virus downloader

Bonjour,

L'emplacement ?

windows\system32\

merci pour l'aide

Nom et extension du fichier ?

moi j'ai le même pb. pour un fichier dans system32 qui se nomme :
__c007703E.dat
voilà voilà

C'est du Vundo  

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

voilà un copier coller du rapport :

ComboFix 07-11-08.1 - DIgnatio 2007-11-12 17:04:56.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.394 [GMT 1:00]
Running from: C:\Documents and Settings\DIgnatio\Bureau\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\DIgnatio\Favoris\Online Security Guide.lnk
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
C:\WINDOWS\system32\__c007703E.dat
C:\WINDOWS\system32\tbxtidov.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-12 17:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 14:45 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Grisoft
2007-11-12 14:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-12 14:43 <REP> d-------- C:\Program Files\CCleaner
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\1-op\Application Data\Intel
2007-11-12 12:22 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-12 12:22 21,361 --a------ C:\WINDOWS\AegisP.sys
2007-11-12 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-11-12 12:21 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2007-11-12 12:21 2,236,032 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2007-11-12 12:21 745,472 --a------ C:\WINDOWS\system32\NETw4c32.dll
2007-11-12 09:38 <REP> d-------- C:\SWSetup
2007-11-12 09:35 <REP> d-------- C:\Intel
2007-11-09 12:07 266 --a------ C:\Documents and Settings\1-op\Application Data\config.dat
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\Voisinage r‚seau
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\Voisinage d'impression
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\ModŠles
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Mes documents
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Menu D‚marrer
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Favoris
2007-11-09 12:02 <REP> d-------- C:\Documents and Settings\1-op\Bureau
2007-11-09 12:02 <REP> d-------- C:\Documents and Settings\1-op\Application Data\Infineon
2007-11-09 09:44 237 --a------ C:\vpwaf.dat
2007-11-07 12:59 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-05 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-05 21:02 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Lavasoft
2007-11-05 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-05 18:32 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\GrabIt
2007-11-05 17:03 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Ahead
2007-10-30 11:01 251,402 ---hs---- C:\WINDOWS\system32\pqtss.bak2
2007-10-29 09:53 <REP> d-------- C:\WINDOWS\pss
2007-10-28 11:36 243,527 ---hs---- C:\WINDOWS\system32\pqtss.bak1
2007-10-28 11:30 0 --a------ C:\WINDOWS\system32\27031_mssql.exe
2007-10-22 10:42 <REP> d---s---- C:\Documents and Settings\DIgnatio\UserData
2007-10-18 09:34 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-10-18 09:34 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-10-18 09:34 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-10-18 09:33 <REP> d-------- C:\Program Files\SkyRecon

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 11:21 --------- d-----w C:\Program Files\Intel
2007-11-12 10:35 --------- d-----w C:\Program Files\DominoForOutlook
2007-11-12 10:24 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\SolidDocuments
2007-11-05 19:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 10:30 359,808 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-18 12:53 368 ----a-w C:\WINDOWS\system32\drivers\thor_old.srn
2007-10-18 12:53 168 ----a-w C:\WINDOWS\system32\drivers\stateful_old.srn
2007-10-10 08:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-09 19:39 --------- d-----w C:\Program Files\Fichiers communs\Intel
2007-10-04 08:54 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2007-10-04 08:54 --------- d-----w C:\Program Files\Cisco Systems
2007-10-04 08:54 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Cisco
2007-10-04 08:29 --------- d-----w C:\Program Files\SolidDocuments
2007-10-04 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidDocuments
2007-10-04 08:23 --------- d-----w C:\Program Files\FreshDevices
2007-10-04 08:20 --------- d-----w C:\Program Files\PDFCreator
2007-10-04 08:12 --------- d-----w C:\Program Files\Observer
2007-10-04 08:10 --------- d-----w C:\Program Files\Ethereal
2007-10-04 07:58 --------- d-----w C:\Program Files\Ekahau
2007-10-04 07:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-04 06:25 --------- d-----w C:\Program Files\Canon
2007-10-04 06:24 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-04 06:23 --------- d--h--w C:\Program Files\CanonBJ
2007-09-19 07:35 --------- d-----w C:\Program Files\Lexmark_HostCD
2007-09-13 13:10 --------- d-----w C:\Program Files\MSN Messenger
2007-09-13 08:09 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Talkback
2007-09-12 15:19 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-12 15:15 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-12 13:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sonic
2007-09-12 13:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-09-12 12:06 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Infineon
2007-09-12 12:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Infineon
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52E8755C-7538-45B6-A050-01DBE389F30A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58472AB6-A02B-49ED-A170-2BE115018BE9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [2003-04-29 12:48]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 11:30]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 14:39]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 09:49]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-06-08 13:02]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 13:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvtsr]
cbxvtsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
DeviceNP.dll 2006-01-12 13:05 49152 C:\WINDOWS\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-03 14:08 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tbxtidov]
tbxtidov.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli AsWlnPkg

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys
R2 ASChannel;Canal de communication local;C:\WINDOWS\System32\svchost.exe -k Cognizance
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;C:\WINDOWS\system32\DRIVERS\CdpPacket.sys
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\ekauio.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 Cpmt;Cisco Media Termination;C:\WINDOWS\system32\Drivers\Cpmt.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
S0 odin;system32\odin-sys.sra;C:\WINDOWS\system32\odin-sys.sra
S0 thor2;C:\WINDOWS\system32\drivers\thor2.sra;C:\WINDOWS\system32\drivers\thor2.sra
S2 ASBroker;Courtier de session de connexion;C:\WINDOWS\System32\svchost.exe -k Cognizance
S2 Microsoft Windows SMTH Control;Microsoft Windows SMTH Control;"C:\WINDOWS\system32\dllcache\winsmth.exe"
S2 StormShield Agent;StormShield Agent;"C:\Program Files\SkyRecon\StormShield Agent\SRService.exe"
S3 EClient;EClient;C:\Program Files\Ekahau\Client\bin\Eclient.exe
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\WINDOWS\system32\flcdlock.exe
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
S3 WPRO_40_901;WinPcap Packet Driver (WPRO_40_901);C:\WINDOWS\system32\drivers\WPRO_40_901.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1a374c6-7d4e-11dc-8299-00170843cca4}]
\Shell\AutoRun\command - F:\muisetup.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 17:09:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 17:11:51 - machine was rebooted
.
--- E O F ---

Re,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

le voilà :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18, on 2007-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\DIgnatio\LOCALS~1\Temp\Rar$EX00.859\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safir/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://safir/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nsproxy.ares.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = safir;*.lyon.ares.ssii;intra*;10.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {52E8755C-7538-45B6-A050-01DBE389F30A} - (no file)
O2 - BHO: (no name) - {58472AB6-A02B-49ED-A170-2BE115018BE9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [7Y19C2X74Z] C:\WINDOWS\syss_.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://safir/default.aspx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O17 - HKLM\Software\..\Telephony: DomainName = lyon.ares.ssii
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O20 - Winlogon Notify: cbxvtsr - cbxvtsr.dll (file missing)
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: tbxtidov - tbxtidov.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EClient - Ekahau, Inc. - C:\Program Files\Ekahau\Client\bin\Eclient.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Microsoft Windows SMTH Control - Unknown owner - C:\WINDOWS\system32\dllcache\winsmth.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: StormShield Agent - Unknown owner - C:\Program Files\SkyRecon\StormShield Agent\SRService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10177 bytes

Refais un scan Combofix.

le voilà :

ComboFix 07-11-08.1 - DIgnatio 2007-11-12 17:50:08.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.317 [GMT 1:00]
Running from: C:\Documents and Settings\DIgnatio\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-12 17:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 14:45 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Grisoft
2007-11-12 14:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-12 14:43 <REP> d-------- C:\Program Files\CCleaner
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\1-op\Application Data\Intel
2007-11-12 12:22 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-12 12:22 21,361 --a------ C:\WINDOWS\AegisP.sys
2007-11-12 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-11-12 12:21 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2007-11-12 12:21 2,236,032 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2007-11-12 12:21 745,472 --a------ C:\WINDOWS\system32\NETw4c32.dll
2007-11-12 09:38 <REP> d-------- C:\SWSetup
2007-11-12 09:35 <REP> d-------- C:\Intel
2007-11-09 12:07 266 --a------ C:\Documents and Settings\1-op\Application Data\config.dat
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\Voisinage réseau
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\Voisinage d'impression
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\Modèles
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Mes documents
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Menu Démarrer
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Favoris
2007-11-09 12:02 <REP> d-------- C:\Documents and Settings\1-op\Bureau
2007-11-09 12:02 <REP> d-------- C:\Documents and Settings\1-op\Application Data\Infineon
2007-11-09 09:44 237 --a------ C:\vpwaf.dat
2007-11-07 12:59 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-05 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-05 21:02 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Lavasoft
2007-11-05 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-05 18:32 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\GrabIt
2007-11-05 17:03 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Ahead
2007-10-30 11:01 251,402 ---hs---- C:\WINDOWS\system32\pqtss.bak2
2007-10-29 09:53 <REP> d-------- C:\WINDOWS\pss
2007-10-28 11:36 243,527 ---hs---- C:\WINDOWS\system32\pqtss.bak1
2007-10-28 11:30 0 --a------ C:\WINDOWS\system32\27031_mssql.exe
2007-10-22 10:42 <REP> d---s---- C:\Documents and Settings\DIgnatio\UserData
2007-10-18 09:34 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-10-18 09:34 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-10-18 09:34 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-10-18 09:33 <REP> d-------- C:\Program Files\SkyRecon

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 11:22 376,832 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-11-12 11:21 --------- d-----w C:\Program Files\Intel
2007-11-12 10:35 --------- d-----w C:\Program Files\DominoForOutlook
2007-11-12 10:24 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\SolidDocuments
2007-11-08 16:15 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SolidDocuments
2007-11-05 19:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 10:30 359,808 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-18 12:53 368 ----a-w C:\WINDOWS\system32\drivers\thor_old.srn
2007-10-18 12:53 168 ----a-w C:\WINDOWS\system32\drivers\stateful_old.srn
2007-10-10 08:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-09 19:39 --------- d-----w C:\Program Files\Fichiers communs\Intel
2007-10-08 13:11 294,912 ----a-w C:\WINDOWS\system32\IWPDGINA.dll
2007-10-08 13:11 208,896 ----a-w C:\WINDOWS\system32\NetProvCredMan.dll
2007-10-04 08:54 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2007-10-04 08:54 --------- d-----w C:\Program Files\Cisco Systems
2007-10-04 08:54 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Cisco
2007-10-04 08:29 --------- d-----w C:\Program Files\SolidDocuments
2007-10-04 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidDocuments
2007-10-04 08:23 --------- d-----w C:\Program Files\FreshDevices
2007-10-04 08:20 --------- d-----w C:\Program Files\PDFCreator
2007-10-04 08:12 --------- d-----w C:\Program Files\Observer
2007-10-04 08:10 --------- d-----w C:\Program Files\Ethereal
2007-10-04 07:58 --------- d-----w C:\Program Files\Ekahau
2007-10-04 07:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-04 06:25 --------- d-----w C:\Program Files\Canon
2007-10-04 06:24 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-04 06:23 --------- d--h--w C:\Program Files\CanonBJ
2007-09-19 07:35 --------- d-----w C:\Program Files\Lexmark_HostCD
2007-09-13 13:10 --------- d-----w C:\Program Files\MSN Messenger
2007-09-13 08:09 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Talkback
2007-09-12 15:19 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-12 15:15 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-12 13:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sonic
2007-09-12 13:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-09-12 12:06 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Infineon
2007-09-12 12:06 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Infineon
2007-09-12 12:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Infineon
2007-08-27 10:09 14,848 ----a-w C:\WINDOWS\system32\s24NCfg.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-12_17.10.37.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-12 15:16:21 74,898 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-12 16:13:45 74,898 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-12 15:16:21 90,718 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-11-12 16:13:45 90,718 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-11-12 15:16:21 448,660 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-12 16:13:45 448,660 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-12 15:16:21 519,364 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-11-12 16:13:45 519,364 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52E8755C-7538-45B6-A050-01DBE389F30A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58472AB6-A02B-49ED-A170-2BE115018BE9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [2003-04-29 12:48]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 11:30]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 14:39]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 09:49]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-06-08 13:02]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 13:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-02-27 16:02:06]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvtsr]
cbxvtsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
DeviceNP.dll 2006-01-12 13:05 49152 C:\WINDOWS\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-03 14:08 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tbxtidov]
tbxtidov.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli AsWlnPkg


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1a374c6-7d4e-11dc-8299-00170843cca4}]
\Shell\AutoRun\command - F:\muisetup.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 17:51:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 17:51:59
C:\ComboFix2.txt ... 2007-11-12 17:11
.
--- E O F ---

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

voici le rapport de combofix :

ComboFix 07-11-08.1 - DIgnatio 2007-11-12 19:32:32.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.329 [GMT 1:00]
Running from: C:\Documents and Settings\DIgnatio\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\DIgnatio\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\27031_mssql.exe
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\27031_mssql.exe
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-12 17:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 14:45 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Grisoft
2007-11-12 14:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-12 14:43 <REP> d-------- C:\Program Files\CCleaner
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2007-11-12 12:22 <REP> d-------- C:\Documents and Settings\1-op\Application Data\Intel
2007-11-12 12:22 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-12 12:22 21,361 --a------ C:\WINDOWS\AegisP.sys
2007-11-12 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-11-12 12:21 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2007-11-12 12:21 2,236,032 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2007-11-12 12:21 745,472 --a------ C:\WINDOWS\system32\NETw4c32.dll
2007-11-12 09:38 <REP> d-------- C:\SWSetup
2007-11-12 09:35 <REP> d-------- C:\Intel
2007-11-09 12:07 266 --a------ C:\Documents and Settings\1-op\Application Data\config.dat
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\Voisinage réseau
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\Voisinage d'impression
2007-11-09 12:02 <REP> d--h----- C:\Documents and Settings\1-op\Modèles
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Mes documents
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Menu Démarrer
2007-11-09 12:02 <REP> dr------- C:\Documents and Settings\1-op\Favoris
2007-11-09 12:02 <REP> d-------- C:\Documents and Settings\1-op\Bureau
2007-11-09 12:02 <REP> d-------- C:\Documents and Settings\1-op\Application Data\Infineon
2007-11-09 09:44 237 --a------ C:\vpwaf.dat
2007-11-07 12:59 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-05 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-05 21:02 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Lavasoft
2007-11-05 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-05 18:32 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\GrabIt
2007-11-05 17:03 <REP> d-------- C:\Documents and Settings\DIgnatio\Application Data\Ahead
2007-10-29 09:53 <REP> d-------- C:\WINDOWS\pss
2007-10-22 10:42 <REP> d---s---- C:\Documents and Settings\DIgnatio\UserData
2007-10-18 09:34 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-10-18 09:34 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-10-18 09:34 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-10-18 09:33 <REP> d-------- C:\Program Files\SkyRecon

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 11:22 376,832 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-11-12 11:21 --------- d-----w C:\Program Files\Intel
2007-11-12 10:35 --------- d-----w C:\Program Files\DominoForOutlook
2007-11-12 10:24 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\SolidDocuments
2007-11-08 16:15 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SolidDocuments
2007-11-05 19:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 10:30 359,808 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-18 12:53 368 ----a-w C:\WINDOWS\system32\drivers\thor_old.srn
2007-10-18 12:53 168 ----a-w C:\WINDOWS\system32\drivers\stateful_old.srn
2007-10-10 08:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-09 19:39 --------- d-----w C:\Program Files\Fichiers communs\Intel
2007-10-08 13:11 294,912 ----a-w C:\WINDOWS\system32\IWPDGINA.dll
2007-10-08 13:11 208,896 ----a-w C:\WINDOWS\system32\NetProvCredMan.dll
2007-10-04 08:54 --------- d-----w C:\Program Files\Fichiers communs\Cisco Systems
2007-10-04 08:54 --------- d-----w C:\Program Files\Cisco Systems
2007-10-04 08:54 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Cisco
2007-10-04 08:29 --------- d-----w C:\Program Files\SolidDocuments
2007-10-04 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidDocuments
2007-10-04 08:23 --------- d-----w C:\Program Files\FreshDevices
2007-10-04 08:20 --------- d-----w C:\Program Files\PDFCreator
2007-10-04 08:12 --------- d-----w C:\Program Files\Observer
2007-10-04 08:10 --------- d-----w C:\Program Files\Ethereal
2007-10-04 07:58 --------- d-----w C:\Program Files\Ekahau
2007-10-04 07:55 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-04 06:25 --------- d-----w C:\Program Files\Canon
2007-10-04 06:24 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-04 06:23 --------- d--h--w C:\Program Files\CanonBJ
2007-09-19 07:35 --------- d-----w C:\Program Files\Lexmark_HostCD
2007-09-13 13:10 --------- d-----w C:\Program Files\MSN Messenger
2007-09-13 08:09 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Talkback
2007-09-12 15:19 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-12 15:15 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-12 13:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sonic
2007-09-12 13:31 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-09-12 12:06 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Infineon
2007-09-12 12:06 --------- d-----w C:\Documents and Settings\DIgnatio\Application Data\Infineon
2007-09-12 12:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Infineon
2007-08-27 10:09 14,848 ----a-w C:\WINDOWS\system32\s24NCfg.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-12_17.10.37.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-12 15:16:21 74,898 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-12 16:13:45 74,898 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-12 15:16:21 90,718 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-11-12 16:13:45 90,718 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-11-12 15:16:21 448,660 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-12 16:13:45 448,660 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-12 15:16:21 519,364 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-11-12 16:13:45 519,364 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [2003-04-29 12:48]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 11:30]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 14:39]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 09:49]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-06-08 13:02]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 13:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-02-27 16:02:06]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
DeviceNP.dll 2006-01-12 13:05 49152 C:\WINDOWS\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-03 14:08 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli AsWlnPkg

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys
R2 ASChannel;Canal de communication local;C:\WINDOWS\System32\svchost.exe -k Cognizance
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;C:\WINDOWS\system32\DRIVERS\CdpPacket.sys
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\ekauio.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 Cpmt;Cisco Media Termination;C:\WINDOWS\system32\Drivers\Cpmt.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
S0 odin;system32\odin-sys.sra;C:\WINDOWS\system32\odin-sys.sra
S0 thor2;C:\WINDOWS\system32\drivers\thor2.sra;C:\WINDOWS\system32\drivers\thor2.sra
S2 ASBroker;Courtier de session de connexion;C:\WINDOWS\System32\svchost.exe -k Cognizance
S2 Microsoft Windows SMTH Control;Microsoft Windows SMTH Control;"C:\WINDOWS\system32\dllcache\winsmth.exe"
S2 StormShield Agent;StormShield Agent;"C:\Program Files\SkyRecon\StormShield Agent\SRService.exe"
S3 EClient;EClient;C:\Program Files\Ekahau\Client\bin\Eclient.exe
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\WINDOWS\system32\flcdlock.exe
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
S3 WPRO_40_901;WinPcap Packet Driver (WPRO_40_901);C:\WINDOWS\system32\drivers\WPRO_40_901.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1a374c6-7d4e-11dc-8299-00170843cca4}]
\Shell\AutoRun\command - F:\muisetup.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 19:33:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 19:34:23
C:\ComboFix2.txt ... 2007-11-12 17:52
C:\ComboFix3.txt ... 2007-11-12 17:11
.
--- E O F ---


et le rapport de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34, on 2007-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DIgnatio\LOCALS~1\Temp\Rar$EX00.734\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safir/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://safir/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nsproxy.ares.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = safir;*.lyon.ares.ssii;intra*;10.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [7Y19C2X74Z] C:\WINDOWS\syss_.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://safir/default.aspx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O17 - HKLM\Software\..\Telephony: DomainName = lyon.ares.ssii
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = lyon.ares.ssii
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EClient - Ekahau, Inc. - C:\Program Files\Ekahau\Client\bin\Eclient.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Microsoft Windows SMTH Control - Unknown owner - C:\WINDOWS\system32\dllcache\winsmth.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: StormShield Agent - Unknown owner - C:\Program Files\SkyRecon\StormShield Agent\SRService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10037 bytes

C'est mieux déjà ?

Supprime :
C:\WINDOWS\syss_.exe

OUi ça va mieux déjà je te remercie !
par contre je n'ai pas le fichier syss_.exe... est-ce normal ?

cdlt

[#e2001c]

salut
je n'arrive plus a telecharger, donc impossible de telecharger le lien que tu ma donner

comment faire.

zouille, je viens de remarquer que tu squattes le sujet !
Crée ton propre sujet.
--
Tu n'arrives pas à télécharger quoi ?

salut,

sur un autre forum, j'avais vu une personne qui avais le meme probleme que moi, tu lui avais dit de telecharger le fichier vundo exe mais je ne peut plus telecharger aucun fichier ( jeux, logiciel ...)

Bien ton domain ?

Dsl mais ca quoi mon domain?

Je suis trop nulle en informatique.

Au niveau internet, le nom du réseau.

j'ai orange, mon ordi a windows XP,

Es ce que si je reformate mon PC mon virus partira?

merci de ta patience.

Mais tu n'as apparemment plus de virus.
Refais un scan Combofix.

si je l'ai tjs, c zouille qui etait venu sur theme est qui a fait le scan

J'ai demandé qq chose  

mais moi aussi, je voudrai savoir si je reformate mon ordi le virus part.
c tout. comme je fait le scan machin

Fais d'abord le scan