Plus de 3G suite smartantivirus2009

Fermé
pasktulu - 9 sept. 2008 à 23:52
 pasktulu - 10 sept. 2008 à 08:55
Bonjour,
Un casse-tête pour moi, qui j'éspère peut être un jeu d'enfant pour certains (je l'éspère...).

J'ai contracté smartantivirus2009 sur mon PC portable , après avoir parcouru différents forums, je fini par executer malwarebyte qui supprime tous les symptômes de smartantivirus, seul problème je ne peux plus me connecté au net via ma clé USB 3G ( avec VMC Lite ). Par routeur et wifi, c'est ok.
J'ai éssayé de desinstaller et de re-installer le soft VMC lite : rien y fait. quand je branche la clé il y a bien deuxs bip de reconnaissance puis deux autres de deconnection et enfin trois autres brefs (ces 3 derniers ne me semble pas catholique...).
Je pense que malwarebyte a supprimer un fichier ou une donnée utile à la connection, mais lequel ( je les ai conservé en quarantaine et j'ai la liste dispo ).
D'avance merci

4 réponses

Utilisateur anonyme
10 sept. 2008 à 00:48
Bonsoir,
On va d'abord vérifier l'intégrité du système.

Commence par poster un rapport HijackThis stp,
>Télécharge HiJackThis : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
- Lance le programme, puis sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie, par copier/coller, ton log Hijackthis sur le forum,


A+

Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
0
bonsoir,

Voici le compte rendu :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:14:33, on 10/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Prog\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\DSentry.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://teamnt/edc/survey/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*.biomerieux.fr;livelink.biomerieux.com;*.btl.akzonobel.nl;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Prog\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentry.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"
O4 - HKLM\..\Run: [VodafoneVMCLiteLauncher] C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ISUSPM] "D:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [Ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: jukebox_pc_v1.lnk = D:\Documents and Settings\boucharp\Mes documents\Personnel\Video\xtreme video\jukebox_pc_v1_3.exe
O4 - User Startup: jukebox_pc_v1.lnk = D:\Documents and Settings\boucharp\Mes documents\Personnel\Video\xtreme video\jukebox_pc_v1_3.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NewShortcut1.lnk = C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = biomerieux.fr
O17 - HKLM\Software\..\Telephony: DomainName = biomerieux.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = biomerieux.fr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = biomerieux.fr
O18 - Protocol: bw+0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C24A3031-45E1-415E-A54F-52E34D2ECA76} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: vxkttp.dll
O21 - SSODL: mgxfebsq - {3E1482B7-1F6D-42E3-9589-2C4FDEAEC440} - C:\WINDOWS\mgxfebsq.dll (file missing)
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
0
Utilisateur anonyme
10 sept. 2008 à 01:43
Re,
puisque tu as réinstallé tes programme de ta clé USB 3G elle devrait refonctionner....normalement.. MalwaresByte's ne devrait pas avoir supprimer des fichiers sains.... ça m'étonnerai...

Enfin,
Bon, j'aimerai en savoir plus stp.

> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
PS2 : Il peut s'avérer que le rapport Combofix soit trop long pour être supporter par CCM.net. Dans ce cas utilise ce service http://www.cijoint.fr pour me l'envoyer (dépose le fichier puis poste le lien sur le forum).


Bon courage.


A+
0
Bonjour,
Comme tu me l'as demandé, voici le rapport suite au scan de combofix:

ComboFix 08-09-05.14 - boucharp 2008-09-10 8:42:42.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.177 [GMT 2:00]
Endroit: D:\Documents and Settings\boucharp.EXSE8029\Mes documents\Personnel\LOGICIELS\combofix\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\wgiprtvd.ini
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
D:\Documents and Settings\boucharp.EXSE8029\Cookies\boucharp@www.pixmania[1].txt

----- BITS: Possible sites infectés -----

http://wsusworkstation.fr.euro.biomerieux.net
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))))))))
.

2008-09-10 00:14 . 2008-09-10 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-09-09 23:02 . 2008-09-09 23:02 <REP> d-------- C:\Program Files\Vodafone(2)(2)
2008-09-09 22:39 . 2008-09-09 22:39 <REP> d-------- C:\Program Files\Vodafone
2008-09-08 22:08 . 2008-09-08 22:08 <REP> d-------- D:\Documents and Settings\boucharp.EXSE8029\Application Data\Malwarebytes
2008-09-08 22:07 . 2008-09-08 22:07 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-08 22:07 . 2008-09-08 22:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 22:07 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-08 22:07 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-08 01:06 . 2008-09-08 01:30 <REP> d-------- C:\GuitarPro5 Tabs
2008-09-07 22:53 . 2008-09-07 22:53 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-09-03 22:32 . 2008-09-03 23:21 <REP> d-------- D:\Documents and Settings\boucharp.EXSE8029\Application Data\dvdcss

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 06:41 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-09-09 23:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 19:08 --------- d-----w C:\Program Files\IP VPN Remote Services
2008-08-04 16:26 --------- d-----w D:\Documents and Settings\boucharp.EXSE8029\Application Data\ICAClient
2008-08-04 15:48 --------- d-----w D:\Documents and Settings\boucharp.EXSE8029\Application Data\AdobeUM
2008-08-04 10:04 --------- d-----w D:\Documents and Settings\boucharp.EXSE8029\Application Data\vlc
2008-08-04 09:34 --------- d-----w D:\Documents and Settings\boucharp.EXSE8029\Application Data\Macrovision
2008-08-04 09:30 --------- d-----w D:\Documents and Settings\boucharp.EXSE8029\Application Data\InterVideo
2006-03-23 19:57 172 -c--a-w D:\Documents and Settings\All Users\Application Data\puk.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-03 36864]
"ISUSPM"="D:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [2007-10-17 131072]
"Ub4TrayApp"="C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" [2004-10-21 1381376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2004-09-02 20480]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2004-09-02 24576]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2004-09-02 45106]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2004-09-02 20530]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-03-21 487696]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [2004-09-02 40960]
"AdaptecDirectCD"="C:\Prog\Easy CD Creator 5\DirectCD\DirectCD.exe" [2005-06-22 684032]
"DVDSentry"="C:\WINDOWS\system32\DSentry.exe" [2003-02-06 28672]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"AccessManager"="C:\Program Files\AccessManager\Client\AccessMgr.exe" [2004-08-05 786432]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-29 290816]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 473928]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus C48 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE" [2005-05-16 99840]
"VodafoneVMCLiteLauncher"="C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe" [2007-10-17 102400]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
"AtiPTA"="atiptaxx.exe" [2005-11-23 C:\WINDOWS\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
NewShortcut1.lnk - C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe [2007-10-17 102400]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vxkttp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]]
"Script"=C:\Prog\Bat\Ext.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"42508:UDP"= 42508:UDP:Innoculate (42508/UDP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)
"RemoteAddresses"= LocalSubnet

R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.205\ATI Tray Tools\atitray.sys [2005-12-24 10496]
R2 AMBroker;Access Manager Configuration Service;C:\Program Files\AccessManager\Client\AMBroker.exe [2004-08-05 77824]
R2 Sygman;SSA Integration Manager;C:\Program Files\AccessManager\Client\sygman.exe [2004-08-05 126976]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2002-10-11 9049]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-10-11 115008]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-10-11 115008]
S3 DAPlugin;Visual Insight DA Plugin;C:\Program Files\AccessManager\Client\DAPlugin.exe [2004-08-05 81920]
S3 ExtranetAccess;Contivity VPN Service;C:\Program Files\IP VPN Remote Services\Extranet_serv.exe [2002-10-11 626688]
S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
S3 sp_spi_da;Visual Insight Dial Analysis;C:\Program Files\AccessManager\SMOC\spi_da.exe [2003-04-17 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9e37921-2c2d-11dd-98f1-444553544200}]
\Shell\AutoRun\command - I:\starter.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

SSODL-mgxfebsq-{3E1482B7-1F6D-42E3-9589-2C4FDEAEC440} - C:\WINDOWS\mgxfebsq.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://teamnt/edc/survey/
R1 -: HKCU-Internet Settings,ProxyServer = proxy:8080
R1 -: HKCU-Internet Settings,ProxyOverride = 10.*.*.*;*.biomerieux.fr;livelink.biomerieux.com;*.btl.akzonobel.nl;<local>
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 08:44:49
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-10 8:47:52
ComboFix-quarantined-files.txt 2008-09-10 06:47:49

Pre-Run: 7,465,287,680 octets libres
Post-Run: 7,466,086,400 octets libres

149

D'avance merci pour ton aide et bonne journée
0