Précédent
- 1
- 2
-
Si j'aurais su, je t'aurais demandé d'utiliser ComboFix directement. DSS ne marque pas les fichiers que je voulais.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt -
je n'ai ni antivirus, ni antispyware....d'ou la galère du moment....
-
Pas grave, lance ComboFix directement alors.
-
et voila le suivant :
ComboFix 08-07-22.4 - Marie 2008-07-23 15:44:33.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.194 [GMT 2:00]
Endroit: C:\DOCUME~1\Marie\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))))))))
.
2008-07-23 15:24 . 2008-07-23 15:24 <REP> d-------- C:\Deckard
2008-07-23 15:03 . 2008-07-23 15:06 <REP> d-------- C:\Lop SD
2008-07-23 11:50 . 2008-07-23 11:50 0 --a------ C:\WINDOWS\system32\rXR6IIwv.exe.a_a
2008-07-23 09:14 . 2008-07-23 09:14 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-07-22 16:17 . 2008-07-22 16:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 16:17 . 2008-07-22 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 16:17 . 2008-07-22 16:17 <REP> d-------- C:\DOCUME~1\Marie\Application Data\Malwarebytes
2008-07-22 16:17 . 2008-07-22 16:17 <REP> d-------- C:\DOCUME~1\Marie\Application Data\Malwarebytes
2008-07-22 16:17 . 2008-07-20 19:47 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 16:17 . 2008-07-20 19:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-22 15:53 . 2008-07-22 16:05 <REP> d-------- C:\Toolbar SD
2008-07-22 15:47 . 2008-07-22 15:47 <REP> d-------- C:\Program Files\Trend Micro
2008-07-22 15:24 . 2008-07-22 18:21 <REP> d-------- C:\Program Files\Navilog1
2008-07-22 12:43 . 2008-07-23 11:50 35,842 --a------ C:\WINDOWS\system32\rXR6IIwv.exe
2008-07-20 12:46 . 2008-07-20 12:46 29,760 --a------ C:\WINDOWS\system32\y7xyJ303.exe
2008-07-20 12:46 . 2008-07-20 12:46 0 --a------ C:\WINDOWS\system32\y7xyJ303.exe.a_a
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 13:24 --------- d-----w C:\DOCUME~1\Marie\Application Data\Skype
2008-07-23 13:24 --------- d-----w C:\DOCUME~1\Marie\Application Data\Skype
2008-07-23 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-23 06:18 --------- d-----w C:\DOCUME~1\Marie\Application Data\skypePM
2008-07-23 06:18 --------- d-----w C:\DOCUME~1\Marie\Application Data\skypePM
2008-07-20 18:29 --------- d-----w C:\DOCUME~1\Marie\Application Data\XnView
2008-07-20 18:29 --------- d-----w C:\DOCUME~1\Marie\Application Data\XnView
2008-07-20 14:59 --------- d-----w C:\Program Files\TomTom HOME
2008-07-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-18 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 22:00 --------- d-----w C:\Program Files\CCleaner
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 11:06 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 18:46 761948]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 14:35 172094]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 11:59 184320]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 00:17 504080]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-05-15 17:34 3975848]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MsmqIntCert"="mqrt.dll" [2007-07-06 14:50 177152 C:\WINDOWS\system32\mqrt.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]
C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-01-18 14:25:02 581693]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-04-03 06:38:45 184320]
NETGEAR ProSafe VPN Client.lnk - C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe [2008-02-13 15:40:39 73780]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-03 22:12:59 125624]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 16:39 294400]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\VisiQuest\\bin\\win32vs7\\kexecwksp.exe"=
"C:\\WINDOWS\\system32\\CNAC6RPK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\IreIKE.exe"=
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe"= C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe"= C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe"= C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2006-02-01 12:38]
R2 Crypto;Crypto;C:\WINDOWS\system32\Drivers\Crypto.sys [2005-08-15 09:27]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 16:26]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 VQRSH;VisiQuest Remote Shell;C:\VisiQuest\bin\win32vs7\vqrshsvc.exe [2006-12-14 23:21]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b09d36-5d44-11dc-825f-001a6b13acbc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80fdc981-70bd-11dc-8285-001a6b13acbc}]
\Shell\AutoRun\command - E:\AutoRun.exe "1, , Candela"
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-10 11:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 07:00:02 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 09:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 10:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 11:00:07 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 12:00:02 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 13:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-22 14:00:05 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-22 15:00:05 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-22 16:00:02 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 17:00:01 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-21 20:00:03 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 21:00:02 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 07:17:45 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 08:00:10 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 09:00:10 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 10:00:10 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 11:00:15 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 12:38:49 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 13:00:10 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 14:00:13 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 15:00:13 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 16:00:10 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\y7xyJ303.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-StandardInstall - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.hp.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 15:47:44
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????([??0?0?9?2??`???? ??4B??????????????hB? ???([?
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-23 15:50:12
ComboFix-quarantined-files.txt 2008-07-23 13:50:08
Pre-Run: 18,974,916,608 octets libres
Post-Run: 19,044,028,416 octets libres
256 --- E O F --- 2008-07-19 22:31:25 -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
---> Télécharge le fichier CFScript et enregistre-le sur ton bureau :
http://www.zshare.net/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît (Type 1 to continue, or 2 to abort), tape 1 puis valide.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt -
voila le rapport, gspr que le glissé déplacé a fonctionné, je n'ai pas pu ouvrir l'image en fichier joint.
ComboFix 08-07-22.4 - Marie 2008-07-23 16:02:16.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.171 [GMT 2:00]
Endroit: C:\Documents and Settings\Marie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marie\Bureau\cfscript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))))))))
.
2008-07-23 15:24 . 2008-07-23 15:24 <REP> d-------- C:\Deckard
2008-07-23 15:03 . 2008-07-23 15:06 <REP> d-------- C:\Lop SD
2008-07-23 11:50 . 2008-07-23 11:50 0 --a------ C:\WINDOWS\system32\rXR6IIwv.exe.a_a
2008-07-23 09:14 . 2008-07-23 09:14 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-07-22 16:17 . 2008-07-22 16:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 16:17 . 2008-07-22 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 16:17 . 2008-07-22 16:17 <REP> d-------- C:\DOCUME~1\Marie\Application Data\Malwarebytes
2008-07-22 16:17 . 2008-07-20 19:47 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 16:17 . 2008-07-20 19:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-22 15:53 . 2008-07-22 16:05 <REP> d-------- C:\Toolbar SD
2008-07-22 15:47 . 2008-07-22 15:47 <REP> d-------- C:\Program Files\Trend Micro
2008-07-22 15:24 . 2008-07-22 18:21 <REP> d-------- C:\Program Files\Navilog1
2008-07-22 12:43 . 2008-07-23 11:50 35,842 --a------ C:\WINDOWS\system32\rXR6IIwv.exe
2008-07-20 12:46 . 2008-07-20 12:46 29,760 --a------ C:\WINDOWS\system32\y7xyJ303.exe
2008-07-20 12:46 . 2008-07-20 12:46 0 --a------ C:\WINDOWS\system32\y7xyJ303.exe.a_a
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 13:24 --------- d-----w C:\DOCUME~1\Marie\Application Data\Skype
2008-07-23 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-23 06:18 --------- d-----w C:\DOCUME~1\Marie\Application Data\skypePM
2008-07-20 18:29 --------- d-----w C:\DOCUME~1\Marie\Application Data\XnView
2008-07-20 14:59 --------- d-----w C:\Program Files\TomTom HOME
2008-07-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-18 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 22:00 --------- d-----w C:\Program Files\CCleaner
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 11:06 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 18:46 761948]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 14:35 172094]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 11:59 184320]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 00:17 504080]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-05-15 17:34 3975848]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MsmqIntCert"="mqrt.dll" [2007-07-06 14:50 177152 C:\WINDOWS\system32\mqrt.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]
C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-01-18 14:25:02 581693]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-04-03 06:38:45 184320]
NETGEAR ProSafe VPN Client.lnk - C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe [2008-02-13 15:40:39 73780]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-03 22:12:59 125624]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 16:39 294400]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\VisiQuest\\bin\\win32vs7\\kexecwksp.exe"=
"C:\\WINDOWS\\system32\\CNAC6RPK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\NETGEAR\\NETGEAR ProSafe VPN Client\\IreIKE.exe"=
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe"= C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe"= C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe"= C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2006-02-01 12:38]
R2 Crypto;Crypto;C:\WINDOWS\system32\Drivers\Crypto.sys [2005-08-15 09:27]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 16:26]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 VQRSH;VisiQuest Remote Shell;C:\VisiQuest\bin\win32vs7\vqrshsvc.exe [2006-12-14 23:21]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b09d36-5d44-11dc-825f-001a6b13acbc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80fdc981-70bd-11dc-8285-001a6b13acbc}]
\Shell\AutoRun\command - E:\AutoRun.exe "1, , Candela"
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-10 11:27:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 07:00:02 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 09:00:01 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 10:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 11:00:07 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 12:00:02 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 13:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 14:00:01 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-22 15:00:05 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-22 16:00:02 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 17:00:01 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-21 20:00:03 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 21:00:02 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 07:17:45 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 08:00:10 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 09:00:10 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 10:00:10 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 11:00:15 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 12:38:49 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-23 13:00:10 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-23 14:00:10 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 15:00:13 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 16:00:10 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-22 10:43:12 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\rXR6IIwv.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\y7xyJ303.exe
"2008-07-20 10:46:58 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\y7xyJ303.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 16:04:36
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????([??0?0?9?2??`???? ??4B??????????????hB? ???([?
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-23 16:07:14
ComboFix-quarantined-files.txt 2008-07-23 14:07:06
ComboFix2.txt 2008-07-23 13:50:13
Pre-Run: 19,175,493,632 octets libres
Post-Run: 19,164,704,768 octets libres
238 --- E O F --- 2008-07-19 22:31:25 -
Bizarre donc :
---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
---> Enregistre le fichier sur le Bureau.
---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.
---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved.
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\system32\rXR6IIwv.exe
C:\WINDOWS\system32\y7xyJ303.exe
---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.
Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.
---> Poste un nouveau rapport HijackThis -
Dans un premier temps le rapport du moveit:
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At25.job moved successfully.
C:\WINDOWS\Tasks\At26.job moved successfully.
C:\WINDOWS\Tasks\At27.job moved successfully.
C:\WINDOWS\Tasks\At28.job moved successfully.
C:\WINDOWS\Tasks\At29.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At30.job moved successfully.
C:\WINDOWS\Tasks\At31.job moved successfully.
C:\WINDOWS\Tasks\At32.job moved successfully.
C:\WINDOWS\Tasks\At33.job moved successfully.
C:\WINDOWS\Tasks\At34.job moved successfully.
C:\WINDOWS\Tasks\At35.job moved successfully.
C:\WINDOWS\Tasks\At36.job moved successfully.
C:\WINDOWS\Tasks\At37.job moved successfully.
C:\WINDOWS\Tasks\At38.job moved successfully.
C:\WINDOWS\Tasks\At39.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At40.job moved successfully.
C:\WINDOWS\Tasks\At41.job moved successfully.
C:\WINDOWS\Tasks\At42.job moved successfully.
C:\WINDOWS\Tasks\At43.job moved successfully.
C:\WINDOWS\Tasks\At44.job moved successfully.
C:\WINDOWS\Tasks\At45.job moved successfully.
C:\WINDOWS\Tasks\At46.job moved successfully.
C:\WINDOWS\Tasks\At47.job moved successfully.
C:\WINDOWS\Tasks\At48.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
C:\WINDOWS\system32\rXR6IIwv.exe moved successfully.
C:\WINDOWS\system32\y7xyJ303.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07232008_162352
je lance le hijackthis et la suite vient -
et voila pr hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:08, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\CNAC6RPK.EXE
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rXR6IIwv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Marie\Bureau\OTMoveIt2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 192.1.1.1 FS-2003
O1 - Hosts: 192.1.1.1 FS-2003.domaine.local
O1 - Hosts: 192.1.1.1 domaine.local
O1 - Hosts: 192.1.1.1 domaine
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-4082547298-3723368075-1733769981-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: NETGEAR ProSafe VPN Client.lnk = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Domaine.local
O17 - HKLM\Software\..\Telephony: DomainName = Domaine.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Domaine.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Domaine.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: VisiQuest Remote Shell (VQRSH) - Unknown owner - C:\VisiQuest\bin\win32vs7\vqrshsvc.exe
-
Sur ton PC, tu as eTrust Antivirus.
---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp
---> Mets à jour Internet Explorer :
https://support.microsoft.com/fr-fr/allproducts -
voila qui est fait.... autre chose ? ou ça devrait etre bon?
-
Pourquoi tu as dit que tu n'avais pas d'antivirus ?
-
parce que je ne savais pas que j'en avais un... c'est mon pc de société et je ne le connais pas entièrement...
ca pose un pb? -
"c'est mon pc de société"
---> C'est bien ce que je me disais. -
-
---> Relance HijackThis et choisis Do a system scan only
---> Coche les cases qui sont devant les lignes suivantes :
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-4082547298-3723368075-1733769981-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Redémarre ton PC et poste un dernier rapport HijackThis
Précédent
- 1
- 2