup-Lop\F\IDLEATOMDRAW.EXE-1AD5BA40.pf
C:\Lop SD\Backup-Lop\F\idleatomdraw.exe
C:\Lop SD\Backup-Lop\F\mgomnzwz.exe
C:\Lop SD\Backup-Lop\F\qnsyclbq.exe
C:\Lop SD\Backup-Lop\F\rvnakcrk.exe
C:\Lop SD\Backup-Lop\F\sqimwihs.exe
C:\Lop SD\Backup-Lop\F\Uninstall.exe
C:\Lop SD\Backup-Lop\F\window time extra.exe
C:\Lop SD\Backup-Lop\F\zflvmsgs.exe
C:\Lop SD\Backup-Lop\Reg\HKCU_Run.reg
C:\Lop SD\Backup-Lop\Reg\HKLM_Run.reg
C:\Lop SD\Backup-Lop\Reg\HKLM_Uninstall.reg
C:\Lop SD\Boo.reg
C:\Lop SD\BooFix.cmd
C:\Lop SD\catchme.exe
C:\Lop SD\DirectFix.cmd
C:\Lop SD\Doss.lsd
C:\Lop SD\DossKill.txt
C:\Lop SD\exist.txt
C:\Lop SD\FichKill.txt
C:\Lop SD\Icon_Lop.ico
C:\Lop SD\Key.txt
C:\Lop SD\KILL.cmd
C:\Lop SD\Langues.cmd
C:\Lop SD\Lop S&D.lnk
C:\Lop SD\LopScript.cmd
C:\Lop SD\LopSD.cmd
C:\Lop SD\lsTasks.exe
C:\Lop SD\osVer.exe
C:\Lop SD\paths.bat
C:\Lop SD\PrefKill.txt
C:\Lop SD\Process.exe
C:\Lop SD\Rapport-Lop.txt
C:\Lop SD\RegLop.reg
C:\Lop SD\S_LopV.cmd
C:\Lop SD\S_LopX.cmd
C:\Lop SD\sed.exe
C:\Lop SD\setpath.exe
C:\Lop SD\task.txt
C:\Lop SD\Uninstal.exe
C:\WINDOWS\erlg.exe
C:\WINDOWS\fmsxwqs.exe
C:\WINDOWS\system32\drivers\Windl86.sys
C:\WINDOWS\SYSTEM32\WinCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDL86
-------\Service_Windl86


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
.

2008-06-05 14:28 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-05 14:28 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-05 14:28 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-05 14:28 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-05 14:28 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-05 14:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-05 14:28 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-05 14:28 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 21:18 --------- d-----w C:\Documents and Settings\Etudiant\Application Data\Skype
2008-06-05 20:19 --------- d-----w C:\Documents and Settings\Etudiant\Application Data\skypePM
2008-06-04 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-02 22:30 --------- d-----w C:\Documents and Settings\Etudiant\Application Data\Azureus
2008-05-25 17:12 --------- d-----w C:\Documents and Settings\Etudiant\Application Data\SopCast
2008-04-21 23:21 --------- d-----w C:\Program Files\Azureus
2008-04-06 22:13 --------- d-----w C:\Program Files\SPSS
2008-04-05 21:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 20:50 --------- d-----w C:\Program Files\RogueRemover FREE
2008-04-05 18:40 --------- d-----w C:\Program Files\Sega
2008-04-05 18:35 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-05 18:29 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-05 18:29 --------- d-----w C:\Documents and Settings\Etudiant\Application Data\DAEMON Tools
2008-02-12 03:15 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

------- Sigcheck -------

2005-03-02 10:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:08 2029056 f3cd8803bd8a89c9078931cc48f102c8 C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:08 2149376 8ed15ddffb10d9865d7aafb561339c25 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-05_22.22.31.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 20:15:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 21:37:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-05 20:16:39 224,563 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-06-05 21:37:59 224,569 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 18:09 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:27 21686568]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-09 13:31 67128]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 14:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 14:16 512000]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 19:04 864256]
"TpShocks"="TpShocks.exe" [2005-11-07 11:14 106496 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 01:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 02:22 237568]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 16:14 94208]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"suScheduler"="C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 17:32 40960]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-03-23 01:10 106496]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 15:23 487424]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 05:10 122940]
"ISUSPM Startup"="c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-03-23 02:03 69632]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 13:09 409600]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 12:59 98304]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-03-09 01:13 151552]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-03-09 01:13 208896]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-09-27 04:06 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 09:00 94208]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-04 17:42 282624]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 18:54 185632]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]
"PDService.exe"="C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 13:13 49152]
"LClock"="C:\Program Files\LClock\LClock.exe" [ ]
"cssauth"="C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 18:08 1996336]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2006-04-17 13:01 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-03-23 02:03 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3772028017-4244622243-1160242127-13631\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\S-synthe\GPO\Scripts\raccourci Client Parre-feu\copy.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windl86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15504:TCP"= 15504:TCP:NortonAV
"16574:TCP"= 16574:TCP:NortonAV

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 15:58]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 12:18]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-03-09 01:13]
R2 FwcAgent;Agent du client de pare-feu;"C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe" [2005-02-10 23:43]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-12-21 17:14]
R2 PrivateDisk;PrivateDisk;C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-11-15 13:11]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2005-12-21 16:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\Auto\command - infrom.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00bbbec4-8546-11dc-ac1e-0016cf467de8}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79f0890a-8aad-11db-ab27-0016cf467de8}]
\Shell\AutoRun\command - F:\ie.exe
\Shell\explore\Command - F:\ie.exe
\Shell\open\Command - F:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8821f36e-3e28-11dc-abd0-0016cf467de8}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98b5f886-d14c-11db-ab9c-0016cf467de8}]
\Shell\AutoRun\command - G:\ie.exe
\Shell\explore\Command - G:\ie.exe
\Shell\open\Command - G:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61af672-f726-11dc-ac4d-0016cf467de8}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2d2c235-116b-11dd-ac5f-0016cf467de8}]
\Shell\AutoRun\command - H:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b91d87f8-7407-11db-ab0b-0016cf467de8}]
\Shell\AutoRun\command - F:\ie.exe
\Shell\explore\Command - F:\ie.exe
\Shell\open\Command - F:\ie.exe

*Newly Created Service* - ENTDRV51
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-05 21:39:08 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 23:37:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-05 23:44:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 21:43:58
ComboFix2.txt 2008-06-05 20:22:53

Pre-Run: 5,228,990,464 octets libres
Post-Run: 5,206,654,976 octets libres

310 --- E O F --- 2008-05-29 06:46:45


Rapport de Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:05, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = s-marimba:6560
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestion du client de Pare-feu Microsoft.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=https://www.lenovo.com/fr/fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\Software\..\Telephony: DomainName = de-pedagogie.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
0
Réponse 10 / 14
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
5 juin 2008 à 23:58
Re

Très bien , on va vérifier quelque chose, ce sera peut etre inutile, mais j'ai un doute, c'est rapide ;)

Télécharge MSNFix.zip de !aur3n7sur ton Bureau :
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
-- presse une touche pour lancer le nettoyage pûis clique sur Entrée
-- Si l'infection est détectée, exécute l'option N.
-- Sauvegarde ce rapport puis poste un copier/coller de ce rapport sur le forum, ainsi qu'un nouveau rapport HijackThis. </gras>

Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.:

Tutorial : https://www.malekal.com/supprimer-virus-desinfecter-pc/

@ suivre
0
dadoo
6 juin 2008 à 00:18
Re,

Voilà le rapport msnfix

MSNFix 1.720-1

C:\Documents and Settings\Etudiant\Bureau\MSNFix
Fix exécuté le 06/06/2008 - 0:07:27,95 By Etudiant
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé


************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\system32\IPSSVC.EXE] A7023C8436A359937C2875B00BA197B7

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Etudiant\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr



************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Aucun Fichier trouvé



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\system32\IPSSVC.EXE] A7023C8436A359937C2875B00BA197B7

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Etudiant\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 06062008_ 0140985.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------


Et Finalement le rapport Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:20:09, on 06/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = s-marimba:6560
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestion du client de Pare-feu Microsoft.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=https://www.lenovo.com/fr/fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O17 - HKLM\Software\..\Telephony: DomainName = de-pedagogie.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = de-pedagogie.local
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
0
Réponse 11 / 14
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
6 juin 2008 à 00:21
Re

Bien joué Dadoo

Commence par faire cela stp

SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Etudiant\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr

@ +
0
dadoo
6 juin 2008 à 00:30
Re,

ça y est j'ai envoyé le fichier demandé sur le site ;) Est ce qu'il y a d'autres choses à effectuer ?

Merci pour tout !!! :-)
0
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496 > dadoo
6 juin 2008 à 00:38
Re

Cool, merci pour le développeur d'MSNFix.

Regarde, t'as du taff ici :

http://www.commentcamarche.net/forum/affich 6740073 messages virus alert antivirus 2008#23

@ +
0
Réponse 12 / 14
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
6 juin 2008 à 00:29
Re

Localise C:\Qoobox clique droit et zippe le et envoie le ici stp :

https://www.bleepingcomputer.com/submit-malware.php?channel=4

Puis, une fois cela fait :

Afin de suivre la procédure correctement, je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection.

1) Télécharge et installe

-- CCleaner
https://www.ccleaner.com/ccleaner/download
Choisi de préférence la version SLIM-No Toolbar.
Installe-le en prenant soin de décocher les diverses options dont la barre Yahoo et la mise à jour.
Lance CCleaner puis Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Pour les autres paramètres, laisse-le avec ses réglages par défaut.
Ferme le programme pour l’instant.

-- Malwarebyte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
Ferme le programme pour l’instant.

2) Scan avec Malwarebyte's Anti-Malware

Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats
Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau.
Puis ferme Malwarebyte's Anti-Malware

3) Suppression de fichiers inutiles avec CCleaner

Lance CCleaner en double-cliquant sur son raccourci sur le bureau.
Puis dans le menu Nettoyeur
Clique sur Analyse (laisser travailler cela peut durer longtemps la 1ere fois)
Clique sur le bouton Lancer le nettoyage.
Clique une seconde fois sur le bouton Lancer le nettoyage puis ferme CCleaner.

4) Rapports

Poste en réponse :
* Un nouveau rapport HijackThis
* Le rapport de Malwarebyte's Anti-Malware que tu as sauvegardé sur ton Bureau.

Bon courage

@+

Tuto Malwarebyte's Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
0
Réponse 13 / 14
TImbar
29 juin 2008 à 17:57
Bonjours j'ai le meme problème -_-

j'aimerais vraiment m'en debarasser!

quelqun peux m'aider?
0
Réponse 14 / 14
Le sioux Messages postés 4894 Date d'inscription dimanche 27 mai 2007 Statut Contributeur sécurité Dernière intervention 6 mars 2023 496
29 juin 2008 à 20:02
Hello timbar

Il serait plus que préférable que tu crées ton propre sujet.
Cela rendra le poste (ici) plus compréhensible, et nous pourrons traiter ton soucis avec plus d’efficacité.
Pour t'y aider, regarde ici :
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
http://pagesperso-orange.fr/rginformatique/section%20virus/demofairesontmessage.htm

Salut.
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Facebook « Cette personne ne peut actuellement pas recevoir de message »
Cynamon -
Titia -

5 réponses
HP Battery ALERT
Gershia -
Gershia -

2 réponses